Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-19 | CVE-2023-29526 | Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |
| 2023-04-14 | CVE-2023-29383 | Injection vulnerability in Shadow Project Shadow 4.13 In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). | 3.3 |
| 2023-04-10 | CVE-2023-26919 | Injection vulnerability in Javadelight Nashorn Sandbox 0.2.4/0.2.5 delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. | 7.2 |
| 2023-04-05 | CVE-2023-29389 | Injection vulnerability in Toyota Rav4 Firmware 2021 Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated" messages via CAN Injection, as exploited in the wild in (for example) July 2022. | 6.8 |
| 2023-04-05 | CVE-2023-29374 | Injection vulnerability in Langchain In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method. | 9.8 |
| 2023-03-30 | CVE-2023-27533 | Injection vulnerability in multiple products A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. | 8.8 |
| 2023-03-16 | CVE-2023-27040 | Injection vulnerability in Simple Image Gallery web APP Project Simple Image Gallery web APP 1.0 Simple Image Gallery v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the username parameter. | 9.8 |
| 2023-03-08 | CVE-2023-26261 | Injection vulnerability in Ubikasec Waap Cloud and Waap Gateway In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. | 9.8 |
| 2023-03-05 | CVE-2023-27635 | Injection vulnerability in Debian Debmany 0.88.1 debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file. | 7.8 |
| 2023-02-27 | CVE-2022-42797 | Injection vulnerability in Apple Xcode An injection issue was addressed with improved input validation. | 7.8 |