Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-15 | CVE-2023-39659 | Injection vulnerability in Langchain An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component. | 9.8 |
| 2023-08-15 | CVE-2023-39661 | Injection vulnerability in Gabrieleventuri Pandasai An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function. | 9.8 |
| 2023-08-15 | CVE-2023-39662 | Injection vulnerability in Llamaindex Project Llamaindex An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function. | 9.8 |
| 2023-08-11 | CVE-2020-28848 | Injection vulnerability in Churchcrm 4.2.0 CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file. | 8.8 |
| 2023-08-10 | CVE-2023-31209 | Injection vulnerability in Tribe29 Checkmk Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. | 8.8 |
| 2023-08-09 | CVE-2023-33241 | Injection vulnerability in multiple products Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. | 9.1 |
| 2023-08-09 | CVE-2023-33242 | Injection vulnerability in Lindell17 Project Lindell17 Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature. | 8.1 |
| 2023-08-08 | CVE-2023-39213 | Injection vulnerability in Zoom Virtual Desktop Infrastructure and Zoom Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access. | 9.8 |
| 2023-08-04 | CVE-2023-4157 | Injection vulnerability in Omeka S CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in GitHub repository omeka/omeka-s prior to version 4.0.3. | 4.8 |
| 2023-08-01 | CVE-2023-36210 | Injection vulnerability in Motocms 3.4.3 MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter. | 9.8 |