CVE-2024-39766

HIGH Year: 2024
CVSS v3 Score
7.0
High
Weakness Type
CWE-1336
View all →

Vulnerability Description

Improper neutralization of special elements used in SQL command in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Related Vulnerabilities

CVE-2022-0896

HIGH
CVSS:7.1(High)

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.

CWE-13362022

CVE-2024-34710

HIGH
CVSS:7.1(High)

Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute...

CWE-13362024

CVE-2021-39128

HIGH
CVSS:7.2(High)

Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-sid...

CWE-13362021

CVE-2023-29297

HIGH
CVSS:7.2(High)

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability tha...

CWE-13362023

CVE-2023-46245

HIGH
CVSS:7.2(High)

Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The ...

CWE-13362023

CVE-2024-25624

MEDIUM
CVSS:6.8(Medium)

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in `iris-web...

CWE-13362024