Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,818 vulnerabilities with CWE-74

CVE-2023-26261 CRITICAL

UBIKA WAAP Gateway/Cloud <6.10 - Auth Bypass

CVE-2023-27479 CRITICAL

XWiki 6.3-13.10.10 - Authenticated Remote Code Execution via UIX Parameter Injection

CVE-2023-27635 HIGH

debmany - OS Command Injection via Crafted .deb File

CVE-2023-1061 MEDIUM

Doctors Appointment System 1.0 - SQL Injection via Email Parameter in Edit Doctor Endpoint

CVE-2023-1059 MEDIUM

Doctors Appointment System 1.0 - SQL Injection via search/id Parameter

CVE-2023-20858 HIGH

VMware Carbon Black App Control 8.7.0-8.7.7, 8.8.0-8.8.5, 8.9.0-8.9.3 - Authenticated OS Command Injection

CVE-2023-25613 CRITICAL

Apache Kerby LDAP Backend < 2.0.3 - LDAP Injection

CVE-2023-23936 MEDIUM

Undici <5.19.1 - CRLF Injection

CVE-2023-25141 HIGH

Apache Sling JCR Base < 3.1.12 - Remote Code Execution via JDNI and RMI in RepositoryAccessor

CVE-2023-25719 HIGH

ConnectWise Control < 22.9.10032 - Code Injection via Unvalidated h Parameter

CVE-2023-0493 MEDIUM

BTCPay Server < 1.7.5 - HTML Injection

CVE-2023-0476 MEDIUM

Tenable.sc < 5.23.1 - Authenticated LDAP Injection

CVE-2023-24040 HIGH

Common Desktop Environment 1.6 - Info Disclosure

CVE-2023-20057 NONE

Cisco AsyncOS Software - Auth Bypass

CVE-2023-0040 HIGH

Async HTTP Client <1.13.2 - CRLF Injection

CVE-2023-23749 HIGH

LDAP Integration with Active Directory and OpenLDAP - LDAP Injection via Username Parameter

CVE-2023-0302 HIGH

radare2 < 5.8.2 - Command Injection via Unsanitized Special Elements

CVE-2022-31631 CRITICAL

PHP <8.0.27, <8.1.15, <8.2.2 - SQL Injection

CVE-2022-46337 CRITICAL

Apache Derby 10.1.1.0-10.14.3.0 - LDAP Authentication Bypass via Username Injection

CVE-2022-47583 CRITICAL

mintty < 3.6.3 - Remote Code Execution via Terminal Character Injection

CVE-2022-4145 MEDIUM

OpenShift Container Platform - Unauthenticated Content Spoofing in OAuth Endpoint

CVE-2022-3962 MEDIUM

Kiali < 1.57.4 - Content Spoofing via Error Page Text Injection

CVE-2022-24989 CRITICAL

TerraMaster TOS < 4.2.31 - Unauthenticated Remote Code Execution via api.php Raid Creation

CVE-2022-47028 MEDIUM

Action Launcher for Android <50.5 - DoS

CVE-2022-45048 HIGH

Apache Ranger 2.3.0 - Authenticated Remote Code Execution via Policy Expression Injection

Previous Page 162 of 193 Next

Details

Vulnerabilities 4,818

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy