Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-08 | CVE-2023-29405 | Injection vulnerability in multiple products The go command may execute arbitrary code at build time when using cgo. | 9.8 |
| 2023-06-07 | CVE-2019-25150 | Injection vulnerability in Wpexperts Email Templates The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. | 8.8 |
| 2023-05-30 | CVE-2022-47028 | Injection vulnerability in Actionlauncher Action Launcher 50.5 An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of service via arbitary data injection to function insert. | 5.5 |
| 2023-05-30 | CVE-2023-2980 | Injection vulnerability in Abstrium Pydio Cells 4.2.0 A vulnerability classified as critical was found in Abstrium Pydio Cells 4.2.0. | 8.8 |
| 2023-05-30 | CVE-2023-26130 | Injection vulnerability in Cpp-Httplib Project Cpp-Httplib Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. | 8.8 |
| 2023-05-11 | CVE-2023-24539 | Injection vulnerability in Golang GO Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. | 7.3 |
| 2023-05-11 | CVE-2023-29400 | Injection vulnerability in Golang GO Templates containing actions in unquoted HTML attributes (e.g. | 7.3 |
| 2023-05-04 | CVE-2023-29827 | Injection vulnerability in EJS 3.1.9 ejs v3.1.9 is vulnerable to server-side template injection. | 9.8 |
| 2023-04-25 | CVE-2022-23721 | Injection vulnerability in Pingidentity Pingid Integration for Windows Login PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times. | 3.3 |
| 2023-04-19 | CVE-2023-22621 | Injection vulnerability in Strapi Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. | 7.2 |