Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-08 | CVE-2024-23280 | Injection vulnerability in multiple products An injection issue was addressed with improved validation. | 6.5 |
| 2024-02-27 | CVE-2024-21742 | Injection vulnerability in Apache James Mime4J Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages. | 5.3 |
| 2024-02-23 | CVE-2024-1833 | Injection vulnerability in Walterjnr1 Employee Management System 1.0 A vulnerability was found in SourceCodester Employee Management System 1.0 and classified as critical. | 9.8 |
| 2024-02-22 | CVE-2023-51388 | Injection vulnerability in Apache Hertzbeat Hertzbeat is a real-time monitoring system. | 9.8 |
| 2024-02-22 | CVE-2023-51653 | Injection vulnerability in Apache Hertzbeat Hertzbeat is a real-time monitoring system. | 9.8 |
| 2024-02-19 | CVE-2024-25625 | Injection vulnerability in Pimcore Admin Classic Bundle Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. | 9.3 |
| 2024-02-01 | CVE-2023-51939 | Injection vulnerability in Relic Project Relic 0.6.0 An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function. | 8.8 |
| 2024-01-30 | CVE-2023-36260 | Injection vulnerability in Craftcms Craft CMS An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. | 7.5 |
| 2024-01-16 | CVE-2021-4227 | Injection vulnerability in OBG ARK Wysiwyg Comment Editor 2.15.6 The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section | 5.3 |
| 2024-01-16 | CVE-2023-22527 | Injection vulnerability in Atlassian Confluence Data Center and Confluence Server A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. | 9.8 |