Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

injection vulnerabilities and exploits

(subscribe to this query)

6.5
CVSSv2
CVE-2022-0661
The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or javascript even with unfiltered_html disallowed, leading to a stored cross-site...
Ad Injection Project Ad Injection
7.5
CVSSv2
CVE-2022-26945
HashiCorp go-getter before 2.0.2 allows Command Injection....
Hashicorp Go-getter 2.0.2Hashicorp Go-getter
7.5
CVSSv2
CVE-2022-25648
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The...
Git Git
6.8
CVSSv2
CVE-2017-5078
Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example,...
Google ChromeRedhat Enterprise Linux Desktop 6.0Redhat Enterprise Linux Server 6.0Redhat Enterprise Linux Workstation 6.0
6.8
CVSSv2
CVE-2020-24379
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection....
Yaws Yaws
6.8
CVSSv2
CVE-2019-7548
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled....
Sqlalchemy Sqlalchemy 1.2.17Debian Debian Linux 8.0Debian Debian Linux 9.0Opensuse Backports Sle 15.0Opensuse Leap 15.0Opensuse Leap 15.1Redhat Enterprise Linux 8.0Redhat Enterprise Linux Eus 8.1Redhat Enterprise Linux Eus 8.2Redhat Enterprise Linux Eus 8.4Redhat Enterprise Linux Server Aus 8.2Redhat Enterprise Linux Server Aus 8.4Redhat Enterprise Linux Server Tus 8.2Redhat Enterprise Linux Server Tus 8.4Oracle Communications Operations Monitor 4.2Oracle Communications Operations Monitor 4.3
7.5
CVSSv2
CVE-2019-8341
** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION...
Pocoo Jinja2 2.10Opensuse Leap 15.0Opensuse Leap 42.3
7.5
CVSSv2
CVE-2022-28347
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name....
Djangoproject Django
10
CVSSv2
CVE-2022-0841
OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4....
Npm-lockfile Project Npm-lockfile 2.0.3Npm-lockfile Project Npm-lockfile 2.0.4
4.3
CVSSv2
CVE-2021-29944
Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This...
Mozilla Firefox
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalationstored XSSCVE-2022-29582CVE-2020-6507CVE-2022-36835CVE-2022-24028CVE-2022-2692CVE-2022-26346man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook