Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-20 | CVE-2023-35895 | Injection vulnerability in IBM Informix Jdbc 4.10/4.50 IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. | 9.8 |
| 2023-12-12 | CVE-2023-43364 | Injection vulnerability in Arjunsharda Searchor main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution. | 9.8 |
| 2023-12-12 | CVE-2023-46456 | Injection vulnerability in Gl-Inet Gl-Ar300M Firmware 3.216 In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality. | 9.8 |
| 2023-12-11 | CVE-2023-49964 | Injection vulnerability in Hyland Alfresco Content Services 7.2.0 An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. | 8.8 |
| 2023-12-10 | CVE-2023-6648 | Injection vulnerability in PHPgurukul Nipah Virus Testing Management System 1.0 A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. | 9.8 |
| 2023-12-07 | CVE-2023-48205 | Injection vulnerability in Jorani Leave Management System 1.0.2 Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails. | 5.3 |
| 2023-12-07 | CVE-2023-48826 | Injection vulnerability in PHPjabbers Time Slots Booking Calendar 4.0 Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List. | 8.8 |
| 2023-12-07 | CVE-2023-48830 | Injection vulnerability in PHPjabbers Shuttle Booking Software 2.0 Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export. | 8.8 |
| 2023-12-07 | CVE-2023-48835 | Injection vulnerability in PHPjabbers CAR Rental Script 3.0 Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. | 8.8 |
| 2023-12-07 | CVE-2023-48841 | Injection vulnerability in PHPjabbers Appointment Scheduler 3.0 Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. | 8.8 |