Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2019-04-19 CVE-2019-11354 Injection vulnerability in EA Origin 10.5.36
The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler.
local
low complexity
ea CWE-74
7.8
7.8
2019-04-08 CVE-2018-1943 Injection vulnerability in IBM Cloud Private 3.1.0/3.1.1
IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input.
network
low complexity
ibm CWE-74
5.4
5.4
2019-04-03 CVE-2015-5462 Injection vulnerability in Axiomsl Axiom 9.5.3
AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject HTML into the scoping dashboard features.
network
low complexity
axiomsl CWE-74
6.1
6.1
2019-04-03 CVE-2018-4153 Injection vulnerability in Apple mac OS X
An injection issue was addressed with improved validation.
network
high complexity
apple CWE-74
5.9
5.9
2019-03-06 CVE-2019-9614 Injection vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2
An issue was discovered in OFCMS before 1.1.3.
network
low complexity
ofcms-project CWE-74
8.8
8.8
2019-02-20 CVE-2019-8948 Injection vulnerability in Papercut MF
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163.
network
low complexity
papercut CWE-74
critical
 9.8
9.8
2019-02-05 CVE-2018-18992 Injection vulnerability in Lcds Laquis Scada 4.1/4.1.0.3391/4.1.0.3870
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server.
network
low complexity
lcds CWE-74
8.8
8.8
2019-02-05 CVE-2017-1202 Injection vulnerability in IBM Bigfix Compliance 1.7/1.8/1.9.91
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection.
network
low complexity
ibm CWE-74
5.4
5.4
2019-02-04 CVE-2019-7351 Injection vulnerability in Zoneminder
Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value.
network
low complexity
zoneminder CWE-74
6.5
6.5
2019-02-01 CVE-2018-16492 Injection vulnerability in Extend Project Extend
A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.
network
low complexity
extend-project CWE-74
critical
 9.8
9.8