Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,808 vulnerabilities with CWE-74

CVE-2025-0199 MEDIUM

Point of Sales and Inventory Management System 1.0 - SQL Injection via /user/minus_cart.php id Parameter

CVE-2025-0198 MEDIUM

code-projects Point of Sales - SQL Injection

CVE-2025-0197 MEDIUM

Point of Sales and Inventory Management System 1.0 - SQL Injection via Search Name Parameter

CVE-2025-0196 MEDIUM

code-projects Point of Sales - SQL Injection

CVE-2025-0195 MEDIUM

Point of Sales and Inventory Management System 1.0 - SQL Injection via /user/del_product.php id Parameter

CVE-2025-0176 MEDIUM

Point of Sales and Inventory Management System 1.0 - SQL Injection via id/qty Parameter

CVE-2025-0174 MEDIUM

code-projects Point of Sales - SQL Injection

CVE-2025-0173 MEDIUM

SourceCodester Online Eyewear Shop 1.0 - SQL Injection

CVE-2025-0172 MEDIUM

code-projects Chat System 1.0 - SQL Injection

CVE-2025-0171 MEDIUM

code-projects Chat System 1.0 - SQL Injection

CVE-2025-0168 MEDIUM

code-projects Job Recruitment 1.0 - SQL Injection

CVE-2024-27708 CRITICAL

MyNET < 26.06 - Remote Code Execution via Iframe Injection

CVE-2024-56840 HIGH

RUGGEDCOM ROX -<V2.17.0 - Path Traversal

CVE-2024-56839 HIGH

RUGGEDCOM ROX -<V2.17.0 - Path Traversal

CVE-2024-56838 HIGH

RUGGEDCOM ROX -<V2.17.0 - Path Traversal

CVE-2024-56835 HIGH

RUGGEDCOM ROX -<V2.17.0 - Path Traversal

CVE-2024-46452 MEDIUM

VigyBag Open Source Online Shop <commit 3f0e21b - SSRF

CVE-2024-11956 MEDIUM

Pimcore < 4.2.1 - SQL Injection via Customer List Filter Parameter

CVE-2024-11954 LOW

pimcore 11.4.2 - Cross-Site Scripting in Search Document

CVE-2024-53263 HIGH

git-lfs < 3.6.1 - Credential Leak via URL-Encoded Control Characters

CVE-2024-39785 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - Authenticated OS Command Injection via adddir_name Parameter

CVE-2024-39784 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - Authenticated OS Command Injection via disk_part POST Parameter

CVE-2024-39604 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - Remote Code Execution via update_filter_url.sh

CVE-2024-36295 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - Command Injection

CVE-2024-34544 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - Command Injection

Previous Page 142 of 193 Next

Details

Vulnerabilities 4,808

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy