Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-03-08 CVE-2024-23280 Injection vulnerability in multiple products
An injection issue was addressed with improved validation.
network
low complexity
apple fedoraproject wpewebkit webkitgtk CWE-74
6.5
2024-02-01 CVE-2023-51939 Injection vulnerability in Relic Project Relic 0.6.0
An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function.
network
low complexity
relic-project CWE-74
8.8
2024-01-30 CVE-2023-36260 Injection vulnerability in Craftcms Craft CMS
An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS.
network
low complexity
craftcms CWE-74
7.5
2024-01-16 CVE-2021-4227 Injection vulnerability in OBG ARK Wysiwyg Comment Editor 2.15.6
The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section
network
low complexity
obg CWE-74
5.3
2024-01-16 CVE-2023-22527 Injection vulnerability in Atlassian Confluence Data Center and Confluence Server
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance.
network
low complexity
atlassian CWE-74
critical
9.8
2024-01-15 CVE-2023-42135 Injection vulnerability in Paxtechnology Paydroid
PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition.
low complexity
paxtechnology CWE-74
6.8
2024-01-15 CVE-2023-42136 Injection vulnerability in Paxtechnology Paydroid
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this vulnerability.
local
low complexity
paxtechnology CWE-74
7.8
2024-01-15 CVE-2023-4818 Injection vulnerability in Paxtechnology Paydroid 7.1.2Aquarius11.1.5020230614
PAX A920 device allows to downgrade bootloader due to a bug in its version check.
low complexity
paxtechnology CWE-74
7.6
2024-01-15 CVE-2024-0552 Injection vulnerability in Intumit Smartrobot Firmware 6.0.0202012Tw
Intumit inc.
network
low complexity
intumit CWE-74
critical
9.8
2024-01-12 CVE-2023-31025 Injection vulnerability in Nvidia DGX A100 Firmware 00.19.07
NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection.
network
low complexity
nvidia CWE-74
7.5