Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-08-30 CVE-2024-2881 Injection vulnerability in Wolfssl 5.6.6
Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure.
network
low complexity
wolfssl CWE-74
8.8
2024-08-29 CVE-2024-1545 Injection vulnerability in Wolfssl 5.6.6
Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.
network
low complexity
wolfssl CWE-74
8.8
2024-08-14 CVE-2024-31882 Injection vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.
network
low complexity
ibm CWE-74
6.5
2024-08-06 CVE-2024-39227 Injection vulnerability in Gl-Inet products
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc.
network
low complexity
gl-inet CWE-74
critical
9.8
2024-08-04 CVE-2024-6331 Injection vulnerability in Stitionai Devika
stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection.
network
low complexity
stitionai CWE-74
6.5
2024-07-25 CVE-2024-40324 Injection vulnerability in Datex-Soft E-Staff 5.1
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation.
network
low complexity
datex-soft CWE-74
5.4
2024-07-22 CVE-2024-26020 An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04.
network
low complexity
CWE-74
critical
9.6
2024-07-09 CVE-2024-37442 Injection vulnerability in Ays-Pro Photo Gallery
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Code Injection.This issue affects Photo Gallery by Ays: from n/a before 5.7.1.
network
low complexity
ays-pro CWE-74
5.5
2024-07-03 CVE-2024-6469 Injection vulnerability in Playsms 1.4.3
A vulnerability was found in playSMS 1.4.3.
network
low complexity
playsms CWE-74
8.8
2024-07-01 CVE-2024-36420 Injection vulnerability in Flowiseai Flowise 1.4.3
Flowise is a drag & drop user interface to build a customized large language model flow.
network
low complexity
flowiseai CWE-74
7.5