Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-48199 | Injection vulnerability in Grocy Project Grocy 4.0.3 HTML Injection vulnerability in the 'manageApiKeys' component in Grocy <= 4.0.3 allows attackers to inject arbitrary HTML content without script execution. | 7.8 |
| 2023-11-14 | CVE-2023-44373 | Injection vulnerability in Siemens products Affected devices do not properly sanitize an input field. | 9.1 |
| 2023-11-05 | CVE-2017-20187 | Injection vulnerability in Floriangaerber Magnesium-PHP ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. | 9.8 |
| 2023-11-03 | CVE-2023-4767 | Injection vulnerability in Zohocorp Manageengine Desktop Central 9.1.0 A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. | 6.1 |
| 2023-11-01 | CVE-2023-4197 | Injection vulnerability in Dolibarr Erp/Crm Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code. | 8.8 |
| 2023-10-30 | CVE-2023-4393 | Injection vulnerability in Liquidfiles HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization. | 6.1 |
| 2023-10-28 | CVE-2023-46468 | Injection vulnerability in Juzaweb CMS An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function. | 7.8 |
| 2023-10-25 | CVE-2023-5043 | Injection vulnerability in Kubernetes Ingress-Nginx Ingress nginx annotation injection causes arbitrary command execution. | 8.8 |
| 2023-10-20 | CVE-2023-32786 | Injection vulnerability in Langchain In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks. | 7.5 |
| 2023-10-19 | CVE-2022-47583 | Injection vulnerability in Mintty Project Mintty Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal. | 9.8 |