Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,792 vulnerabilities with CWE-74

CVE-2026-12223 MEDIUM

Yealink SIP-T46U Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf command injection

CVE-2026-12219 MEDIUM

Yealink SIP-T46U Web FastCGI Service start mod_diagnose.CommandShellByType command injection

CVE-2026-12206 MEDIUM

Grit42 Grit data_table_entity.rb DataTableEntity sql injection

CVE-2026-12197 HIGH

Ruijie EG105G-P JSON-RPC Diagnose Endpoint diagnose nslookup command injection

CVE-2026-12188 MEDIUM

Grit42 Grit GritEntityController grit_entity_controller.rb sql injection

CVE-2026-12187 HIGH

GL.iNet GL-MT3000 Online Firmware Upgrade one_click_upgrade command injection

CVE-2026-12186 HIGH

GL.iNet GL-MT3000 Tor Proxy Service Configuration tor replace_country command injection

CVE-2026-12175 MEDIUM

CodeAstro Student Attendance Management System createStudents.php sql injection

CVE-2026-54231 MEDIUM

Abrt: unsanitized systemd journal content written to dump directory files enables content injection

CVE-2026-12131 MEDIUM

CodeAstro Human Resource Management System Payroll Invoice Payroll.php sql injection

CVE-2026-47162 HIGH

Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name

CVE-2026-11859 LOW

Thinkst Applied Research Canarytokens - HTML Injection in the Canarytoken Links Email

CVE-2026-46546 LOW

Frappe LMS: HTML injection in user-controlled metadata

CVE-2026-47634 HIGH

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2026-42835 HIGH

Microsoft Teams for Android Information Disclosure Vulnerability

CVE-2026-8795 HIGH

Rapid7 Velociraptor < 0.76.6 - Improper Encoding or Escaping of Output

CVE-2026-11585 MEDIUM

CodeAstro Student Attendance Management System createClassArms.php sql injection

CVE-2026-11584 MEDIUM

CodeAstro Student Attendance Management System createClass.php edit sql injection

CVE-2026-11583 MEDIUM

CodeAstro Student Attendance Management System createClass.php sql injection

CVE-2026-11582 HIGH

CodeAstro Student Attendance Management System index.php sql injection

CVE-2026-11559 MEDIUM

CodeAstro Payroll System view_account.php sql injection

CVE-2026-11558 MEDIUM

CodeAstro Payroll System home_salary.php sql injection

CVE-2026-11531 HIGH

imvks786 student_management_system Administrator Login Endpoint admin_login.php sql injection

CVE-2026-11530 HIGH

imvks786 student_management_system Login index.ph sql injection

CVE-2026-11529 MEDIUM

designcomputer mysql-mcp-server mysql URI server.py read_resource sql injection

Page 1 of 192 Next

Details

Vulnerabilities 4,792

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy