Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,818 vulnerabilities with CWE-74

CVE-2021-38873 HIGH

IBM Planning Analytics 2.0 - Code Injection

CVE-2021-36313 CRITICAL

Dell EMC CloudLink <7.1 - Command Injection

CVE-2021-37033 HIGH

Huawei EMUI and Magic UI - Injection

CVE-2021-36322 MEDIUM

Dell Networking X-Series <3.0.1.8 - Host Header Injection

CVE-2021-34419 LOW

Zoom Client for Meetings < 5.1.0 - HTML Injection via Remote Control Request

CVE-2021-43350 CRITICAL

Apache Traffic Control - Info Disclosure

CVE-2021-25980 HIGH

Talkyard 0.04.01-0.6.74-WIP-63220cb - Host Header Injection via Forgot Password Functionality

CVE-2021-43185 CRITICAL

JetBrains YouTrack <2021.3.23639 - SSRF

CVE-2021-41170 CRITICAL

neoan3-apps/template <1.1.1 - Code Injection

CVE-2021-36697 MEDIUM

Artica Pandora FMS <=755 - Authenticated Remote Code Execution via .htaccess Overwrite

CVE-2021-41232 HIGH

Thunderdome <1.16.3 - Command Injection

CVE-2021-38294 CRITICAL

Apache Storm <2.2.1, <1.2.4 - Command Injection

CVE-2021-41163 CRITICAL

Discourse - Remote Code Execution via Unvalidated subscribe_url

CVE-2021-21743 MEDIUM

ZTE MF971R Firmware - CRLF Injection via HTTP Request

CVE-2021-37933 HIGH

Huntflow Enterprise < 3.10.6 - Unauthenticated LDAP Injection via Email Parameter

CVE-2021-22035 MEDIUM

VMware vRealize Log Insight 8.0.0-8.5.0 - Authenticated CSV Injection via Interactive Analytics Export

CVE-2021-20802 MEDIUM

Cybozu Remote Service <3.1.9 - Info Disclosure

CVE-2021-38458 CRITICAL

Moxa MXview <3.2.2 - Path Traversal

CVE-2021-41128 CRITICAL

Hygeia 1.11.0-1.30.3 - CSV Injection in Statistics and BAG MED Exports

CVE-2021-31988 HIGH

AXIS OS Multiple Versions - SMTP Header Injection via CRLF

CVE-2021-35505 HIGH

Afian FileRun < 2021.03.26 - Authenticated Remote Code Execution via Check Path Magick Binary

CVE-2021-35504 HIGH

Afian FileRun < 2021.03.26 - Authenticated Remote Code Execution via FFmpeg Binary Path

CVE-2021-41862 CRITICAL

AviatorScript <= 5.2.7 - Remote Code Execution via BCEL-Encoded Expression

CVE-2021-41084 HIGH

http4s < 0.21.29 - HTTP Response Splitting via Header and URI Field Injection

CVE-2021-29795 MEDIUM

IBM PowerVM Hypervisor FW860, FW930, FW940, FW950 - Denial of Service via Hypervisor Call Sequence

Previous Page 169 of 193 Next

Details

Vulnerabilities 4,818

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy