Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-16 | CVE-2023-45540 | Injection vulnerability in Jorani Leave Management System 1.0.3 An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page. | 6.5 |
| 2023-10-11 | CVE-2023-43661 | Injection vulnerability in All-Three Cachet Cachet, the open-source status page system. | 8.8 |
| 2023-10-06 | CVE-2023-45303 | Injection vulnerability in Thingsboard ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint). | 8.8 |
| 2023-10-05 | CVE-2022-4145 | Injection vulnerability in Redhat Openshift Container Platform 4.0 A content spoofing flaw was found in OpenShift's OAuth endpoint. | 5.3 |
| 2023-10-02 | CVE-2023-43835 | Injection vulnerability in Superstorefinder Super Store Finder Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content. | 8.8 |
| 2023-10-02 | CVE-2023-41580 | Injection vulnerability in PHPipam Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. | 7.5 |
| 2023-09-29 | CVE-2023-44270 | Injection vulnerability in Postcss An issue was discovered in PostCSS before 8.4.31. | 5.3 |
| 2023-09-29 | CVE-2023-43655 | Injection vulnerability in multiple products Composer is a dependency manager for PHP. | 8.8 |
| 2023-09-29 | CVE-2023-3922 | Injection vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. | 7.1 |
| 2023-09-29 | CVE-2023-26148 | Injection vulnerability in Ithewei Libhv All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. | 5.3 |