Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
injection vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2022-0661
The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or javascript even with unfiltered_html disallowed, leading to a stored cross-site...
Ad Injection Project Ad Injection
7.5
CVSSv2
CVE-2022-26945
HashiCorp go-getter before 2.0.2 allows Command Injection....
Hashicorp Go-getter 2.0.2
Hashicorp Go-getter
1 Github repository available
7.5
CVSSv2
CVE-2022-25648
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The...
Git Git
6.8
CVSSv2
CVE-2017-5078
Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example,...
Google Chrome
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
6.8
CVSSv2
CVE-2020-24379
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection....
Yaws Yaws
6.8
CVSSv2
CVE-2019-7548
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled....
Sqlalchemy Sqlalchemy 1.2.17
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Backports Sle 15.0
Opensuse Leap 15.0
Opensuse Leap 15.1
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Tus 8.4
Oracle Communications Operations Monitor 4.2
Oracle Communications Operations Monitor 4.3
7.5
CVSSv2
CVE-2019-8341
** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION...
Pocoo Jinja2 2.10
Opensuse Leap 15.0
Opensuse Leap 42.3
1 EDB exploit available
1 Github repository available
7.5
CVSSv2
CVE-2022-28347
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name....
Djangoproject Django
1 Github repository available
10
CVSSv2
CVE-2022-0841
OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4....
Npm-lockfile Project Npm-lockfile 2.0.3
Npm-lockfile Project Npm-lockfile 2.0.4
4.3
CVSSv2
CVE-2021-29944
Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This...
Mozilla Firefox
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
stored XSS
CVE-2022-29582
CVE-2020-6507
CVE-2022-36835
CVE-2022-24028
CVE-2022-2692
CVE-2022-26346
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »