Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,812 vulnerabilities with CWE-74

CVE-2023-43364 CRITICAL

searchor < 2.4.2 - Remote Code Execution via CLI Input

CVE-2023-46456 CRITICAL

GL.iNET GL-AR300M <3.216 - Command Injection

CVE-2023-49964 HIGH

Hyland Alfresco Content Services < 7.2.0 - Server-Side Template Injection via folder.get.html.ftl

CVE-2023-6648 HIGH

PHPGurukul Nipah Virus Testing Management System 1.0 - SQL Injection

CVE-2023-48841 HIGH

Appointment Scheduler 3.0 - Code Injection

CVE-2023-48835 HIGH

Car Rental Script v3.0 - Code Injection

CVE-2023-48830 HIGH

Shuttle Booking Software 2.0 - Code Injection

CVE-2023-48826 HIGH

Time Slots Booking Calendar 4.0 - Code Injection

CVE-2023-48205 MEDIUM

Jorani Leave Management System 1.0.2 - Host Header Spoofing via Password Reset Email

CVE-2023-6458 HIGH

Mattermost < 7.8.14, 8.1.5, 9.1.2 - Client-Side Path Traversal via Route Parameters

CVE-2023-22522 HIGH

Atlassian Confluence Data Center and Server 4.0-7.19.16 - Authenticated Template Injection and Remote Code Execution

CVE-2023-35075 LOW

Mattermost < 7.8.12, 8.0.0-8.1.3, 7.8.12-7.8.12 - HTML Injection via Channel Name Autocomplete

CVE-2023-49214 CRITICAL

Usedesk < 1.7.57 - Chat Template Injection

CVE-2023-6164 LOW

MainWP Dashboard - WordPress Manager <4.5.1.2 - XSS

CVE-2023-5340 CRITICAL

Five Star Restaurant Menu and Food Ordering < 2.4.11 - Unauthenticated PHP Object Injection via AJAX Action

CVE-2023-6174 MEDIUM

Wireshark 4.0.0-4.0.10 - Denial of Service via SSH Dissector Packet Injection

CVE-2023-48199 HIGH

Grocy <= 4.0.3 - HTML Injection in manageApiKeys Component

CVE-2023-44373 CRITICAL

Siemens 6GK5205 and 6GK5208 and 6GK5213 Firmware < 4.5 - Authenticated Remote Code Execution via Input Field Injection

CVE-2023-47119 MEDIUM

Discourse < 3.1.3 and < 3.2.0.beta3 - HTML Injection via Onebox Engine

CVE-2023-4767 MEDIUM

ManageEngine Desktop Central <9.1.0 - CRLF Injection

CVE-2023-4197 HIGH

Dolibarr ERP CRM <= 18.0.1 - Remote Code Execution via Website Input

CVE-2023-4393 MEDIUM

LiquidFiles <3.7.13 - Command Injection

CVE-2023-46468 HIGH

Juzaweb CMS <=3.4 - Code Execution via Custom Plugin File Upload

CVE-2023-5043 HIGH

ingress-nginx < 1.9.0 - OS Command Injection via Annotation

CVE-2023-32786 HIGH

Langchain < 0.0.155 - Server-Side Request Forgery via Prompt Injection

Previous Page 157 of 193 Next

Details

Vulnerabilities 4,812

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy