Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-08-10 CVE-2023-31209 Injection vulnerability in multiple products
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users.
network
low complexity
tribe29 checkmk CWE-74
8.8
2023-08-09 CVE-2023-33241 Injection vulnerability in multiple products
Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof.
network
low complexity
gg20-project gg18-project CWE-74
critical
9.1
2023-08-09 CVE-2023-33242 Injection vulnerability in Lindell17 Project Lindell17
Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.
network
low complexity
lindell17-project CWE-74
8.1
2023-08-08 CVE-2023-39213 Injection vulnerability in Zoom Virtual Desktop Infrastructure and Zoom
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.
network
low complexity
zoom CWE-74
critical
9.8
2023-08-04 CVE-2023-4157 Injection vulnerability in Omeka S
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in GitHub repository omeka/omeka-s prior to version 4.0.3.
network
low complexity
omeka CWE-74
4.8
2023-08-01 CVE-2023-36210 Injection vulnerability in Motocms 3.4.3
MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter.
network
low complexity
motocms CWE-74
critical
9.8
2023-07-28 CVE-2023-38609 Injection vulnerability in Apple Macos
An injection issue was addressed with improved input validation.
network
low complexity
apple CWE-74
7.5
2023-07-24 CVE-2023-38060 Injection vulnerability in Otrs
Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment.  This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
network
low complexity
otrs CWE-74
8.8
2023-07-20 CVE-2020-24275 Injection vulnerability in Swoole 4.5.2
A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL.
network
low complexity
swoole CWE-74
6.5
2023-07-06 CVE-2023-36188 Injection vulnerability in Langchain 0.0.64
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.
network
low complexity
langchain CWE-74
critical
9.8