Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-11-20 CVE-2022-46337 Injection vulnerability in Apache Derby
A cleverly devised username might bypass LDAP authentication checks.
network
low complexity
apache CWE-74
critical
9.8
2023-11-16 CVE-2023-6174 Injection vulnerability in multiple products
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark debian CWE-74
6.5
2023-11-15 CVE-2023-48199 Injection vulnerability in Grocy Project Grocy 4.0.3
HTML Injection vulnerability in the 'manageApiKeys' component in Grocy <= 4.0.3 allows attackers to inject arbitrary HTML content without script execution.
local
low complexity
grocy-project CWE-74
7.8
2023-11-03 CVE-2023-4767 Injection vulnerability in Zohocorp Manageengine Desktop Central 9.1.0
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0.
network
low complexity
zohocorp CWE-74
6.1
2023-11-01 CVE-2023-4197 Injection vulnerability in Dolibarr Erp/Crm
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
network
low complexity
dolibarr CWE-74
8.8
2023-10-30 CVE-2023-4393 Injection vulnerability in Liquidfiles
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization.
network
low complexity
liquidfiles CWE-74
6.1
2023-10-28 CVE-2023-46468 Injection vulnerability in Juzaweb CMS
An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function.
local
low complexity
juzaweb CWE-74
7.8
2023-10-25 CVE-2023-5043 Injection vulnerability in Kubernetes Ingress-Nginx
Ingress nginx annotation injection causes arbitrary command execution.
network
low complexity
kubernetes CWE-74
8.8
2023-10-20 CVE-2023-32786 Injection vulnerability in Langchain
In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.
network
low complexity
langchain CWE-74
7.5
2023-10-19 CVE-2022-47583 Injection vulnerability in Mintty Project Mintty
Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.
network
low complexity
mintty-project CWE-74
critical
9.8