Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-17 | CVE-2023-35810 | Injection vulnerability in Sugarcrm 11.0.0/12.0.0 An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. | 7.2 |
| 2023-06-16 | CVE-2023-2797 | Injection vulnerability in Mattermost Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel. | 6.5 |
| 2023-06-13 | CVE-2023-28598 | Injection vulnerability in Zoom Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. | 6.5 |
| 2023-06-13 | CVE-2023-28599 | Injection vulnerability in Zoom Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. | 4.3 |
| 2023-06-08 | CVE-2023-29405 | Injection vulnerability in multiple products The go command may execute arbitrary code at build time when using cgo. | 9.8 |
| 2023-06-07 | CVE-2019-25150 | Injection vulnerability in Wpexperts Email Templates The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. | 8.8 |
| 2023-05-30 | CVE-2022-47028 | Injection vulnerability in Actionlauncher Action Launcher 50.5 An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of service via arbitary data injection to function insert. | 5.5 |
| 2023-05-30 | CVE-2023-2980 | Injection vulnerability in Abstrium Pydio Cells 4.2.0 A vulnerability classified as critical was found in Abstrium Pydio Cells 4.2.0. | 8.8 |
| 2023-05-30 | CVE-2023-33234 | Injection vulnerability in Apache Airflow Cncf Kubernetes Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions (Op or Admin) to change the connection object in this manner. Operators should upgrade to provider version 7.0.0 which has removed the vulnerability. | 7.2 |
| 2023-05-30 | CVE-2023-26130 | Injection vulnerability in Cpp-Httplib Project Cpp-Httplib Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. | 8.8 |