CWE-74
High likelihoodImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
4,812 vulnerabilities with CWE-74
CVE-2023-28016
LOW
HCL BigFix OSD Bare Metal Server < 311.12 - Host Header Injection
CVSS 3.1
CVE-2023-35810
HIGH
SugarCRM 11.0.0-11.0.5 12.0.0-12.0.2 - Authenticated PHP Object Injection via DocuSign Module
CVSS 7.2
CVE-2023-2797
LOW
Mattermost 7.1.0-7.1.8 - Unauthenticated Private Repository Code Exposure via Crafted Permalink
CVSS 3.1
CVE-2023-28599
MEDIUM
Zoom < 5.13.10 - HTML Injection via Display Name
CVSS 4.3
CVE-2023-28598
HIGH
Zoom < 5.13.10 - HTML Injection via Chat
CVSS 7.5
CVE-2023-29405
CRITICAL
GO < 1.19.10 - Injection
CVSS 9.8
CVE-2023-2980
MEDIUM
Abstrium Pydio Cells <4.2.0 - Info Disclosure
CVSS 6.3
CVE-2023-33234
HIGH
Apache Airflow CNCF Kubernetes Provider <5.0.0 - RCE
CVSS 7.2
CVE-2023-26130
HIGH
yhirose/cpp-httplib < 0.12.4 - CRLF Injection
CVSS 7.5
CVE-2023-32679
HIGH
Craft CMS 4.0.0-4.4.5 - Authenticated Remote Code Execution via Unrestricted File Extension in Template Resolution
CVSS 7.2
CVE-2023-32314
CRITICAL
Vm2 < 3.9.18 - Injection
CVSS 9.8
CVE-2023-32313
MEDIUM
Vm2 < 3.9.18 - Injection
CVSS 5.3
CVE-2023-29400
HIGH
Go Templates - Cross-Site Scripting via Unquoted HTML Attributes
CVSS 7.3
CVE-2023-24539
HIGH
CSS - Code Injection
CVSS 7.3
CVE-2023-29827
CRITICAL
ejs 3.1.9 - Server-Side Template Injection via closeDelimiter Parameter
CVSS 9.8
CVE-2023-30609
MEDIUM
matrix-react-sdk < 3.71.0 - HTML Injection in Search Results
CVSS 5.4
CVE-2023-29007
HIGH
Git <2.30.9-2.40.1 - Code Injection
CVSS 7.0
CVE-2023-22621
HIGH
Strapi < 4.5.6 - Authenticated Server-Side Template Injection via Email Template
CVSS 7.2
CVE-2023-29527
CRITICAL
XWiki 7.4.4-14.10.2 - Unauthenticated Remote Code Execution via Groovy Script Injection
CVSS 9.9
CVE-2023-29526
CRITICAL
XWiki Platform 10.11.1-13.10.11 - Remote Code Execution via Async and Display Macros
CVSS 9.9
CVE-2023-29525
CRITICAL
XWiki < 14.4.8, 12.6.1-13.10.11, 14.6-rc-1-14.10.3 - Code Injection via LegacyNotificationAdministration since Parameter
CVSS 9.9
CVE-2023-29524
CRITICAL
XWiki < 14.10.3 - Authenticated Remote Code Execution via Scheduler Job Script Injection
CVSS 9.9
CVE-2023-29523
CRITICAL
XWiki < 13.10.11 - Authenticated Remote Code Execution via Script Macro Injection
CVSS 9.9
CVE-2023-29522
CRITICAL
XWiki < 14.4.8 - Remote Code Execution via Crafted Page Name
CVSS 9.9
CVE-2023-29521
HIGH
XWiki < 13.10.11 - Authenticated Remote Code Execution via Macro.VFSTreeMacro
CVSS 8.4
Details
Vulnerabilities
4,812
Exploit Likelihood
High