Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2020-28246 Injection vulnerability in Form Form.Io 2.0.0
A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0.
network
low complexity
form CWE-74
critical
9.8
2022-05-11 CVE-2022-22975 Injection vulnerability in VMWare Pinniped
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources.
network
high complexity
vmware CWE-74
6.6
2022-05-05 CVE-2022-29166 Injection vulnerability in Matrix IRC Bridge
matrix-appservice-irc is a Node.js IRC bridge for Matrix.
network
low complexity
matrix CWE-74
8.8
2022-04-15 CVE-2022-28345 Injection vulnerability in Signal
The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection.
network
low complexity
signal CWE-74
7.5
2022-04-11 CVE-2022-24838 Injection vulnerability in Nextcloud Calendar
Nextcloud Calendar is a calendar application for the nextcloud framework.
network
low complexity
nextcloud CWE-74
critical
9.8
2022-04-11 CVE-2021-22055 Injection vulnerability in VMWare Photon OS
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter.
network
low complexity
vmware CWE-74
5.3
2022-04-09 CVE-2022-1287 Injection vulnerability in School Club Application System Project School Club Application System 1.0
A vulnerability classified as critical was found in School Club Application System 1.0.
network
low complexity
school-club-application-system-project CWE-74
critical
9.8
2022-03-29 CVE-2022-25420 Injection vulnerability in Nttr GOO Blog 1.0
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection.
network
low complexity
nttr CWE-74
critical
9.8
2022-03-27 CVE-2022-26205 Injection vulnerability in Marky Project Marky
Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE) vulnerability via the Display text fields.
network
low complexity
marky-project CWE-74
critical
9.8
2022-03-14 CVE-2022-22344 Injection vulnerability in IBM Spectrum Copy Data Management
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-74
6.1