Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-01 | CVE-2023-51939 | Injection vulnerability in Relic Project Relic 0.6.0 An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function. | 8.8 |
| 2024-01-30 | CVE-2023-36260 | Injection vulnerability in Craftcms Craft CMS An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. | 7.5 |
| 2024-01-29 | CVE-2024-23828 | Injection vulnerability in Nginxui Nginx UI Nginx-UI is a web interface to manage Nginx configurations. | 8.8 |
| 2024-01-24 | CVE-2024-23648 | Injection vulnerability in Pimcore Admin Classic Bundle Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. | 8.8 |
| 2024-01-16 | CVE-2021-4227 | Injection vulnerability in OBG ARK Wysiwyg Comment Editor 2.15.6 The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section | 5.3 |
| 2024-01-16 | CVE-2023-22527 | Injection vulnerability in Atlassian Confluence Data Center and Confluence Server A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. | 9.8 |
| 2024-01-15 | CVE-2023-42135 | Injection vulnerability in Paxtechnology Paydroid PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. | 6.8 |
| 2024-01-15 | CVE-2023-42136 | Injection vulnerability in Paxtechnology Paydroid PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this vulnerability. | 7.8 |
| 2024-01-15 | CVE-2023-4818 | Injection vulnerability in Paxtechnology Paydroid 7.1.2Aquarius11.1.5020230614 PAX A920 device allows to downgrade bootloader due to a bug in its version check. | 7.6 |
| 2024-01-15 | CVE-2024-0552 | Injection vulnerability in Intumit Smartrobot Firmware 6.0.0202012Tw Intumit inc. | 9.8 |