Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-30 | CVE-2024-2881 | Injection vulnerability in Wolfssl 5.6.6 Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure. | 8.8 |
| 2024-08-29 | CVE-2024-1545 | Injection vulnerability in Wolfssl 5.6.6 Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. | 8.8 |
| 2024-08-29 | CVE-2024-45302 | Injection vulnerability in Restsharp RestSharp is a Simple REST and HTTP API Client for .NET. | 7.8 |
| 2024-08-23 | CVE-2024-43782 | Injection vulnerability in Openedx Redwood1/Redwood2 This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. | 9.8 |
| 2024-08-14 | CVE-2024-31882 | Injection vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. | 6.5 |
| 2024-08-12 | CVE-2024-42489 | Injection vulnerability in Xwiki PRO Macros Pro Macros provides XWiki rendering macros. | 8.8 |
| 2024-08-06 | CVE-2024-39227 | Injection vulnerability in Gl-Inet products GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. | 9.8 |
| 2024-08-04 | CVE-2024-6331 | Injection vulnerability in Stitionai Devika stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection. | 6.5 |
| 2024-07-25 | CVE-2024-40324 | Injection vulnerability in Datex-Soft E-Staff 5.1 A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation. | 5.4 |
| 2024-07-24 | CVE-2024-0231 | Injection vulnerability in Gitlab A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits. | 2.7 |