Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-10 | CVE-2020-15171 | Injection vulnerability in Xwiki In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. | 6.6 |
| 2020-08-28 | CVE-2020-15164 | Injection vulnerability in Scratch-Wiki Scratch Login in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. | 10.0 |
| 2020-08-26 | CVE-2020-12855 | Injection vulnerability in Seczetta Neprofile 3.3.11 A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. | 8.8 |
| 2020-08-26 | CVE-2020-13863 | Injection vulnerability in Mitel Micollab The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. | 8.1 |
| 2020-08-24 | CVE-2020-24364 | Injection vulnerability in Ethz Minetime MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. | 8.8 |
| 2020-08-21 | CVE-2020-15147 | Injection vulnerability in Cogboard RED Discord BOT Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. | 8.5 |
| 2020-08-21 | CVE-2020-15140 | Injection vulnerability in Cogboard RED Discord BOT In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. | 9.6 |
| 2020-08-14 | CVE-2020-15693 | Injection vulnerability in Nim-Lang NIM In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. | 6.5 |
| 2020-08-13 | CVE-2020-16087 | Injection vulnerability in VNG Zalo Desktop 19.8.1.0 An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. | 8.6 |
| 2020-08-12 | CVE-2020-17496 | Injection vulnerability in Vbulletin vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. | 9.8 |