Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-06 | CVE-2023-26138 | Injection vulnerability in Drogon All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. | 4.3 |
| 2023-06-30 | CVE-2023-37360 | Injection vulnerability in Pacparser Project Pacparser pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products). | 6.1 |
| 2023-06-23 | CVE-2023-34203 | Injection vulnerability in Progress Openedge, Openedge Explorer and Openedge Management In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. | 8.8 |
| 2023-06-23 | CVE-2023-3380 | Injection vulnerability in Wavlink Wn579X3 Firmware 20200515 A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. | 9.8 |
| 2023-06-22 | CVE-2023-28016 | Injection vulnerability in Hcltech Bigfix OSD Bare Metal Server 311.12 Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain. | 6.1 |
| 2023-06-17 | CVE-2023-35810 | Injection vulnerability in Sugarcrm 11.0.0/12.0.0 An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. | 7.2 |
| 2023-06-16 | CVE-2023-2797 | Injection vulnerability in Mattermost Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel. | 6.5 |
| 2023-06-13 | CVE-2023-28598 | Injection vulnerability in Zoom Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. | 6.5 |
| 2023-06-13 | CVE-2023-28599 | Injection vulnerability in Zoom Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. | 4.3 |
| 2023-06-08 | CVE-2023-29405 | Injection vulnerability in multiple products The go command may execute arbitrary code at build time when using cgo. | 9.8 |