Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-23 | CVE-2023-49214 | Injection vulnerability in Usedesk Usedesk before 1.7.57 allows chat template injection. | 9.8 |
| 2023-11-20 | CVE-2023-5340 | Injection vulnerability in Fivestarplugins Five Star Restaurant Menu The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog. | 9.8 |
| 2023-11-20 | CVE-2022-46337 | Injection vulnerability in Apache Derby A cleverly devised username might bypass LDAP authentication checks. | 9.8 |
| 2023-11-16 | CVE-2023-6174 | Injection vulnerability in multiple products SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file | 6.5 |
| 2023-11-15 | CVE-2023-48199 | Injection vulnerability in Grocy Project Grocy 4.0.3 HTML Injection vulnerability in the 'manageApiKeys' component in Grocy <= 4.0.3 allows attackers to inject arbitrary HTML content without script execution. | 7.8 |
| 2023-11-03 | CVE-2023-4767 | Injection vulnerability in Zohocorp Manageengine Desktop Central 9.1.0 A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. | 6.1 |
| 2023-11-01 | CVE-2023-4197 | Injection vulnerability in Dolibarr Erp/Crm Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code. | 8.8 |
| 2023-10-30 | CVE-2023-4393 | Injection vulnerability in Liquidfiles HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization. | 6.1 |
| 2023-10-28 | CVE-2023-46468 | Injection vulnerability in Juzaweb CMS An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function. | 7.8 |
| 2023-10-25 | CVE-2023-5043 | Injection vulnerability in Kubernetes Ingress-Nginx Ingress nginx annotation injection causes arbitrary command execution. | 8.8 |