Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,812 vulnerabilities with CWE-74

CVE-2023-45540 MEDIUM

Jorani Leave Management System 1.0.3 - Stored Cross-Site Scripting via Leave Request Comment Field

CVE-2023-43667 HIGH

Apache InLong <1.9.0 - Info Disclosure

CVE-2023-43661 HIGH

Cachet < 2.4 - Remote Code Execution via Template Injection

CVE-2023-44109 HIGH

Huawei EMUI and HarmonyOS - Clone Vulnerability in HUKS TA Module

CVE-2023-45303 HIGH

ThingsBoard < 3.5 - Server-Side Template Injection via Email Template Modification

CVE-2023-3665 MEDIUM

Trellix Endpoint Security < 10.7.0 - Local Code Injection via Environment Variable Manipulation

CVE-2023-43835 HIGH

Super Store Finder <3.7 - Command Injection

CVE-2023-41580 HIGH

phpipam < 1.5.2 - LDAP Injection via dname Parameter

CVE-2023-44270 MEDIUM

PostCSS < 8.4.31 - CSS Injection via Comment Parsing Bypass

CVE-2023-43655 MEDIUM

Composer < 1.10.27 - Remote Code Execution via PHP register_argc_argv

CVE-2023-5269 MEDIUM

Best Courier Management System 1.0 - SQL Injection via Parcel List GET Parameter

CVE-2023-26148 MEDIUM

ithewei libhv - CRLF Injection via Request Header Manipulation

CVE-2023-43656 MEDIUM

matrix-hookshot < 4.5.0 - Remote Code Execution via Transformation Function Sandbox Escape

CVE-2023-41834 MEDIUM

Apache Flink Stateful Functions 3.1.0-3.2.0 - HTTP Response Splitting via CRLF Injection

CVE-2023-36250 HIGH

GNOME time tracker <3.0.2 - Code Injection

CVE-2023-26142 MEDIUM

Crow - HTTP Response Splitting via Header CRLF Injection

CVE-2023-4843 MEDIUM

Pega Platform 7.1.0-8.8.3 - Authenticated HTML Injection in Visual Business Director Name Field

CVE-2023-39424 CRITICAL

ResortData IRM Next Gen - Authenticated Arbitrary File Upload & RCE via RDPngFileUpload.dll

CVE-2023-1523 CRITICAL

Canonical snapd <= 2.59.5 - TIOCLINUX Terminal Command Injection

CVE-2023-41039 HIGH

RestrictedPython < 5.4 - Information Disclosure via Format String Injection

CVE-2023-4478 MEDIUM

Mattermost < 7.8.9 - Unauthenticated User Registration Blocking via Signup Parameter Manipulation

CVE-2023-40035 HIGH

Craft CMS 3.0.0-3.8.14 and 4.0.0-RC1-4.4.14 - Authenticated Remote Code Execution via Path Validation Bypass

CVE-2023-4212 MEDIUM

Trane Thermostat - Command Injection

CVE-2023-4450 MEDIUM

jeecg/jimureport < 1.6.1 - Server-Side Template Injection in Template Handler

CVE-2023-39662 CRITICAL

llamaindex < 0.7.13 - Remote Code Execution via PandasQueryEngine exec Parameter

Previous Page 158 of 193 Next

Details

Vulnerabilities 4,812

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy