Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-24	CVE-2020-24364	Injection vulnerability in Ethz Minetime MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. network low complexity ethz CWE-74	8.8
2020-08-21	CVE-2020-15147	Injection vulnerability in Cogboard RED Discord BOT Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. network high complexity cogboard CWE-74	8.5
2020-08-21	CVE-2020-15140	Injection vulnerability in Cogboard RED Discord BOT In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. network low complexity cogboard CWE-74 critical	9.6
2020-08-14	CVE-2020-15693	Injection vulnerability in Nim-Lang NIM In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. network low complexity nim-lang CWE-74	6.5
2020-08-13	CVE-2020-16087	Injection vulnerability in VNG Zalo Desktop 19.8.1.0 An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. local low complexity vng CWE-74	8.6
2020-08-12	CVE-2020-17496	Injection vulnerability in Vbulletin vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. network low complexity vbulletin CWE-74 critical	9.8
2020-08-05	CVE-2020-16254	Injection vulnerability in Chartkick Project Chartkick The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute). network low complexity chartkick-project CWE-74	6.1
2020-07-29	CVE-2017-18923	Injection vulnerability in Beronet Voice Over Internet Protocol Gateways Firmware beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials. network low complexity beronet CWE-74	7.5
2020-07-27	CVE-2020-7695	Injection vulnerability in Encode Uvicorn Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. network low complexity encode CWE-74	5.3
2020-07-27	CVE-2020-15953	Injection vulnerability in multiple products LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. network high complexity libetpan-project libmailcore fedoraproject debian CWE-74	7.4