Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,818 vulnerabilities with CWE-74

CVE-2022-46169 CRITICAL KEV

Cacti 1.2.22 unauthenticated command injection

CVE-2022-35507 HIGH

Proxmox Virtual Environment and Proxmox Mail Gateway - Response Header Injection via CRLF

CVE-2022-46162 HIGH

Discourse BBCode <91478f5 - Code Injection

CVE-2022-4188 MEDIUM

Google Chrome < 108.0.5359.71 - Same Origin Policy Bypass via CORS Input Validation

CVE-2022-41934 CRITICAL

XWiki Platform < 13.10.8 - Authenticated Remote Code Execution via Menu Macro Injection

CVE-2022-33012 HIGH

Microweber v1.2.15 - Host Header Injection

CVE-2022-4064 LOW

dalli < 3.2.3 - Injection via Meta Protocol Handler cas/ttl Argument

CVE-2022-41878 HIGH

Parse Server <5.3.2, <4.10.19 - Auth Bypass

CVE-2022-43562 LOW

Splunk Enterprise <8.1.12-9.0.2 - XSS

CVE-2022-20772 MEDIUM

Cisco ESA/Secure Email and Web Manager - HTTP Response Splitting

CVE-2022-39382 CRITICAL

Keystone 3.0.0-3.0.1 - Environment Variable Injection via NODE_ENV Inlining

CVE-2022-31777 MEDIUM

Apache Spark < 3.2.2 - Stored Cross-Site Scripting via Log Rendering

CVE-2022-39016 HIGH

M-Files Hubshare < 3.3.10.9 - Authenticated Account Takeover via PDF JavaScript Injection

CVE-2022-42468 CRITICAL

Apache Flume 1.4.0-1.10.1 - Remote Code Execution via JMS Source ProviderURL

CVE-2022-3607 MEDIUM

octoprint/octoprint <1.8.3 - Special Element Injection

CVE-2022-2992 CRITICAL

GitLab GitHub Repo Import Deserialization RCE

CVE-2022-40257 MEDIUM

CERT/CC VINCE < 1.50.4 - Authenticated HTML Injection via Email Subject Field

CVE-2022-40248 MEDIUM

CERT/CC VINCE < 1.50.4 - Authenticated HTML Injection via Product Affected Field

CVE-2022-39265 HIGH

MyBB < 1.8.31 - Authenticated Remote Code Execution via Mail Settings Parameter Injection

CVE-2022-3215 HIGH

SwiftNIO < 2.29.1 and 2.41.0-2.42.0 - HTTP Response Injection via CRLF in HTTP Headers

CVE-2022-35914 CRITICAL KEV

GLPI htmLawed php command injection

CVE-2022-39217 MEDIUM

ghas-to-csv < 1 - CSV Injection via Unsanitized API Output

CVE-2022-38796 MEDIUM

Feehi CMS 2.1.1 - Host Header Injection via Password Reset Email

CVE-2022-34165 MEDIUM

IBM WebSphere Application Server <22.0.0.9 - HTTP Header Injection

CVE-2022-36084 CRITICAL

cruddl <2.7.0-3.0.2 - Code Injection

Previous Page 164 of 193 Next

Details

Vulnerabilities 4,818

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy