Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-03-08 CVE-2024-21900 Injection vulnerability in Qnap QTS and Quts Hero
An injection vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap CWE-74
6.5
2024-03-08 CVE-2024-23268 Injection vulnerability in Apple Macos
An injection issue was addressed with improved input validation.
local
low complexity
apple CWE-74
7.8
2024-03-08 CVE-2024-23274 Injection vulnerability in Apple Macos
An injection issue was addressed with improved input validation.
local
low complexity
apple CWE-74
7.8
2024-02-02 CVE-2024-22319 Injection vulnerability in IBM Operational Decision Manager
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API.
network
low complexity
ibm CWE-74
critical
9.8
2024-02-01 CVE-2023-51939 Injection vulnerability in Relic Project Relic 0.6.0
An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function.
network
low complexity
relic-project CWE-74
8.8
2024-01-30 CVE-2023-36260 Injection vulnerability in Craftcms Craft CMS
An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS.
network
low complexity
craftcms CWE-74
7.5
2024-01-29 CVE-2024-23828 Injection vulnerability in Nginxui Nginx UI
Nginx-UI is a web interface to manage Nginx configurations.
network
low complexity
nginxui CWE-74
8.8
2024-01-24 CVE-2024-23648 Injection vulnerability in Pimcore Admin Classic Bundle
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore.
network
low complexity
pimcore CWE-74
8.8
2024-01-16 CVE-2021-4227 Injection vulnerability in OBG ARK Wysiwyg Comment Editor
The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section
network
low complexity
obg CWE-74
5.3
2024-01-16 CVE-2023-22527 Injection vulnerability in Atlassian Confluence Data Center and Confluence Server
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance.
network
low complexity
atlassian CWE-74
critical
9.8