Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-10-16 CVE-2023-45540 Injection vulnerability in Jorani Leave Management System 1.0.3
An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page.
network
low complexity
jorani CWE-74
6.5
2023-10-11 CVE-2023-43661 Injection vulnerability in All-Three Cachet
Cachet, the open-source status page system.
network
low complexity
all-three CWE-74
8.8
2023-10-06 CVE-2023-45303 Injection vulnerability in Thingsboard
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint).
network
low complexity
thingsboard CWE-74
8.8
2023-10-05 CVE-2022-4145 Injection vulnerability in Redhat Openshift Container Platform 4.0
A content spoofing flaw was found in OpenShift's OAuth endpoint.
network
low complexity
redhat CWE-74
5.3
2023-10-02 CVE-2023-43835 Injection vulnerability in Superstorefinder Super Store Finder
Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content.
network
low complexity
superstorefinder CWE-74
8.8
2023-10-02 CVE-2023-41580 Injection vulnerability in PHPipam
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php.
network
low complexity
phpipam CWE-74
7.5
2023-09-29 CVE-2023-44270 Injection vulnerability in Postcss
An issue was discovered in PostCSS before 8.4.31.
network
low complexity
postcss CWE-74
5.3
2023-09-29 CVE-2023-26148 Injection vulnerability in Ithewei Libhv
All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers.
network
low complexity
ithewei CWE-74
5.3
2023-09-19 CVE-2023-41834 Injection vulnerability in Apache Flink Stateful Functions 3.1.0/3.1.1/3.2.0
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser.
network
low complexity
apache CWE-74
6.1
2023-09-14 CVE-2023-36250 Injection vulnerability in Gnome Gnome-Time Tracker 3.0.2
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.
local
low complexity
gnome CWE-74
7.8