Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-06 | CVE-2023-36830 | Injection vulnerability in Sqlfluff SQLFluff is a SQL linter. | 7.8 |
| 2023-07-06 | CVE-2023-36188 | Injection vulnerability in Langchain 0.0.64 An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method. | 9.8 |
| 2023-07-06 | CVE-2023-26138 | Injection vulnerability in Drogon All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. | 4.3 |
| 2023-06-30 | CVE-2023-36812 | Injection vulnerability in Opentsdb OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). | 9.8 |
| 2023-06-30 | CVE-2023-37360 | Injection vulnerability in Pacparser Project Pacparser pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products). | 6.1 |
| 2023-06-29 | CVE-2023-36469 | Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |
| 2023-06-29 | CVE-2023-36470 | Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |
| 2023-06-23 | CVE-2023-34203 | Injection vulnerability in Progress Openedge, Openedge Explorer and Openedge Management In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. | 8.8 |
| 2023-06-23 | CVE-2023-3380 | Injection vulnerability in Wavlink Wn579X3 Firmware 20200515 A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. | 9.8 |
| 2023-06-22 | CVE-2023-28016 | Injection vulnerability in Hcltech Bigfix OSD Bare Metal Server 311.12 Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain. | 6.1 |