Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2022-4092 Injection vulnerability in Gitlab 15.6.0
An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1.
network
low complexity
gitlab CWE-74
8.0
2023-01-26 CVE-2023-0476 Injection vulnerability in Tenable Tenable.Sc
A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users.
network
low complexity
tenable CWE-74
6.5
2023-01-21 CVE-2023-24040 Injection vulnerability in Opengroup Common Desktop Environment 1.6
** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers.
local
low complexity
opengroup CWE-74
7.1
2023-01-20 CVE-2022-3918 Injection vulnerability in Apple Swift Foundation
A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers.
network
low complexity
apple CWE-74
8.8
2023-01-20 CVE-2021-37499 Injection vulnerability in Reprisesoftware Reprise License Manager
CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers.
network
low complexity
reprisesoftware CWE-74
6.5
2023-01-20 CVE-2023-20057 Injection vulnerability in Cisco Asyncos
A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device.
network
low complexity
cisco CWE-74
5.3
2023-01-19 CVE-2017-20174 Injection vulnerability in Getkirby Webmentions
A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as problematic.
network
low complexity
getkirby CWE-74
critical
9.8
2023-01-18 CVE-2023-0040 Injection vulnerability in Asynchttpclient Project Async-Http-Client
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection.
network
low complexity
asynchttpclient-project CWE-74
7.5
2023-01-17 CVE-2023-23749 Injection vulnerability in Miniorange Ldap Integration With Active Directory and Openldap 5.0.2
The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter.
network
low complexity
miniorange CWE-74
7.5
2023-01-17 CVE-2015-10062 Injection vulnerability in Galaxyproject Galaxy
A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0.
network
low complexity
galaxyproject CWE-74
critical
9.8