Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2019-06-05 CVE-2019-6800 Injection vulnerability in Titanhq Spamtitan
In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function.
network
high complexity
titanhq CWE-74
7.5
7.5
2019-05-24 CVE-2016-8900 Injection vulnerability in Exponentcms Exponent CMS 2.3.9
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.
network
low complexity
exponentcms CWE-74
critical
 9.8
9.8
2019-05-23 CVE-2016-8899 Injection vulnerability in Exponentcms Exponent CMS 2.3.9
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.
network
low complexity
exponentcms CWE-74
critical
 9.8
9.8
2019-05-23 CVE-2016-8901 Injection vulnerability in B2Evolution 6.7.6
b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php.
network
low complexity
b2evolution CWE-74
critical
 9.8
9.8
2019-04-26 CVE-2019-2725 Injection vulnerability in Oracle products
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
network
low complexity
oracle CWE-74
critical
 9.8
9.8
2019-04-25 CVE-2019-9900 Injection vulnerability in multiple products
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0).
network
low complexity
envoyproxy redhat CWE-74
8.3
8.3
2019-04-19 CVE-2019-11354 Injection vulnerability in EA Origin 10.5.36
The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler.
local
low complexity
ea CWE-74
7.8
7.8
2019-04-08 CVE-2018-1943 Injection vulnerability in IBM Cloud Private 3.1.0/3.1.1
IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input.
network
low complexity
ibm CWE-74
5.4
5.4
2019-04-03 CVE-2015-5462 Injection vulnerability in Axiomsl Axiom 9.5.3
AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject HTML into the scoping dashboard features.
network
low complexity
axiomsl CWE-74
6.1
6.1
2019-04-03 CVE-2018-4153 Injection vulnerability in Apple mac OS X
An injection issue was addressed with improved validation.
network
high complexity
apple CWE-74
5.9
5.9