Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,808 vulnerabilities with CWE-74

CVE-2025-4360 HIGH

Gym Management System 1.0 - SQL Injection via /view_member.php ID Parameter

CVE-2025-46814 LOW

FastAPI Guard <2.0.0 - HTTP Header Injection

CVE-2025-4359 HIGH

Gym Management System 1.0 - SQL Injection via ID Parameter in /ajax.php

CVE-2025-4358 HIGH

PHPGurukul Company Visitor Management System 2.0 - SQL Injection via admin-profile.php

CVE-2025-4357 MEDIUM

Tenda RX3 16.03.13.11_multi - OS Command Injection via /goform/telnet

CVE-2025-4353 MEDIUM

Brilliance Golden Link Secondary System < 2025-04-24 - SQL Injection via dictCn1 Parameter

CVE-2025-4352 MEDIUM

Brilliance Golden Link Secondary System < 2025-04-24 - SQL Injection via custTradeId Parameter

CVE-2025-4350 HIGH

D-Link DIR-600L < 2.07b01 - OS Command Injection via Wake-on-LAN Host Parameter

CVE-2025-4349 HIGH

D-Link DIR-600L < 2.07b01 - Remote Command Injection via formSysCmd host Argument

CVE-2025-4341 MEDIUM

D-Link DIR-880L < 104WWb01 - OS Command Injection via Request Header Handler

CVE-2025-4340 MEDIUM

D-Link DIR-890L and DIR-806A1 < 1.08b03 - OS Command Injection via /htdocs/soap.cgi

CVE-2025-4332 HIGH

PHPGurukul Company Visitor Management System 2.0 - SQL Injection via editid/remark Parameter

CVE-2025-4331 HIGH

Online Student Clearance System 1.0 - SQL Injection via Admin Login Parameters

CVE-2025-4314 HIGH

Advanced Web Store 1.0 - SQL Injection via txtLogin Parameter

CVE-2025-4313 HIGH

Advanced Web Store 1.0 - SQL Injection via txtProdId Parameter

CVE-2025-4312 HIGH

Advanced Web Store 1.0 - SQL Injection via prodid Parameter in productdetail.php

CVE-2025-4311 HIGH

itsourcecode Content Management System 1.0 - SQL Injection via stopic_id Parameter

CVE-2025-4309 HIGH

PHPGurukul Art Gallery Management System 1.1 - SQL Injection via arttype Parameter

CVE-2025-4308 HIGH

PHPGurukul Art Gallery Management System 1.1 - SQL Injection via arttype Parameter in add-art-type.php

CVE-2025-4307 HIGH

PHPGurukul Art Gallery Management System 1.1 - SQL Injection via /admin/add-art-medium.php artmed Parameter

CVE-2025-4306 HIGH

PHPGurukul Nipah Virus Testing Management System 1.0 - SQL Injection via mobilenumber Parameter

CVE-2025-4304 HIGH

PHPGurukul Cyber Cafe Management System 1.0 - SQL Injection via mobilenumber Parameter

CVE-2025-4303 HIGH

PHPGurukul Human Metapneumovirus Testing Management System 1.0 - SQL Injection via empid Parameter

CVE-2025-4301 HIGH

itsourcecode Content Management System 1.0 - SQL Injection via searchdata Parameter in search-notice.php

CVE-2025-4300 HIGH

itsourcecode Content Management System 1.0 - SQL Injection via Search Parameter in search_list.php

Previous Page 118 of 193 Next

Details

Vulnerabilities 4,808

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy