Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-05 | CVE-2022-4145 | Injection vulnerability in Redhat Openshift Container Platform 4.0 A content spoofing flaw was found in OpenShift's OAuth endpoint. | 5.3 |
| 2023-10-02 | CVE-2023-43835 | Injection vulnerability in Superstorefinder Super Store Finder Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content. | 8.8 |
| 2023-10-02 | CVE-2023-41580 | Injection vulnerability in PHPipam Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. | 7.5 |
| 2023-09-29 | CVE-2023-44270 | Injection vulnerability in Postcss An issue was discovered in PostCSS before 8.4.31. | 5.3 |
| 2023-09-29 | CVE-2023-43655 | Injection vulnerability in multiple products Composer is a dependency manager for PHP. | 8.8 |
| 2023-09-29 | CVE-2023-26148 | Injection vulnerability in Ithewei Libhv All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. | 5.3 |
| 2023-09-19 | CVE-2023-41834 | Injection vulnerability in Apache Flink Stateful Functions 3.1.0/3.1.1/3.2.0 Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. | 6.1 |
| 2023-09-14 | CVE-2023-36250 | Injection vulnerability in Gnome Gnome-Time Tracker 3.0.2 CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record. | 7.8 |
| 2023-09-12 | CVE-2023-26142 | Injection vulnerability in Crowcpp Crow 1.0+5 All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. | 6.1 |
| 2023-09-01 | CVE-2023-1523 | Injection vulnerability in Canonical Snapd Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. | 10.0 |