Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,818 vulnerabilities with CWE-74

CVE-2021-44530 CRITICAL

UniFi Network Controller < 6.5.53 - Remote Code Execution via Log4j JNDI Injection

CVE-2021-32650 HIGH

October CMS < 1.0.473 and 1.1.0-1.1.6 - Authenticated Remote Code Execution via Theme Import Feature

CVE-2021-32649 HIGH

October CMS < 1.0.473 and 1.1.0-1.1.6 - Authenticated Remote Code Execution via Twig Template Injection

CVE-2021-42561 HIGH

MITRE Caldera < 2.8.1 - OS Command Injection via Human Plugin Name Parameter

CVE-2021-29454 HIGH

Smarty < 3.1.42 - Remote Code Execution via Malicious Math String

CVE-2021-24948 HIGH

Plus Addons for Elementor <5.0.7 - Info Disclosure

CVE-2021-43852 HIGH

OroPlatform <4.2.7 - Code Injection

CVE-2021-25994 HIGH

Userfrosting 0.3.1-4.6.2 - Unauthenticated Host Header Injection via Forgot Password Functionality

CVE-2021-45818 MEDIUM

SAFARI Montage 8.7.32 - Code Injection

CVE-2021-44832 MEDIUM

Apache Log4j 2.0-beta7-2.17.0 - Remote Code Execution via JDBC Appender JNDI LDAP Data Source

CVE-2021-45661 HIGH

NETGEAR RBK/RBR/RBS Firmware - Server-Side Injection

CVE-2021-45660 HIGH

NETGEAR RBK/RBR/RBS Firmware - Server-Side Injection

CVE-2021-45659 HIGH

NETGEAR RBK/RBR/RBS Firmware - Server-Side Injection

CVE-2021-45658 HIGH

NETGEAR devices - Server-Side Injection

CVE-2021-45657 HIGH

NETGEAR devices - Server-Side Injection

CVE-2021-45656 HIGH

NETGEAR devices - Server-Side Injection

CVE-2021-45655 MEDIUM

NETGEAR R6400 Firmware < 1.0.1.70 - Server-Side Injection

CVE-2021-43437 HIGH

Engineers Online Portal - Host Header Injection

CVE-2021-32499 HIGH

SICK SOPAS ET < 4.8.0 - OS Command Injection via Emulator Executable Arguments

CVE-2021-43837 HIGH

vault-cli 0.7.0-3.0.0 - Remote Code Execution via Jinja2 Template Injection

CVE-2021-37262 HIGH

jfinal_cms 5.1.0 - Denial of Service via Regex Injection

CVE-2021-43782 MEDIUM

Tuleap < 13.2.99.83 and 13.1-1-13.1-5 - LDAP Injection via User ldap_id Attribute

CVE-2021-41276 MEDIUM

Tuleap < 13.2.99.31 and 13.1-1-13.1-5 - LDAP Injection via User ldap_id Attribute

CVE-2021-43818 HIGH

lxml < 4.6.5 - Cross-Site Scripting via HTML Cleaner Bypass

CVE-2021-43038 HIGH

Kaseya Unitrends Backup <10.5.5 - Privilege Escalation

Previous Page 168 of 193 Next

Details

Vulnerabilities 4,818

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy