Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,812 vulnerabilities with CWE-74

CVE-2023-39661 CRITICAL

pandasai < 0.9.1 - Remote Code Execution via _is_jailbreak Function

CVE-2023-39659 CRITICAL

langchain < 0.0.232 - Remote Code Execution via PythonAstREPLTool._run

CVE-2023-38896 CRITICAL

Harrison Chase langchain <0.0.194 - RCE

CVE-2023-31209 HIGH

Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 - Authenticated OS Command Injection via Active Check Command Arguments

CVE-2023-33242 CRITICAL

lindell17 - Private Key Extraction via Abort Handling in Lindell17 TSS Protocol

CVE-2023-33241 CRITICAL

Crypto wallets - Info Disclosure

CVE-2023-39213 CRITICAL

Zoom Desktop Client <5.15.2 - Privilege Escalation

CVE-2023-4157 MEDIUM

Omeka S < 4.0.3 - Injection

CVE-2023-36210 CRITICAL

MotoCMS 3.4.3 - Server-Side Template Injection via Keyword Parameter

CVE-2023-38609 HIGH

macOS Ventura <13.5 - Privilege Escalation

CVE-2023-38060 MEDIUM

OTRS 6.0.1-6.0.34 and 7.0.0-7.0.44 - Authenticated Host Header Injection via Ticket Attachment ContentType Parameter

CVE-2023-37897 HIGH

Grav < 1.7.42.2 - Authenticated Server-Side Template Injection via Double Backslash Bypass

CVE-2023-3694 MEDIUM

SourceCodester House Rental and Property Listing 1.0 - SQL Injection via Index.php Keywords/Location Parameter

CVE-2023-37473 HIGH

zenstruck/collection < 0.2.1 - Remote Code Execution via Callable String Injection

CVE-2023-37462 CRITICAL

XWiki 7.0-14.4.8 - Remote Code Execution via SkinsCode.XWikiSkinsSheet Injection

CVE-2023-36830 MEDIUM

sqlfluff < 2.1.2 - Remote Code Execution via library_path Config Injection

CVE-2023-36188 CRITICAL

langchain 0.0.64 - Remote Code Execution via PALChain Parameter

CVE-2023-26138 MEDIUM

drogonframework/drogon - CRLF Injection

CVE-2023-36812 CRITICAL

OpenTSDB <2.4.2 - Remote Code Execution via Gnuplot Configuration Injection

CVE-2023-37360 MEDIUM

pacparser < 1.4.2 - JavaScript Injection via pacparser_find_proxy

CVE-2023-36470 CRITICAL

XWiki 6.2-14.10.5 - Remote Code Execution via Icon Set Injection

CVE-2023-36469 CRITICAL

XWiki 9.6-14.10.5 - Authenticated Remote Code Execution via User Profile Script Macros

CVE-2023-36471 CRITICAL

XWiki Commons 14.6-14.10.5 - Remote Code Execution via HTML Sanitizer Bypass

CVE-2023-34203 HIGH

Progress OpenEdge < 11.7.16, 12.x < 12.2.12, 12.3.x-12.6.x < 12.7 - Authenticated URL Injection in OEM and OEE

CVE-2023-3380 MEDIUM

WAVLINK WN579X3 - Remote Command Execution

Previous Page 159 of 193 Next

Details

Vulnerabilities 4,812

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy