Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-15 | CVE-2020-7602 | Injection vulnerability in Node-Prompt-Here Project Node-Prompt-Here 1.0.1 node-prompt-here through 1.0.1 allows execution of arbitrary commands. | 7.5 |
2020-03-15 | CVE-2020-7601 | Injection vulnerability in Gulp-Scss-Lint Project Gulp-Scss-Lint gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. | 7.5 |
2020-03-13 | CVE-2020-10075 | Injection vulnerability in Gitlab GitLab 12.5 through 12.8.1 allows HTML Injection. | 5.8 |
2020-03-12 | CVE-2020-6858 | Injection vulnerability in Hotels Styx Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. | 4.3 |
2020-03-11 | CVE-2020-5203 | Injection vulnerability in Fatfreeframework Fat-Free Framework 3.7.1 In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code execution if developers choose to pass user controlled input (e.g., $_REQUEST, $_GET, or $_POST) to the framework's Clear method. | 7.5 |
2020-03-10 | CVE-2020-5259 | Injection vulnerability in Linuxfoundation Dojox In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. | 5.0 |
2020-03-09 | CVE-2019-19614 | Injection vulnerability in Halvotec Raquest 10.23.10801.0 An issue was discovered in Halvotec RAQuest 10.23.10801.0. | 5.0 |
2020-03-04 | CVE-2020-9757 | Injection vulnerability in Craftcms Craft CMS The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller. | 7.5 |
2020-03-02 | CVE-2020-5249 | Injection vulnerability in Puma In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. | 6.5 |
2020-02-28 | CVE-2020-9466 | Injection vulnerability in Export Users TO CSV Project Export Users TO CSV The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection. | 5.8 |