Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE	CVE	VULNERABILITY TITLE	RISK
2019-06-17	CVE-2019-8322	Injection vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. network low complexity rubygems debian opensuse CWE-74	5.0
2019-06-17	CVE-2019-8325	Injection vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. network low complexity rubygems opensuse debian CWE-74	5.0
2019-06-10	CVE-2019-12387	Injection vulnerability in multiple products In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. network low complexity twistedmatrix fedoraproject canonical oracle CWE-74	6.1
2019-06-06	CVE-2019-12303	Injection vulnerability in Suse Rancher In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container. network low complexity suse CWE-74	6.5
2019-06-05	CVE-2019-6800	Injection vulnerability in Titanhq Spamtitan In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. network titanhq CWE-74	8.5
2019-05-24	CVE-2016-8900	Injection vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags. network low complexity exponentcms CWE-74	7.5
2019-05-23	CVE-2016-8899	Injection vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats. network low complexity exponentcms CWE-74	7.5
2019-05-23	CVE-2016-8901	Injection vulnerability in B2Evolution 6.7.6 b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. network low complexity b2evolution CWE-74	7.5
2019-04-26	CVE-2019-2725	Injection vulnerability in Oracle products Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). network low complexity oracle CWE-74	7.5
2019-04-25	CVE-2019-9900	Injection vulnerability in multiple products When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). network low complexity envoyproxy redhat CWE-74	8.3