Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-02-09 CVE-2021-21141 Injection vulnerability in multiple products
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.
network
low complexity
google microsoft CWE-74
6.5
2021-02-09 CVE-2021-21137 Injection vulnerability in multiple products
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
network
low complexity
google microsoft CWE-74
6.5
2021-02-04 CVE-2021-1221 Injection vulnerability in Cisco Webex Meetings Server
A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email.
network
low complexity
cisco CWE-74
4.1
2021-01-30 CVE-2020-15690 Injection vulnerability in Nim-Lang NIM
In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.
network
low complexity
nim-lang CWE-74
critical
9.8
2021-01-08 CVE-2020-5019 Injection vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-74
6.5
2021-01-08 CVE-2020-27260 Injection vulnerability in Innokasmedical Vital Signs Monitor Vc150 Firmware
Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 HL7 v2.x injection vulnerabilities exist in the affected products that allow physically proximate attackers with a connected barcode reader to inject HL7 v2.x segments into specific HL7 v2.x messages via multiple expected parameters.
low complexity
innokasmedical CWE-74
5.3
2021-01-08 CVE-2020-28468 Injection vulnerability in Pwntools Project Pwntools
This affects the package pwntools before 4.3.1.
network
low complexity
pwntools-project CWE-74
critical
9.8
2020-12-30 CVE-2020-10208 Injection vulnerability in Amino products
Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows authenticated remote attackers to execute arbitrary commands with root user privileges.
network
low complexity
amino CWE-74
critical
9.9
2020-12-24 CVE-2020-35669 Injection vulnerability in Dart Http
An issue was discovered in the http package through 0.12.2 for Dart.
network
low complexity
dart CWE-74
6.1
2020-12-22 CVE-2020-35608 Injection vulnerability in Microsoft Azure Sphere 20.07
A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07.
local
low complexity
microsoft CWE-74
7.8