Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-04 | CVE-2023-4157 | Injection vulnerability in Omeka S CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in GitHub repository omeka/omeka-s prior to version 4.0.3. | 4.8 |
| 2023-08-01 | CVE-2023-36210 | Injection vulnerability in Motocms 3.4.3 MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter. | 9.8 |
| 2023-07-28 | CVE-2023-38609 | Injection vulnerability in Apple Macos An injection issue was addressed with improved input validation. | 7.5 |
| 2023-07-24 | CVE-2023-38060 | Injection vulnerability in Otrs Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | 8.8 |
| 2023-07-20 | CVE-2020-24275 | Injection vulnerability in Swoole 4.5.2 A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL. | 6.5 |
| 2023-07-17 | CVE-2023-3694 | Injection vulnerability in Sourcecodester House Rental and Property Listing Project House Rental and Property Listing 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester/projectworlds House Rental and Property Listing 1.0. | 9.8 |
| 2023-07-06 | CVE-2023-36188 | Injection vulnerability in Langchain 0.0.64 An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method. | 9.8 |
| 2023-07-06 | CVE-2023-26138 | Injection vulnerability in Drogon All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. | 4.3 |
| 2023-06-30 | CVE-2023-37360 | Injection vulnerability in Pacparser Project Pacparser pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products). | 6.1 |
| 2023-06-23 | CVE-2023-34203 | Injection vulnerability in Progress Openedge, Openedge Explorer and Openedge Management In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. | 8.8 |