Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-02 | CVE-2021-27730 | Injection vulnerability in Accellion FTA Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. | 9.8 |
| 2021-02-27 | CVE-2021-27132 | Injection vulnerability in Sercomm Agcombo Vd625 Firmware Agsot2.1.0 SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header. | 9.8 |
| 2021-02-27 | CVE-2021-3197 | Injection vulnerability in multiple products An issue was discovered in SaltStack Salt before 3002.5. | 9.8 |
| 2021-02-22 | CVE-2021-26068 | Injection vulnerability in Atlassian Jira Server for Slack An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability. | 8.8 |
| 2021-02-19 | CVE-2020-12873 | Injection vulnerability in Atlassian Alfresco Enterprise Content Management An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. | 8.8 |
| 2021-02-16 | CVE-2020-35564 | Injection vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24 An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. | 7.5 |
| 2021-02-15 | CVE-2020-35775 | Injection vulnerability in Citsmart CITSmart before 9.1.2.23 allows LDAP Injection. | 9.8 |
| 2021-02-12 | CVE-2021-20644 | Injection vulnerability in Elecom Wrc-1467Ghbk-A Firmware ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page. | 6.1 |
| 2021-02-11 | CVE-2021-23335 | Injection vulnerability in Is-User-Valid Project Is-User-Valid All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure. | 7.5 |
| 2021-02-09 | CVE-2021-21479 | Injection vulnerability in SAP Scimono In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system. | 9.1 |