Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2023-22527 | Injection vulnerability in Atlassian Confluence Data Center and Confluence Server A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. | 9.8 |
| 2024-01-15 | CVE-2023-42135 | Injection vulnerability in Paxtechnology Paydroid PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. | 6.8 |
| 2024-01-15 | CVE-2023-42136 | Injection vulnerability in Paxtechnology Paydroid PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this vulnerability. | 7.8 |
| 2024-01-15 | CVE-2023-4818 | Injection vulnerability in Paxtechnology Paydroid 7.1.2Aquarius11.1.5020230614 PAX A920 device allows to downgrade bootloader due to a bug in its version check. | 7.6 |
| 2024-01-15 | CVE-2024-0552 | Injection vulnerability in Intumit Smartrobot Firmware 6.0.0202012Tw Intumit inc. | 9.8 |
| 2024-01-12 | CVE-2023-31025 | Injection vulnerability in Nvidia DGX A100 Firmware 00.19.07 NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. | 7.5 |
| 2024-01-08 | CVE-2023-29050 | Injection vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6/8.16 The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. | 9.6 |
| 2024-01-03 | CVE-2023-6004 | Injection vulnerability in multiple products A flaw was found in libssh. | 4.8 |
| 2024-01-03 | CVE-2023-50093 | Injection vulnerability in Apiida API Gateway Manager 2023.02.02 APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection. | 6.1 |
| 2024-01-03 | CVE-2023-39655 | Injection vulnerability in Perfood Couchauth A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. | 9.6 |