Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-12 | CVE-2023-26142 | Injection vulnerability in Crowcpp Crow 1.0+5 All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. | 6.1 |
2023-09-01 | CVE-2023-1523 | Injection vulnerability in Canonical Snapd Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. | 10.0 |
2023-08-25 | CVE-2023-4478 | Injection vulnerability in Mattermost Server Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts. | 8.2 |
2023-08-21 | CVE-2023-4450 | Injection vulnerability in Jeecg Jimureport A vulnerability was found in jeecgboot JimuReport up to 1.6.0. | 9.8 |
2023-08-20 | CVE-2022-24989 | Injection vulnerability in Terra-Master Terramaster Operating System TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. | 9.8 |
2023-08-15 | CVE-2023-38896 | Injection vulnerability in Langchain An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions. | 9.8 |
2023-08-15 | CVE-2023-39659 | Injection vulnerability in Langchain An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component. | 9.8 |
2023-08-15 | CVE-2023-39661 | Injection vulnerability in Gabrieleventuri Pandasai An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function. | 9.8 |
2023-08-15 | CVE-2023-39662 | Injection vulnerability in Llamaindex Project Llamaindex An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function. | 9.8 |
2023-08-11 | CVE-2020-28848 | Injection vulnerability in Churchcrm 4.2.0 CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file. | 8.8 |