Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-19 | CVE-2023-32679 | Injection vulnerability in Craftcms Craft CMS Craft CMS is an open source content management system. | 7.2 |
| 2023-05-11 | CVE-2023-24539 | Injection vulnerability in Golang GO Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. | 7.3 |
| 2023-05-11 | CVE-2023-29400 | Injection vulnerability in Golang GO Templates containing actions in unquoted HTML attributes (e.g. | 7.3 |
| 2023-05-05 | CVE-2022-45048 | Injection vulnerability in Apache Ranger 2.3.0 Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. | 8.8 |
| 2023-05-04 | CVE-2023-29827 | Injection vulnerability in EJS 3.1.9 ejs v3.1.9 is vulnerable to server-side template injection. | 9.8 |
| 2023-05-01 | CVE-2022-45801 | Injection vulnerability in Apache Streampark Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. | 5.4 |
| 2023-04-25 | CVE-2023-29007 | Injection vulnerability in multiple products Git is a revision control system. | 7.8 |
| 2023-04-25 | CVE-2023-30609 | Injection vulnerability in Matrix-React-Sdk Project Matrix-React-Sdk matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. | 4.7 |
| 2023-04-25 | CVE-2022-23721 | Injection vulnerability in Pingidentity Pingid Integration for Windows Login PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times. | 3.3 |
| 2023-04-19 | CVE-2023-22621 | Injection vulnerability in Strapi Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. | 7.2 |