Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,829 vulnerabilities with CWE-74

CVE-2021-21580 MEDIUM

Dell EMC iDRAC8 < 2.80.80.80 and iDRAC9 < 5.00.00.00 - Content Spoofing via URL Injection

CVE-2021-35450 HIGH

Entando Admin Console <6.3.9 - SSRF

CVE-2021-33195 HIGH

Go <1.15.13-1.16.5 - Info Disclosure

CVE-2021-32558 HIGH

Asterisk DoS via IAX2 Unsupported Media Format Packet

CVE-2021-3169 CRITICAL

Jumpserver < 2.4.5 - Unauthenticated Connection Token Generation and Asset Access

CVE-2021-32756 HIGH

ManageIQ <jansa-4,kasparov-2,lasker-1 - RCE

CVE-2021-0594 HIGH

Android - Remote Privilege Escalation via Bluetooth ConfirmConnectActivity Input Validation Bypass

CVE-2021-36381 MEDIUM

Edifecs Transaction Management - XSS

CVE-2021-22232 LOW

GitLab 9.5.0-13.11.5 - HTML Injection via Full Name Field

CVE-2021-20101 MEDIUM

Machform < 16 - HTTP Host Header Injection

CVE-2021-23400 MEDIUM

nodemailer < 6.6.1 - HTTP Header Injection via Address Object

CVE-2021-20574 HIGH

IBM Security Identity Manager Adapters <7.0 - Command Injection

CVE-2021-29676 MEDIUM

IBM Security Verify < 10.9.66 - Link Injection via Crafted URL

CVE-2021-29955 MEDIUM

Firefox < 87.0 and Firefox ESR < 78.9 - Memory Address Leak via Floating Point Value Injection

CVE-2021-24002 HIGH

Firefox < 88.0 and Firefox ESR < 78.10 - Command Injection via FTP URL Newline Encoding

CVE-2021-29085 HIGH

Synology DiskStation Manager 6.2-6.2.3-25426-3 - Arbitrary File Read via File Sharing Management Component

CVE-2021-29084 HIGH

Synology DSM <6.2.3-25426-3 & DSM UC <3.1-23033 Arbitrary File Read

CVE-2021-0553 HIGH

Android 11 - Local Privilege Escalation via AppSwitchPreference UI Bypass

CVE-2021-0551 MEDIUM

Android 11 - Denial of Service via Malicious Media File in MediaControlPanel

CVE-2021-0567 HIGH

Android - Local Privilege Escalation via Font File Injection in RemoteViews

CVE-2021-20736 CRITICAL

GROWI < 4.2.20 - NoSQL Injection

CVE-2021-29702 HIGH

IBM Db2 11.1-11.1.4 - Denial of Service via Crafted SELECT Statement

CVE-2021-28979 MEDIUM

SafeNet KeySecure < 8.12.0 - HTTP Response Splitting via Crafted URL

CVE-2021-25682 HIGH

Apport 2.20.1-0ubuntu1-2.20.1-0ubuntu2.30 - Information Disclosure via /proc/pid/status Parsing

CVE-2021-33668 HIGH

SAP InfraBox < 1.2.1 - Unauthenticated LDAP Injection

Previous Page 171 of 194 Next

Details

Vulnerabilities 4,829

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy