Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-03-08 | CVE-2024-21900 | Injection vulnerability in Qnap QTS and Quts Hero An injection vulnerability has been reported to affect several QNAP operating system versions. | 6.5 |
2024-03-08 | CVE-2024-23268 | Injection vulnerability in Apple Macos An injection issue was addressed with improved input validation. | 7.8 |
2024-03-08 | CVE-2024-23274 | Injection vulnerability in Apple Macos An injection issue was addressed with improved input validation. | 7.8 |
2024-02-02 | CVE-2024-22319 | Injection vulnerability in IBM Operational Decision Manager IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. | 9.8 |
2024-02-01 | CVE-2023-51939 | Injection vulnerability in Relic Project Relic 0.6.0 An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function. | 8.8 |
2024-01-30 | CVE-2023-36260 | Injection vulnerability in Craftcms Craft CMS An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. | 7.5 |
2024-01-29 | CVE-2024-23828 | Injection vulnerability in Nginxui Nginx UI Nginx-UI is a web interface to manage Nginx configurations. | 8.8 |
2024-01-24 | CVE-2024-23648 | Injection vulnerability in Pimcore Admin Classic Bundle Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. | 8.8 |
2024-01-16 | CVE-2021-4227 | Injection vulnerability in OBG ARK Wysiwyg Comment Editor The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section | 5.3 |
2024-01-16 | CVE-2023-22527 | Injection vulnerability in Atlassian Confluence Data Center and Confluence Server A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. | 9.8 |