Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-707

CWE-707

Improper Neutralization

The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

240 vulnerabilities with CWE-707

CVE-2026-7045 MEDIUM

baomidou dynamic-datasource StandardEvaluationContext/SpelExpressionParser DsSpelExpressionProcessor.java DsSpelExpressionProcessor#doDetermineDatasource injection

CVE-2026-6994 MEDIUM

Envoy Query Parameter header_mutation.cc params.add injection

CVE-2026-6599 MEDIUM

langflow-ai langflow Model Context Protocol Configuration API mcp_projects.py install_mcp_config injection

CVE-2026-5561 MEDIUM

Campcodes Complete POS Management and Inventory System Environment Variable SettingsController.php injection

CVE-2026-5002 HIGH

PromtEngineer localGPT LLM Prompt server.py _route_using_overviews injection

CVE-2026-4516 MEDIUM

Foundation Agents MetaGPT DataInterpreter write_analysis_code.py injection

CVE-2026-4511 MEDIUM

vanna-ai vanna legacy exec injection

CVE-2026-4500 MEDIUM

bagofwords1 bagofwords code_execution.py generate_df injection

CVE-2026-3992 MEDIUM

CodeGenieApp serverless-express <4.17.1 - Code Injection

CVE-2026-3813 MEDIUM

opencc JFlow - Code Injection

CVE-2026-2954 MEDIUM

Dromara UJCMS 10.0.2 - Code Injection

CVE-2025-14674 MEDIUM

aizuda snail-job <1.6.0 - Code Injection

CVE-2025-66545 LOW

Nextcloud <14.0.11, <15.3.12, <16.0.15, <17.0.14, <18.1.8, <19.1.8,...

CVE-2025-13268 MEDIUM

Dromara dataCompare <1.0.1 - SQL Injection

CVE-2025-27712 MEDIUM

Intel(R) Neural Compressor <v3.4 - Privilege Escalation

CVE-2025-11445 MEDIUM

Kilo Code <4.86.0 - Code Injection

CVE-2025-9797 LOW

mrvautin expressCart <b31302f4e99c3293bd742c6d076a721e168118b0 - Co...

CVE-2025-24921 MEDIUM

Intel(R) Tiber(TM) Edge Platform <24.11.1 - Info Disclosure

CVE-2025-3805 MEDIUM

sarrionandia tournatrack - Code Injection

CVE-2025-3804 MEDIUM

thautwarm vscode-diana 0.0.1 - Code Injection

CVE-2025-26633 HIGH KEV

Microsoft Management Console - Auth Bypass

CVE-2025-1611 MEDIUM

ShopXO <6.4.0 - Code Injection

CVE-2025-0697 MEDIUM

Telstra Smart Modem Gen 2 <20250115 - Code Injection

CVE-2024-10915 HIGH

Dlink Dns-320 Firmware - Command Injection

CVE-2024-10914 HIGH

Dlink Dns-320 Firmware - Command Injection

Page 1 of 10 Next

Details

Vulnerabilities 240

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy