Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-01 | CVE-2023-4197 | Injection vulnerability in Dolibarr Erp/Crm Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code. | 8.8 |
| 2023-10-30 | CVE-2023-4393 | Injection vulnerability in Liquidfiles HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization. | 6.1 |
| 2023-10-28 | CVE-2023-46468 | Injection vulnerability in Juzaweb CMS An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function. | 7.8 |
| 2023-10-25 | CVE-2023-5043 | Injection vulnerability in Kubernetes Ingress-Nginx Ingress nginx annotation injection causes arbitrary command execution. | 8.8 |
| 2023-10-20 | CVE-2023-32786 | Injection vulnerability in Langchain In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks. | 7.5 |
| 2023-10-19 | CVE-2022-47583 | Injection vulnerability in Mintty Project Mintty Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal. | 9.8 |
| 2023-10-16 | CVE-2023-45540 | Injection vulnerability in Jorani Leave Management System 1.0.3 An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page. | 6.5 |
| 2023-10-16 | CVE-2023-43667 | Injection vulnerability in Apache Inlong Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false log records, making it harder to audit and trace malicious activities. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8628 | 7.5 |
| 2023-10-11 | CVE-2023-43661 | Injection vulnerability in All-Three Cachet Cachet, the open-source status page system. | 8.8 |
| 2023-10-06 | CVE-2023-45303 | Injection vulnerability in Thingsboard ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint). | 8.8 |