Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-28 | CVE-2023-38609 | Injection vulnerability in Apple Macos 13.0/13.0.1/13.1 An injection issue was addressed with improved input validation. | 7.5 |
| 2023-07-24 | CVE-2023-38060 | Injection vulnerability in Otrs Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | 8.8 |
| 2023-07-20 | CVE-2020-24275 | Injection vulnerability in Swoole 4.5.2 A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL. | 6.5 |
| 2023-07-14 | CVE-2023-37473 | Injection vulnerability in Zenstruck Collection 0.2.1 zenstruck/collections is a set of helpers for iterating/paginating/filtering collections. | 8.8 |
| 2023-07-13 | CVE-2023-3444 | Injection vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to merge arbitrary code into protected branches. | 6.5 |
| 2023-07-06 | CVE-2023-36830 | Injection vulnerability in Sqlfluff SQLFluff is a SQL linter. | 7.8 |
| 2023-07-06 | CVE-2023-36188 | Injection vulnerability in Langchain 0.0.64 An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method. | 9.8 |
| 2023-07-06 | CVE-2023-26138 | Injection vulnerability in Drogon All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. | 4.3 |
| 2023-06-30 | CVE-2023-36812 | Injection vulnerability in Opentsdb OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). | 9.8 |
| 2023-06-30 | CVE-2023-37360 | Injection vulnerability in Pacparser Project Pacparser pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products). | 6.1 |