Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-30 | CVE-2020-5230 | Injection vulnerability in Apereo Opencast Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. | 5.0 |
| 2020-01-30 | CVE-2020-8093 | Injection vulnerability in Bitdefender Antivirus A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution | 4.6 |
| 2020-01-28 | CVE-2013-3214 | Injection vulnerability in Vtiger CRM vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'. | 7.5 |
| 2020-01-28 | CVE-2013-3212 | Injection vulnerability in Vtiger CRM vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code. | 6.8 |
| 2020-01-28 | CVE-2013-1437 | Injection vulnerability in multiple products Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. | 7.5 |
| 2020-01-28 | CVE-2020-7799 | Injection vulnerability in Fusionauth An issue was discovered in FusionAuth before 1.11.0. | 9.0 |
| 2020-01-27 | CVE-2015-3154 | Injection vulnerability in Zend Framework CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email. | 4.3 |
| 2020-01-27 | CVE-2012-1496 | Injection vulnerability in Webcalendar Project Webcalendar Local file inclusion in WebCalendar before 1.2.5. | 6.5 |
| 2020-01-27 | CVE-2012-1495 | Injection vulnerability in Webcalendar Project Webcalendar install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter. | 7.5 |
| 2020-01-27 | CVE-2011-4558 | Injection vulnerability in Tiki Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters. | 6.0 |