Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-30 | CVE-2023-41039 | Injection vulnerability in Zope Restrictedpython RestrictedPython is a restricted execution environment for Python to run untrusted code. | 7.7 |
| 2023-08-25 | CVE-2023-4478 | Injection vulnerability in Mattermost Server Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts. | 8.2 |
| 2023-08-23 | CVE-2023-40035 | Injection vulnerability in Craftcms Craft CMS Craft is a CMS for creating custom digital experiences on the web and beyond. | 7.2 |
| 2023-08-21 | CVE-2023-4450 | Injection vulnerability in Jeecg Jimureport A vulnerability was found in jeecgboot JimuReport up to 1.6.0. | 9.8 |
| 2023-08-20 | CVE-2022-24989 | Injection vulnerability in Terra-Master Terramaster Operating System TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. | 9.8 |
| 2023-08-15 | CVE-2023-38896 | Injection vulnerability in Langchain An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions. | 9.8 |
| 2023-08-15 | CVE-2023-39659 | Injection vulnerability in Langchain An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component. | 9.8 |
| 2023-08-15 | CVE-2023-39661 | Injection vulnerability in Gabrieleventuri Pandasai An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function. | 9.8 |
| 2023-08-15 | CVE-2023-39662 | Injection vulnerability in Llamaindex Project Llamaindex An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function. | 9.8 |
| 2023-08-11 | CVE-2020-28848 | Injection vulnerability in Churchcrm 4.2.0 CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file. | 8.8 |