Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

injection vulnerabilities and exploits

(subscribe to this query)

6.8
CVSSv2
CVE-2019-7548
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled....
Sqlalchemy Sqlalchemy 1.2.17Debian Debian Linux 8.0
7.5
CVSSv2
CVE-2019-8341
** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION...
Pocoo Jinja2 2.10
6.8
CVSSv2
CVE-2020-24379
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection....
Yaws Yaws
4.6
CVSSv2
CVE-2017-1000159
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91....
Gnome Evince
6.8
CVSSv2
CVE-2017-5078
Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example,...
Google Chrome
5.8
CVSSv2
CVE-2020-35678
Autobahn|Python before 20.12.3 allows redirect header injection....
Crossbar Autobahn
4.3
CVSSv2
CVE-2021-29944
Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This...
Mozilla Firefox
10
CVSSv2
CVE-2017-1000469
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user....
Cobbler Project Cobbler
4.3
CVSSv2
CVE-2017-1000188
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection...
Ejs Ejs
6.8
CVSSv2
CVE-2017-7798
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects...
Debian Debian Linux 8.0Debian Debian Linux 9.0Redhat Enterprise Linux Server Eus 7.5Redhat Enterprise Linux Server Aus 7.3Redhat Enterprise Linux Server Eus 7.3Redhat Enterprise Linux Server Eus 7.4Redhat Enterprise Linux Desktop 6.0Redhat Enterprise Linux Workstation 6.0Redhat Enterprise Linux Server Aus 7.4Redhat Enterprise Linux Server 6.0Redhat Enterprise Linux 6.0Redhat Enterprise Linux 7.0Redhat Enterprise Linux Desktop 7.0Redhat Enterprise Linux Workstation 7.0Redhat Enterprise Linux Server 7.0Mozilla FirefoxMozilla Firefox Esr
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-36542NULL pointer dereferenceCVE-2021-3490CVE-2021-36934code injectionSSRFCVE-2021-34632CVE-2021-33325CVE-2021-27503
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook