Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,808 vulnerabilities with CWE-74

CVE-2025-3804 MEDIUM

thautwarm vscode-diana 0.0.1 - Code Injection

CVE-2025-3800 HIGH

WCMS 11 - SQL Injection via AnonymousController.php mobile_phone Parameter

CVE-2025-3799 HIGH

WCMS 11 - SQL Injection via AnonymousController.php Email/Username Parameter

CVE-2025-3797 MEDIUM

SeaCMS < 13.3 - SQL Injection via e_id Parameter in admin_topic.php

CVE-2025-3796 MEDIUM

PHPGurukul Men Salon Management System 1.0 - SQL Injection

CVE-2025-3792 MEDIUM

SeaCMS < 13.3 - SQL Injection via e_id Parameter in admin_link.php

CVE-2025-3697 MEDIUM

Web-based Pharmacy Product Management System 1.0 - SQL Injection via /edit-product.php ID Parameter

CVE-2025-3696 MEDIUM

Web-based Pharmacy Product Management System 1.0 - SQL Injection via Name Parameter in search_stock.php

CVE-2025-3694 HIGH

Web-based Pharmacy Product Management System 1.0 - SQL Injection via Login Email Parameter

CVE-2025-3690 HIGH

PHPGurukul Men Salon Management System 1.0 - SQL Injection via Edit Services Cost Parameter

CVE-2025-3689 HIGH

PHPGurukul Men Salon Management System 1.0 - SQL Injection via editid Parameter

CVE-2025-3685 MEDIUM

code-projects Patient Record Management System 1.0 - SQL Injection via ID Parameter in edit_fpatient.php

CVE-2025-3684 MEDIUM

Xianqi Kindergarten Management System 2.0 Bulid 20190808 - SQL Injection via stu_list.php Sex Parameter

CVE-2025-3676 MEDIUM

xxyopen Novel-Plus 3.5.0 - SQL Injection via /api/front/search/books Sort Parameter

CVE-2025-3589 MEDIUM

SourceCodester Music Class Enrollment System 1.0 - SQL Injection via manage_class.php ID Parameter

CVE-2025-3571 MEDIUM

Fannuo Enterprise Content Management System 1.1/4.0 - SQL Injection

CVE-2025-3563 MEDIUM

WuzhiCMS 4.1 - Remote Code Execution via Setting Handler

CVE-2025-3559 MEDIUM

ghostxbh uzy-ssm-mall 1.0.0 - SQL Injection via ForeProductListController orderBy Parameter

CVE-2025-3553 MEDIUM

phpshe 1.8 - SQL Injection via brand_id[] Parameter in admin.php

CVE-2025-3546 HIGH

H3C Magic NX15, NX30 Pro, NX400, R3010, BE18000 < V100R014 - Command Injection via FCGI_CheckStringIfContainsSemicolon

CVE-2025-3545 HIGH

H3C Magic NX15, NX30 Pro, NX400, R3010, BE18000 < V100R014 - Command Injection via FCGI_CheckStringIfContainsSemicolon

CVE-2025-3544 HIGH

H3C Magic NX15/NX30 Pro/NX400/R3010/BE18000 < V100R014 - Command Injection

CVE-2025-3543 HIGH

H3C Magic NX15-400 & R3010 <V100R014 - Command Injection

CVE-2025-3542 HIGH

H3C Magic NX15, Magic NX400, Magic R3010 V100R014 < V100R014 - Command Injection

CVE-2025-3541 HIGH

H3C Magic NX15-400 - Command Injection

Previous Page 123 of 193 Next

Details

Vulnerabilities 4,808

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy