Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,808 vulnerabilities with CWE-74

CVE-2024-9324 MEDIUM

Intelbras InControl <2.21.57 - Code Injection

CVE-2024-47180 HIGH

Shields.io <server-2024-09-25 - RCE

CVE-2024-46997 CRITICAL

DataEase < 2.10.1 - Remote Code Execution via H2 Data Source Connection String

CVE-2024-46983 CRITICAL

sofa-hessian < 3.5.5 - Deserialization Gadget Chain Bypass via Blacklist Evasion

CVE-2024-25673 MEDIUM

Couchbase Server < 7.2.6 - HTTP Host Header Injection

CVE-2024-46986 CRITICAL

Camaleon CMS < 2.8.2 - Authenticated Arbitrary File Write via MediaController Upload

CVE-2024-45612 MEDIUM

Contao 4.13.0-4.13.48 - Insert Tag Injection via Canonical URL

CVE-2024-6702 MEDIUM

Pega Infinity 8.1-24.1.2 - HTML Injection in Stage

CVE-2024-42903 MEDIUM

LimeSurvey <6.6.1+240806 - Host Header Injection

CVE-2024-45312 MEDIUM

Overleaf <5.0.7 (or <4.2.7) - Path Traversal

CVE-2024-8367 LOW

HM Courts & Tribunals Service Probate Back Office <c1afe0cdb2b2766d...

CVE-2024-2881 MEDIUM

WolfSSL <5.6.6 - Privilege Escalation

CVE-2024-1545 MEDIUM

WolfSSL wolfssl5.6.6 - Privilege Escalation

CVE-2024-45302 MEDIUM

RestSharp 107.0.0-111.2.0 - CRLF Injection via AddHeader and AddDefaultHeader Methods

CVE-2024-42914 CRITICAL

ArrowCMS 1.0.0 - Host Header Injection

CVE-2024-43782 HIGH

openedx-translations - Cross-Site Scripting via Malformed Translation Strings

CVE-2024-42472 CRITICAL

Flatpak <1.14.0-1.15.10 - Info Disclosure

CVE-2024-31882 MEDIUM

IBM Db2 11.1-11.5 - Authenticated Denial of Service via Crafted SQL Statement

CVE-2024-42489 CRITICAL

XWiki Pro Macros < 1.10.1 - Remote Code Execution via Viewpdf Macro

CVE-2024-39227 CRITICAL

GL-iNet Firmware - Unauthenticated Remote Code Execution via /cgi-bin/glc Endpoint

CVE-2024-6331 HIGH

stitionai/devika >=2024-05-02 - Local File Read via Prompt Injection

CVE-2024-41127 HIGH

monkeytype < 24.30.0 - Poisoned Pipeline Execution via GitHub Workflow Artifact Injection

CVE-2024-39320 MEDIUM

Discourse < 3.2.5 - Unauthenticated iframe Injection via Allowed Iframes Bypass

CVE-2024-7221 MEDIUM

School Log Management System 1.0 - SQL Injection via ID Parameter in manage_user.php

CVE-2024-7220 MEDIUM

School Log Management System 1.0 - SQL Injection via tbl Parameter in print_barcode.php

Previous Page 152 of 193 Next

Details

Vulnerabilities 4,808

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy