Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-19 | CVE-2023-41834 | Injection vulnerability in Apache Flink Stateful Functions 3.1.0/3.1.1/3.2.0 Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. | 6.1 |
| 2023-09-14 | CVE-2023-36250 | Injection vulnerability in Gnome Gnome-Time Tracker 3.0.2 CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record. | 7.8 |
| 2023-09-12 | CVE-2023-26142 | Injection vulnerability in Crowcpp Crow 1.0+5 All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. | 6.1 |
| 2023-09-01 | CVE-2023-1523 | Injection vulnerability in Canonical Snapd Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. | 10.0 |
| 2023-08-30 | CVE-2023-41039 | Injection vulnerability in Zope Restrictedpython RestrictedPython is a restricted execution environment for Python to run untrusted code. | 7.7 |
| 2023-08-25 | CVE-2023-4478 | Injection vulnerability in Mattermost Server Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts. | 8.2 |
| 2023-08-23 | CVE-2023-40035 | Injection vulnerability in Craftcms Craft CMS Craft is a CMS for creating custom digital experiences on the web and beyond. | 7.2 |
| 2023-08-21 | CVE-2023-4450 | Injection vulnerability in Jeecg Jimureport A vulnerability was found in jeecgboot JimuReport up to 1.6.0. | 9.8 |
| 2023-08-20 | CVE-2022-24989 | Injection vulnerability in Terra-Master Terramaster Operating System TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. | 9.8 |
| 2023-08-15 | CVE-2023-38896 | Injection vulnerability in Langchain An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions. | 9.8 |