Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-02 | CVE-2023-41580 | Injection vulnerability in PHPipam Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. | 7.5 |
| 2023-09-29 | CVE-2023-44270 | Injection vulnerability in Postcss An issue was discovered in PostCSS before 8.4.31. | 5.3 |
| 2023-09-29 | CVE-2023-26148 | Injection vulnerability in Ithewei Libhv All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. | 5.3 |
| 2023-09-19 | CVE-2023-41834 | Injection vulnerability in Apache Flink Stateful Functions 3.1.0/3.1.1/3.2.0 Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. | 6.1 |
| 2023-09-14 | CVE-2023-36250 | Injection vulnerability in Gnome Gnome-Time Tracker 3.0.2 CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record. | 7.8 |
| 2023-09-12 | CVE-2023-26142 | Injection vulnerability in Crowcpp Crow 1.0+5 All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. | 6.1 |
| 2023-09-01 | CVE-2023-1523 | Injection vulnerability in Canonical Snapd Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. | 10.0 |
| 2023-08-25 | CVE-2023-4478 | Injection vulnerability in Mattermost Server Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts. | 8.2 |
| 2023-08-21 | CVE-2023-4450 | Injection vulnerability in Jeecg Jimureport A vulnerability was found in jeecgboot JimuReport up to 1.6.0. | 9.8 |
| 2023-08-20 | CVE-2022-24989 | Injection vulnerability in Terra-Master Terramaster Operating System TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. | 9.8 |