Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-30 | CVE-2020-15690 | Injection vulnerability in Nim-Lang NIM In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character. | 9.8 |
| 2021-01-08 | CVE-2020-5019 | Injection vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.5 |
| 2021-01-08 | CVE-2020-27260 | Injection vulnerability in Innokasmedical Vital Signs Monitor Vc150 Firmware Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 HL7 v2.x injection vulnerabilities exist in the affected products that allow physically proximate attackers with a connected barcode reader to inject HL7 v2.x segments into specific HL7 v2.x messages via multiple expected parameters. | 5.3 |
| 2021-01-08 | CVE-2020-28468 | Injection vulnerability in Pwntools Project Pwntools This affects the package pwntools before 4.3.1. | 9.8 |
| 2020-12-30 | CVE-2020-10208 | Injection vulnerability in Amino products Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows authenticated remote attackers to execute arbitrary commands with root user privileges. | 9.9 |
| 2020-12-24 | CVE-2020-35669 | Injection vulnerability in Dart Http An issue was discovered in the http package through 0.12.2 for Dart. | 6.1 |
| 2020-12-22 | CVE-2020-35608 | Injection vulnerability in Microsoft Azure Sphere 20.07 A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. | 7.8 |
| 2020-12-18 | CVE-2020-27687 | Injection vulnerability in Thingsboard ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. | 8.8 |
| 2020-12-14 | CVE-2020-8177 | Injection vulnerability in multiple products curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | 7.8 |
| 2020-12-10 | CVE-2020-25967 | Injection vulnerability in Fastadmin 1.0.0.20200506 The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability. | 8.8 |