Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-08-04 CVE-2024-6331 Injection vulnerability in Stitionai Devika
stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection.
network
low complexity
stitionai CWE-74
6.5
2024-07-25 CVE-2024-40324 Injection vulnerability in Datex-Soft E-Staff 5.1
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation.
network
low complexity
datex-soft CWE-74
5.4
2024-07-24 CVE-2024-0231 Injection vulnerability in Gitlab
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.
network
low complexity
gitlab CWE-74
2.7
2024-07-01 CVE-2024-38366 Injection vulnerability in Cocoapods Trunk.Cocoapods.Org
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager.
network
low complexity
cocoapods CWE-74
critical
10.0
2024-07-01 CVE-2024-36420 Injection vulnerability in Flowiseai Flowise 1.4.3
Flowise is a drag & drop user interface to build a customized large language model flow.
network
low complexity
flowiseai CWE-74
7.5
2024-06-28 CVE-2024-39704 Injection vulnerability in Unknown-Corp Melty Blood Actress Again Current Code
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev.
network
low complexity
unknown-corp CWE-74
critical
9.8
2024-06-05 CVE-2024-5184 Injection vulnerability in Emailgpt
The EmailGPT service contains a prompt injection vulnerability. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic.
network
low complexity
emailgpt CWE-74
critical
9.1
2024-03-11 CVE-2024-0044 Injection vulnerability in Google Android
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation.
local
low complexity
google CWE-74
6.7
2024-03-08 CVE-2024-23268 Injection vulnerability in Apple Macos
An injection issue was addressed with improved input validation.
local
low complexity
apple CWE-74
7.8
2024-03-08 CVE-2024-23274 Injection vulnerability in Apple Macos
An injection issue was addressed with improved input validation.
local
low complexity
apple CWE-74
7.8