CWE-74
High likelihoodImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
4,516 vulnerabilities with CWE-74
CVE-2026-7595
MEDIUM
nextlevelbuilder ui-ux-pro-max-skill Tailwind Config Generator tailwind_config_gen.py _format_plugins code injection
CVSS 6.3
CVE-2026-7592
HIGH
itsourcecode Courier Management System edit_staff.php sql injection
CVSS 7.3
CVE-2026-7591
MEDIUM
TimBroddin astro-mcp-server MCP Tool Query Construction index.ts sql injection
CVSS 6.3
CVE-2026-7580
MEDIUM
Exiftool JPEG/QuickTime/MOV/MP4 GM.pm Process_mrld code injection
CVSS 5.3
CVE-2026-7555
HIGH
itsourcecode Electronic Judging System login.php sql injection
CVSS 7.3
CVE-2026-7553
MEDIUM
code-projects Gym Management System edit_exercises.php sql injection
CVSS 4.7
CVE-2026-7550
HIGH
SourceCodester Pharmacy Sales and Inventory System ajax.php save_customer sql injection
CVSS 7.3
CVE-2026-7549
HIGH
SourceCodester Pharmacy Sales and Inventory System ajax.php delete_customer sql injection
CVSS 7.3
CVE-2026-7548
HIGH
Totolink NR1800X cstecgi.cgi sub_41A68C command injection
CVSS 8.8
CVE-2026-7545
HIGH
SourceCodester Advanced School Management System checkEmail Endpoint commonController.php sql injection
CVSS 7.3
CVE-2026-7508
MEDIUM
Bootstrap CMS Page Creation show.blade.php code injection
CVSS 6.3
CVE-2026-7506
HIGH
SourceCodester Hotel Management System check sql injection
CVSS 7.3
CVE-2026-7469
MEDIUM
Tenda 4G300 DelFil sub_425A28 command injection
CVSS 6.3
CVE-2026-7447
MEDIUM
SourceCodester Pet Grooming Management Software update_customer.php sql injection
CVSS 6.3
CVE-2026-7410
MEDIUM
SourceCodester Pizzafy Ecommerce System ajax.php add_to_cart sql injection
CVSS 6.3
CVE-2026-7409
MEDIUM
SourceCodester Pizzafy Ecommerce System ajax.php save_user sql injection
CVSS 4.7
CVE-2026-7408
MEDIUM
SourceCodester Pizzafy Ecommerce System ajax.php save_menu sql injection
CVSS 4.7
CVE-2026-7407
MEDIUM
SourceCodester Pizzafy Ecommerce System Setting ajax.php save_settings sql injection
CVSS 4.7
CVE-2026-7394
MEDIUM
SourceCodester Pizzafy Ecommerce System GET Parameter view_order.php sql injection
CVSS 4.7
CVE-2026-7392
MEDIUM
SourceCodester Pharmacy Sales and Inventory System ajax.php delete_supplier sql injection
CVSS 6.3
CVE-2026-7391
MEDIUM
SourceCodester Pharmacy Sales and Inventory System ajax.php save_supplier sql injection
CVSS 6.3
CVE-2026-7389
HIGH
EyouCMS common.php GetSortData sql injection
CVSS 7.3
CVE-2026-7388
MEDIUM
EyouCMS Template File FilemanagerLogic.php editFile code injection
CVSS 4.7
CVE-2026-7316
HIGH
eiliyaabedini aider-mcp code_with_ai aider_mcp.py command injection
CVSS 7.3
CVE-2026-7293
MEDIUM
SourceCodester Pizzafy Ecommerce System ajax.php delete_category sql injection
CVSS 4.7
Details
Vulnerabilities
4,516
Exploit Likelihood
High