Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-30 | CVE-2023-26130 | Injection vulnerability in Cpp-Httplib Project Cpp-Httplib Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. | 8.8 |
| 2023-05-11 | CVE-2023-24539 | Injection vulnerability in Golang GO Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. | 7.3 |
| 2023-05-11 | CVE-2023-29400 | Injection vulnerability in Golang GO Templates containing actions in unquoted HTML attributes (e.g. | 7.3 |
| 2023-05-04 | CVE-2023-29827 | Injection vulnerability in EJS 3.1.9 ejs v3.1.9 is vulnerable to server-side template injection. | 9.8 |
| 2023-04-25 | CVE-2022-23721 | Injection vulnerability in Pingidentity Pingid Integration for Windows Login PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times. | 3.3 |
| 2023-04-19 | CVE-2023-22621 | Injection vulnerability in Strapi Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. | 7.2 |
| 2023-04-19 | CVE-2023-29521 | Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |
| 2023-04-19 | CVE-2023-29526 | Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |
| 2023-04-14 | CVE-2023-29383 | Injection vulnerability in Shadow Project Shadow 4.13 In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). | 3.3 |
| 2023-04-10 | CVE-2023-26919 | Injection vulnerability in Javadelight Nashorn Sandbox 0.2.4/0.2.5 delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. | 7.2 |