Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,818 vulnerabilities with CWE-74

CVE-2021-41392 CRITICAL

Boostnote < 0.22.0 - Injection

CVE-2021-41390 HIGH

Ericsson Enterprise Content Management < 18.0 - CSV Injection via Security Provider Endpoint

CVE-2021-41314 HIGH

NETGEAR Smart Switches - Unauthenticated Admin Session Crafting via Web UI Password Field Injection

CVE-2021-39213 MEDIUM

GLPI 9.1-9.5.5 - API Bypass via Custom Header Injection

CVE-2021-30777 HIGH

macOS 10.14-10.14.4 and 11.0-11.4 - Privilege Escalation via Injection

CVE-2021-40143 HIGH

Sonatype Nexus Repository Manager 3 3.0.0-3.33.1-01 - HTTP Header Injection

CVE-2021-39187 HIGH

parse-server < 4.10.3 - Denial of Service via Invalid Explain Query Option

CVE-2021-39175 HIGH

HedgeDoc < 1.9.0 - Unauthenticated Cross-Site Scripting via Slide Mode Speaker Notes

CVE-2021-32827 MEDIUM

MockServer - Code Execution via Overbroad CORS and Script Injection

CVE-2021-20509 CRITICAL

IBM Maximo Asset Mgmt <7.6.1 - Code Injection

CVE-2021-38371 HIGH

Exim < 4.94.2 - Response Injection via STARTTLS Feature

CVE-2021-38290 HIGH

FUEL CMS < 1.5.0 - Host Header Injection

CVE-2021-37541 MEDIUM

JetBrains Hub < 2021.1.13402 - HTML Injection in Password Reset Email

CVE-2021-38084 HIGH

Courier Mail Server <1.1.5 - Info Disclosure

CVE-2021-21580 MEDIUM

Dell EMC iDRAC8 < 2.80.80.80 and iDRAC9 < 5.00.00.00 - Content Spoofing via URL Injection

CVE-2021-35450 HIGH

Entando Admin Console <6.3.9 - SSRF

CVE-2021-33195 HIGH

Go <1.15.13-1.16.5 - Info Disclosure

CVE-2021-32558 HIGH

Asterisk DoS via IAX2 Unsupported Media Format Packet

CVE-2021-3169 CRITICAL

Jumpserver < 2.4.5 - Unauthenticated Connection Token Generation and Asset Access

CVE-2021-32756 HIGH

ManageIQ <jansa-4,kasparov-2,lasker-1 - RCE

CVE-2021-0594 HIGH

Android - Remote Privilege Escalation via Bluetooth ConfirmConnectActivity Input Validation Bypass

CVE-2021-36381 MEDIUM

Edifecs Transaction Management - XSS

CVE-2021-22232 LOW

GitLab 9.5.0-13.11.5 - HTML Injection via Full Name Field

CVE-2021-20101 MEDIUM

Machform < 16 - HTTP Host Header Injection

CVE-2021-23400 MEDIUM

nodemailer < 6.6.1 - HTTP Header Injection via Address Object

Previous Page 170 of 193 Next

Details

Vulnerabilities 4,818

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy