Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-14	CVE-2020-15693	Injection vulnerability in Nim-Lang NIM In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. network low complexity nim-lang CWE-74	6.5
2020-08-13	CVE-2020-16087	Injection vulnerability in VNG Zalo Desktop 19.8.1.0 An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. local low complexity vng CWE-74	8.6
2020-08-12	CVE-2020-17496	Injection vulnerability in Vbulletin vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. network low complexity vbulletin CWE-74 critical	9.8
2020-08-05	CVE-2020-16254	Injection vulnerability in Chartkick Project Chartkick The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute). network low complexity chartkick-project CWE-74	6.1
2020-07-29	CVE-2017-18923	Injection vulnerability in Beronet Voice Over Internet Protocol Gateways Firmware beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials. network low complexity beronet CWE-74	7.5
2020-07-27	CVE-2020-7695	Injection vulnerability in Encode Uvicorn Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. network low complexity encode CWE-74	5.3
2020-07-27	CVE-2020-15953	Injection vulnerability in multiple products LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. network high complexity libetpan-project libmailcore fedoraproject debian CWE-74	7.4
2020-07-20	CVE-2020-15111	Injection vulnerability in Gofiber Fiber In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://docs.gofiber.io/ctx#attachment) is not escaped, and therefore vulnerable for a CRLF injection attack. network low complexity gofiber CWE-74	5.4
2020-07-17	CVE-2020-14928	Injection vulnerability in multiple products evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. network high complexity gnome debian fedoraproject canonical CWE-74	5.9
2020-07-15	CVE-2020-14505	Injection vulnerability in Advantech Iview 5.6 Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. network low complexity advantech CWE-74 critical	9.8