Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,808 vulnerabilities with CWE-74

CVE-2024-5184 MEDIUM

EmailGPT - Prompt Injection via API Service

CVE-2024-34448 HIGH

Ghost < 5.82.0 - CSV Injection via Member Export

CVE-2024-5193 MEDIUM

Ritlabs TinyWeb Server <1.99 - CRLF Injection

CVE-2024-34919 CRITICAL

Pisay Online E-Learning System <1.0 - Code Injection

CVE-2024-34697 HIGH

FreeScout < 1.8.139 - Unauthenticated Stored HTML Injection in Email Receival Module

CVE-2024-34062 MEDIUM

tqdm 4.4.0-4.66.2 - Remote Code Execution via CLI Argument Eval

CVE-2024-32986 CRITICAL

PWAsForFirefox < 2.12.0 - Arbitrary Code Execution via XDG Desktop Entry Injection

CVE-2024-3767 MEDIUM

PHPGurukul News Portal 4.1 - SQL Injection via Post Title or Category Parameter

CVE-2024-28234 MEDIUM

Contao 2.0.0-4.13.39 and 5.0.0-5.3.3 - CSS Injection via BBCode in Comments

CVE-2024-28191 LOW

Contao 4.0.0-4.13.39 - Insert Tag Injection via Form Generator

CVE-2024-3366 LOW

Xuxueli xxl-job <2.4.1 - Code Injection

CVE-2024-28867 MEDIUM

Swift Prometheus 2.0.0-alpha.1 - Injection via Unsanitized Metric Labels

CVE-2024-29896 HIGH

astro-shield 1.2.0-1.2.9 - Cross-Site Scripting via CSP Header Generation

CVE-2024-2777 MEDIUM

Online Marriage Registration System 1.0 - SQL Injection via fromdate Parameter

CVE-2024-2769 MEDIUM

Campcodes Beauty Parlor Management System 1.0 - SQLi via admin-profile.php

CVE-2024-29027 CRITICAL

Parse Server < 6.5.5 - Remote Code Execution via Cloud Function or Job Name Injection

CVE-2024-23333 HIGH

LDAP Account Manager < 8.7 - Authenticated Remote Code Execution via Log File Path Manipulation

CVE-2024-2445 MEDIUM

Mattermost Server 8.1.0-8.1.9, 9.2.0-9.2.5, 9.3.0-9.3.1, 9.4.0-9.4.2 - Reflected Cross-Site Scripting in Jira Plugin

CVE-2024-28181 HIGH

turboboost_commands < 0.1.3 - Improper Method Invocation Restriction

CVE-2024-28192 MEDIUM

your_spotify < 1.8.0 - Unauthenticated NoSQL Injection in Public Access Token Processing

CVE-2024-28114 HIGH

Peering Manager <=1.8.2 - Server-Side Template Injection

CVE-2024-0044 MEDIUM

PackageInstallerService - Privilege Escalation

CVE-2024-21900 MEDIUM

QNAP QTS < 5.1.3.2578 and QuTS hero < h5.1.3.2578 - Authenticated Command Injection

CVE-2024-23280 MEDIUM

Safari < 17.4 - User Fingerprinting via Malicious Webpage

CVE-2024-23274 HIGH

macOS <14.4-13.6.5 - Privilege Escalation

Previous Page 154 of 193 Next

Details

Vulnerabilities 4,808

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy