Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,808 vulnerabilities with CWE-74

CVE-2024-23268 HIGH

macOS <14.4-13.6.5 - Privilege Escalation

CVE-2024-1773 HIGH

PDF Invoices and Packing Slips For WooCommerce <= 1.3.7 - Authenticated PHP Object Injection via order_id Parameter

CVE-2024-21838 MEDIUM

Gallagher Command Centre < 8.60 - HTML Injection in Email Generation Feature

CVE-2024-2064 MEDIUM

rahman SelectCours 1.0 - Server-Side Template Injection in CacheController

CVE-2024-1619 MEDIUM

Kaspersky Security 8.0-8.0.3.30 - Cross-Site Request Forgery via Malicious Link

CVE-2024-1128 MEDIUM

Tutor LMS - WordPress <2.6.0 - Code Injection

CVE-2024-21742 MEDIUM

Apache James MIME4J < 0.8.9 and apache-mime4j-core < 0.8.10 - Header Injection via MIME4J DOM

CVE-2024-1833 HIGH

SourceCodester Employee Management System 1.0 - SQL Injection via txtusername/txtphone Parameter

CVE-2024-23830 HIGH

MantisBT < 2.26.1 - Unauthenticated Account Hijacking via Password Reset Link Poisoning

CVE-2024-25625 HIGH

Pimcore <1.3.4 - Host Header Injection

CVE-2024-22319 HIGH

IBM Operational Decision Manager - JNDI Injection

CVE-2024-23828 HIGH

nginxui/nginx_ui < 2.0.0 - Authenticated Remote Code Execution via CRLF Injection in test_config_cmd or start_cmd

CVE-2024-23648 HIGH

Pimcore Admin Classic Bundle < 1.2.3 - Account Takeover via Host Header Injection in Password Reset

CVE-2024-0579 MEDIUM

Totolink X2000R 1.0.0-B20221212.1452 - Command Injection

CVE-2024-0552 CRITICAL

Intumit SmartRobot Firmware < 6.0.0-202012tw - Unauthenticated Remote Code Execution

CVE-2024-21645 MEDIUM

pyload < 0.5.0b3.dev77 - Unauthenticated Log Injection

CVE-2024-21623 CRITICAL

mehah/otclient < 2023-12-30 - Remote Code Execution via GitHub Actions Workflow Injection

CVE-2023-7333 MEDIUM

records-mover < 1.6.0 - SQL Injection in Table Object Handler

CVE-2023-7331 MEDIUM

PKrystian Full-Stack-Bank <bf73a0179e3ff07c0d7dc35297cea0be0e5b1317...

CVE-2023-7299 MEDIUM

DataGear < 4.7.0 - SQL Injection via /dataSet/resolveSql sql Parameter

CVE-2023-23738 MEDIUM

Brainstorm Force Spectra <= 2.3.0 - Unauthenticated Email Spoofing

CVE-2023-46304 HIGH

vtiger CRM 7.5.0 - Authenticated Remote Code Execution via Config File Write

CVE-2023-48709 HIGH

iTop - CSV Formula Injection in Data Export

CVE-2023-51653 CRITICAL

Hertzbeat <1.4.1 - Command Injection

CVE-2023-51388 CRITICAL

Hertzbeat < 1.4.1 - AviatorScript Injection via Unrestricted AviatorEvaluator

Previous Page 155 of 193 Next

Details

Vulnerabilities 4,808

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy