Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,818 vulnerabilities with CWE-74

CVE-2022-45801 MEDIUM

Apache StreamPark 1.0.0-2.0.0 - LDAP Injection

CVE-2022-23721 LOW

PingID Integration for Windows Login < 2.9 - Username Collision Vulnerability

CVE-2022-43769 HIGH KEV

Pentaho Business Server Auth Bypass and Server Side Template Injection RCE

CVE-2022-42797 HIGH

Xcode < 14.1 - Privilege Escalation via Injection

CVE-2022-36775 MEDIUM

IBM Security Verify Access 10.0.0.0-10.0.4.0 - HTTP Header Injection via HOST Header

CVE-2022-42472 MEDIUM

FortiOS/FortiProxy HTTP Request Splitting (Auth Required)

CVE-2022-43756 MEDIUM

SUSE Rancher <0.7.3, <0.8.4, <1.0.0 - DoS

CVE-2022-47052 MEDIUM

Nighthawk R6220 AC1200 - CRLF Injection

CVE-2022-3918 HIGH

swift_foundation < 5.7.3 - CRLF Injection in URLRequest Headers

CVE-2022-43720 MEDIUM

Apache Superset < 1.5.2 and 2.0.0 - Authenticated Cross-Site Scripting via Toast Message

CVE-2022-42268 HIGH

Omniverse Kit Create, Audio2Face, Isaac Sim, View, Code, Machinima - Remote Code Execution via USD File Python Code

CVE-2022-37933 HIGH

HPE Superdome Flex and Superdome Flex 280 Firmware - Local Unauthorized Data Injection

CVE-2022-46180 MEDIUM

Discourse Mermaid <1.0.0 - Code Injection

CVE-2022-42471 MEDIUM

FortiWeb 6.3.6-6.3.20, 6.4.0-6.4.2, 7.0.0-7.0.2 - Authenticated HTTP Response Splitting

CVE-2022-4864 MEDIUM

froxlor/froxlor <2.0.0-beta1 - Command Injection

CVE-2022-4768 MEDIUM

Dropbox merou < 2022-03-28 - Injection in SSH Public Key Handler

CVE-2022-46873 HIGH

Firefox < 108.0 - Cross-Site Scripting via CSP unsafe-hashes Directive Bypass

CVE-2022-40958 MEDIUM

Firefox ESR < 102.3, Thunderbird < 102.3, Firefox < 105 - SSRF

CVE-2022-40145 CRITICAL

Apache Karaf < 4.3.8 - Remote Code Execution via JNDI LDAP Data Source URI

CVE-2022-42544 HIGH

Android - Local Privilege Escalation via Network Add Request Input Validation

CVE-2022-46265 MEDIUM

Polarion ALM <V2304.0 - Host Header Injection

CVE-2022-4170 CRITICAL

rxvt-unicode - Remote Code Execution in Perl Background Extension

CVE-2022-4364 HIGH

Teledyne FLIR AX8 <1.46.16 - Command Injection

CVE-2022-45910 MEDIUM

Apache ManifoldCF < 2.23 - LDAP Injection in ActiveDirectory and Sharepoint Authority Connectors

CVE-2022-3643 MEDIUM

Linux Kernel 3.19-4.9.335 - Denial of Service via Malicious Network Packet Headers

Previous Page 163 of 193 Next

Details

Vulnerabilities 4,818

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy