Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-19 | CVE-2023-29521 | Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |
| 2023-04-19 | CVE-2023-29522 | Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |
| 2023-04-19 | CVE-2023-29526 | Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |
| 2023-04-14 | CVE-2023-29383 | Injection vulnerability in Shadow Project Shadow 4.13 In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). | 3.3 |
| 2023-04-10 | CVE-2023-26919 | Injection vulnerability in Javadelight Nashorn Sandbox 0.2.4/0.2.5 delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. | 7.2 |
| 2023-04-05 | CVE-2023-29389 | Injection vulnerability in Toyota Rav4 Firmware 2021 Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated" messages via CAN Injection, as exploited in the wild in (for example) July 2022. | 6.8 |
| 2023-04-05 | CVE-2023-29374 | Injection vulnerability in Langchain In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method. | 9.8 |
| 2023-03-30 | CVE-2023-27533 | Injection vulnerability in multiple products A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. | 8.8 |
| 2023-03-28 | CVE-2023-28637 | Injection vulnerability in Dataease DataEase is an open source data visualization analysis tool. | 8.8 |
| 2023-03-16 | CVE-2023-27040 | Injection vulnerability in Simple Image Gallery web APP Project Simple Image Gallery web APP 1.0 Simple Image Gallery v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the username parameter. | 9.8 |