Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-08 | CVE-2024-23274 | Injection vulnerability in Apple Macos An injection issue was addressed with improved input validation. | 7.8 |
| 2024-03-08 | CVE-2024-23280 | Injection vulnerability in multiple products An injection issue was addressed with improved validation. | 6.5 |
| 2024-02-27 | CVE-2024-21742 | Injection vulnerability in Apache James Mime4J Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages. | 5.3 |
| 2024-02-22 | CVE-2023-51388 | Injection vulnerability in Apache Hertzbeat Hertzbeat is a real-time monitoring system. | 9.8 |
| 2024-02-22 | CVE-2023-51653 | Injection vulnerability in Apache Hertzbeat Hertzbeat is a real-time monitoring system. | 9.8 |
| 2024-02-01 | CVE-2023-51939 | Injection vulnerability in Relic Project Relic 0.6.0 An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function. | 8.8 |
| 2024-01-30 | CVE-2023-36260 | Injection vulnerability in Craftcms Craft CMS An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. | 7.5 |
| 2024-01-16 | CVE-2021-4227 | Injection vulnerability in OBG ARK Wysiwyg Comment Editor 2.15.6 The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section | 5.3 |
| 2024-01-16 | CVE-2023-22527 | Injection vulnerability in Atlassian Confluence Data Center and Confluence Server A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. | 9.8 |
| 2024-01-15 | CVE-2023-42135 | Injection vulnerability in Paxtechnology Paydroid PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. | 6.8 |