Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-01-08 CVE-2023-29050 Injection vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6/8.16
The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy.
network
low complexity
open-xchange CWE-74
critical
9.6
2024-01-03 CVE-2023-6004 Injection vulnerability in multiple products
A flaw was found in libssh.
local
low complexity
libssh redhat fedoraproject CWE-74
4.8
2024-01-03 CVE-2023-50093 Injection vulnerability in Apiida API Gateway Manager 2023.02.02
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection.
network
low complexity
apiida CWE-74
6.1
2024-01-03 CVE-2023-39655 Injection vulnerability in Perfood Couchauth
A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0.
network
low complexity
perfood CWE-74
critical
9.6
2023-12-28 CVE-2023-52081 Injection vulnerability in Ewen-Lbh Firefox CSS 0.1.0/0.1.1/0.1.2
ffcss is a CLI interface to apply and configure Firefox CSS themes.
network
low complexity
ewen-lbh CWE-74
5.3
2023-12-25 CVE-2023-49328 Injection vulnerability in Wolterskluwer B.Point 23.70.00
On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication phase, a validated system user can achieve remote code execution via Argument Injection in the server-to-server module.
network
low complexity
wolterskluwer CWE-74
7.2
2023-12-20 CVE-2023-35895 Injection vulnerability in IBM Informix Jdbc 4.10/4.50
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API.
network
low complexity
ibm CWE-74
critical
9.8
2023-12-12 CVE-2023-43364 Injection vulnerability in Arjunsharda Searchor
main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.
network
low complexity
arjunsharda CWE-74
critical
9.8
2023-12-12 CVE-2023-46456 Injection vulnerability in Gl-Inet Gl-Ar300M Firmware 3.216
In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.
network
low complexity
gl-inet CWE-74
critical
9.8
2023-12-11 CVE-2023-49964 Injection vulnerability in Hyland Alfresco Content Services 7.2.0
An issue was discovered in Hyland Alfresco Community Edition through 7.2.0.
network
low complexity
hyland CWE-74
8.8