Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-08 | CVE-2023-29405 | Injection vulnerability in multiple products The go command may execute arbitrary code at build time when using cgo. | 9.8 |
| 2023-06-07 | CVE-2019-25150 | Injection vulnerability in Wpexperts Email Templates The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. | 8.8 |
| 2023-05-30 | CVE-2022-47028 | Injection vulnerability in Actionlauncher Action Launcher 50.5 An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of service via arbitary data injection to function insert. | 5.5 |
| 2023-05-30 | CVE-2023-2980 | Injection vulnerability in Abstrium Pydio Cells 4.2.0 A vulnerability classified as critical was found in Abstrium Pydio Cells 4.2.0. | 8.8 |
| 2023-05-30 | CVE-2023-33234 | Injection vulnerability in Apache Airflow Cncf Kubernetes Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions (Op or Admin) to change the connection object in this manner. Operators should upgrade to provider version 7.0.0 which has removed the vulnerability. | 7.2 |
| 2023-05-30 | CVE-2023-26130 | Injection vulnerability in Cpp-Httplib Project Cpp-Httplib Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. | 8.8 |
| 2023-05-19 | CVE-2023-32679 | Injection vulnerability in Craftcms Craft CMS Craft CMS is an open source content management system. | 7.2 |
| 2023-05-11 | CVE-2023-24539 | Injection vulnerability in Golang GO Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. | 7.3 |
| 2023-05-11 | CVE-2023-29400 | Injection vulnerability in Golang GO Templates containing actions in unquoted HTML attributes (e.g. | 7.3 |
| 2023-05-05 | CVE-2022-45048 | Injection vulnerability in Apache Ranger 2.3.0 Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. | 8.8 |