Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-14 | CVE-2023-25141 | Injection vulnerability in Apache Sling JCR Base Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability when running on old JDK versions (JDK 1.8.191 or earlier) through utility functions in RepositoryAccessor. | 7.5 |
| 2023-02-13 | CVE-2023-25719 | Injection vulnerability in Connectwise Control 19.3.25270.7185/22.9.10032 ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. | 8.8 |
| 2023-02-07 | CVE-2022-43756 | Injection vulnerability in Suse Wrangler A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. | 7.5 |
| 2023-01-26 | CVE-2023-0493 | Injection vulnerability in Btcpayserver Btcpay Server Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5. | 8.8 |
| 2023-01-26 | CVE-2022-47052 | Injection vulnerability in Netgear Ac1200 R6220 Firmware 1.1.0.1121.0.1/1.1.0.1141.0.1 The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. | 6.1 |
| 2023-01-26 | CVE-2023-0476 | Injection vulnerability in Tenable Tenable.Sc A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. | 6.5 |
| 2023-01-21 | CVE-2023-24040 | Injection vulnerability in Opengroup Common Desktop Environment 1.6 dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. | 7.1 |
| 2023-01-20 | CVE-2022-3918 | Injection vulnerability in Apple Swift Foundation A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers. | 8.8 |
| 2023-01-20 | CVE-2021-37499 | Injection vulnerability in Reprisesoftware Reprise License Manager CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers. | 6.5 |
| 2023-01-20 | CVE-2023-20057 | Injection vulnerability in Cisco Asyncos A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. | 5.3 |