Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,818 vulnerabilities with CWE-74

CVE-2022-37108 HIGH

Securonix Snypr 6.4 - Authenticated Remote Code Execution via Syslog-ng Configuration Wizard

CVE-2022-37242 CRITICAL

SecurityGateway for Email Servers 8.5.2 - HTTP Response Splitting via DATA Parameter

CVE-2022-37240 CRITICAL

SecurityGateway for Email Servers 8.5.2 - HTTP Response Splitting via Format Parameter

CVE-2022-34773 MEDIUM

tabit < 3.27.0 - HTTP Method Manipulation via Addresses Query Endpoint

CVE-2022-32453 MEDIUM

Cybozu Office 10.0.0-10.8.5 - HTTP Header Injection

CVE-2022-38357 HIGH

Eyes of Network Web - iFrame Injection via URL Parameter

CVE-2022-38191 MEDIUM

Esri Portal for ArcGIS <10.9.0 - Code Injection

CVE-2022-35954 MEDIUM

GitHub Actions ToolKit <v1.9.1 - Code Injection

CVE-2022-35948 MEDIUM

undici < 5.8.1 - CRLF Injection via Content-Type Header

CVE-2022-36323 CRITICAL

Affected Device - Command Injection

CVE-2022-31665 HIGH

VMware Identity Manager - Remote Code Execution

CVE-2022-31658 HIGH

VMware Workspace ONE Access and Identity Manager - Remote Code Execution

CVE-2022-35735 HIGH

BIG-IP <16.1.3.1, 15.1.x <15.1.6.1, 14.1.x <14.1.5.1, 13.1.x - Priv...

CVE-2022-31181 CRITICAL

PrestaShop <1.7.8.7 - SQL Injection

CVE-2022-31180 CRITICAL

shescape 1.4.0-1.5.7 - Command Injection via Interpolation Option

CVE-2022-31179 HIGH

shescape < 1.5.8 - Command Injection via Line Feed Character

CVE-2022-36302 HIGH

Bosch BF-OS 3.00-3.83 - Path Traversal

CVE-2022-22360 HIGH

IBM Sterling Partner Engagement Manager - LDAP Injection

CVE-2022-31593 HIGH

SAP Business One client <10.0 - Code Injection

CVE-2022-34466 MEDIUM

Mendix 9 >=V9.11<V9.15,Mendix 9 V9.12 <V9.12.3 - Info Disclosure

CVE-2022-34914 CRITICAL

Webswing < 20.1.16 - Argument Injection via X-Forwarded-For Header

CVE-2022-33011 HIGH

Known <1.3.1+2020120201 - Host Header Injection

CVE-2022-31126 CRITICAL

Roxy-wi < 6.1.1.0 - Unauthenticated Remote Code Execution via /app/options.py

CVE-2022-31014 MEDIUM

Nextcloud Server < 19.0.13.7, < 22.2.8 - SMTP Command Injection via CRLF Injection

CVE-2022-34903 MEDIUM

GnuPG < 2.3.6 - Signature Forgery via Status Line Injection

Previous Page 165 of 193 Next

Details

Vulnerabilities 4,818

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy