CWE-74
High likelihoodImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
4,837 vulnerabilities with CWE-74
CVE-2020-5336
MEDIUM
RSA Archer < 6.7.0.1 - Unauthenticated URL Injection
CVSS 4.6
CVE-2020-1961
CRITICAL
Apache Syncope < 2.0.15 and < 2.1.6 - Server-Side Template Injection via Mail Templates
CVSS 9.8
CVE-2020-8478
MEDIUM
ABB System 800xA OPC/MMS Server & Base Software - Authenticated Data Injection via IPC
CVSS 5.3
CVE-2020-7489
CRITICAL
EcoStruxure Machine Expert and SoMachine Basic - DLL Substitution via Improper Neutralization
CVSS 9.8
CVE-2020-7111
HIGH
ClearPass 6.7.0-6.7.12 - Authenticated Remote Code Execution via Server-Side Injection
CVSS 7.2
CVE-2020-11814
MEDIUM
qdPM 9.1 - Host Header Injection
CVSS 5.4
CVE-2020-11709
HIGH
cpp-httplib <= 0.5.8 - CRLF Injection via Redirect and Header Parameters
CVSS 7.5
CVE-2020-11703
HIGH
ProVide FTP Server < 13.1 - HTTP Response Splitting via Language Parameter
CVSS 7.5
CVE-2020-11002
HIGH
dropwizard-validation <2.0.3, 1.3.21 - RCE
CVSS 8.0
CVE-2020-11593
HIGH
CIPPlanner CIPAce < 9.1 - Unauthenticated HTML Injection via Email Functionality
CVSS 7.5
CVE-2020-10960
MEDIUM
MediaWiki <1.34.1 - Info Disclosure
CVSS 5.3
CVE-2020-1958
MEDIUM
Apache Druid 0.17.0 - Authentication Bypass and Information Disclosure via LDAP User Search
CVSS 6.5
CVE-2020-3884
MEDIUM
macOS Catalina <10.15.4 - Code Injection
CVSS 6.1
CVE-2020-11441
MEDIUM
phpMyAdmin 5.0.2 - CRLF Injection via Login Form Fields
CVSS 6.1
CVE-2020-6982
HIGH
Honeywell WIN-PAK < 4.7.2 - Remote Code Execution via HTTP Header Injection
CVSS 8.8
CVE-2020-7475
CRITICAL
EcoStruxure Control Expert <14.1, Unity Pro, Modicon M340 <3.20, M580 <3.10 - DLL Injection
CVSS 9.8
CVE-2020-8468
HIGH
KEV
Trend Micro Apex One <2019 - Content Validation Escape
CVSS 8.8
CVE-2020-6858
MEDIUM
Hotels Styx < 0.7.10 - HTTP Response Splitting via CRLF Injection
CVSS 6.5
CVE-2020-5259
HIGH
dojox < 1.11.10 - Prototype Pollution via jqMix Method
CVSS 7.7
CVE-2020-9757
CRITICAL
Craft CMS SEOmatic < 3.3.0 - Server-Side Template Injection via Metacontainers Controller
CVSS 9.8
CVE-2020-5249
MEDIUM
Puma < 3.12.3 and 3.12.4 - HTTP Response Splitting via Early-Hints Header Injection
CVSS 6.5
CVE-2020-5247
MEDIUM
Puma < 3.12.3 - HTTP Response Splitting via Header Injection
CVSS 6.5
CVE-2020-9382
MEDIUM
Widgets extension < 1.4.0 - Unauthenticated Arbitrary Wiki Page Execution via #widget Parser Function
CVSS 5.4
CVE-2020-5245
HIGH
Dropwizard-Validation < 1.3.19 - Remote Code Execution via Java Expression Language Injection
CVSS 7.9
CVE-2020-8800
HIGH
SuiteCRM <= 7.11.11 - PHP Object Injection via EmailsControllerActionGetFromFields
CVSS 8.8
Details
Vulnerabilities
4,837
Exploit Likelihood
High