Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-09-12 CVE-2023-26142 Injection vulnerability in Crowcpp Crow 1.0+5
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values.
network
low complexity
crowcpp CWE-74
6.1
2023-09-01 CVE-2023-1523 Injection vulnerability in Canonical Snapd
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits.
network
low complexity
canonical CWE-74
critical
10.0
2023-08-25 CVE-2023-4478 Injection vulnerability in Mattermost Server
Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.
network
low complexity
mattermost CWE-74
8.2
2023-08-21 CVE-2023-4450 Injection vulnerability in Jeecg Jimureport
A vulnerability was found in jeecgboot JimuReport up to 1.6.0.
network
low complexity
jeecg CWE-74
critical
9.8
2023-08-20 CVE-2022-24989 Injection vulnerability in Terra-Master Terramaster Operating System
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI.
network
low complexity
terra-master CWE-74
critical
9.8
2023-08-15 CVE-2023-38896 Injection vulnerability in Langchain
An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.
network
low complexity
langchain CWE-74
critical
9.8
2023-08-15 CVE-2023-39659 Injection vulnerability in Langchain
An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.
network
low complexity
langchain CWE-74
critical
9.8
2023-08-15 CVE-2023-39661 Injection vulnerability in Gabrieleventuri Pandasai
An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function.
network
low complexity
gabrieleventuri CWE-74
critical
9.8
2023-08-15 CVE-2023-39662 Injection vulnerability in Llamaindex Project Llamaindex
An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function.
network
low complexity
llamaindex-project CWE-74
critical
9.8
2023-08-11 CVE-2020-28848 Injection vulnerability in Churchcrm 4.2.0
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file.
network
low complexity
churchcrm CWE-74
8.8