Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,829 vulnerabilities with CWE-74

CVE-2021-30540 MEDIUM

Google Chrome < 91.0.4472.77 - Domain Spoofing via Payments Security UI

CVE-2021-31249 MEDIUM

CHIYU BF-430, BF-431, and BF-450M Firmware - CRLF Injection via Redirect Parameter

CVE-2021-30506 HIGH

Google Chrome < 90.0.4430.212 - Script Injection via Web App Install

CVE-2021-32647 HIGH

Emissary - Authenticated Remote Code Execution via CreatePlace Endpoint sppClassName Parameter

CVE-2021-32642 HIGH

radsecproxy - Configuration Injection via Crafted RadSec Peer Discovery DNS Records

CVE-2021-29210 MEDIUM

HP Integrated Lights-Out 4 < 2.78 and iLO 5 < 2.44 - DOM-Based Cross-Site Scripting and CRLF Injection

CVE-2021-29209 MEDIUM

HPE Integrated Lights-Out 4 < 2.78 and iLO 5 < 2.44 - Remote DOM-Based Cross-Site Scripting and CRLF Injection

CVE-2021-29208 MEDIUM

HPE Integrated Lights-Out 4 < 2.78 and iLO 5 < 2.44 - Remote DOM-Based Cross-Site Scripting and CRLF Injection

CVE-2021-29414 MEDIUM

STM32CubeL4 Firmware < 1.17.0 - Improper Access Control

CVE-2021-32622 MEDIUM

matrix-react-sdk < 3.21.0 - Local Script Execution via File Preview

CVE-2021-3524 MEDIUM

Red Hat Ceph Storage RadosGW <14.2.21 - HTTP Header Injection

CVE-2021-30214 MEDIUM

Knowage Suite 7.3 - Stored Client-Side Template Injection via Name Parameter

CVE-2021-27614 HIGH

SAP Business One Hana Chef Cookbook - Code Injection

CVE-2021-29502 HIGH

warnsystem < 1.3.18 - Information Disclosure via Unsanitized Template

CVE-2021-29501 HIGH

dav-cogs < 1.0.1 - Information Exposure in Ticketer Cog

CVE-2021-3154 HIGH

SolarWinds Serv-U < 15.2.2 - Unauthenticated Cleartext Password Exposure via Macro Injection

CVE-2021-31164 HIGH

Apache Unomi <1.5.5 - Info Disclosure

CVE-2021-22331 HIGH

HUAWEI P30 Firmware < 10.1.0.165(C01E165R2P11) - JavaScript Injection via Malicious Application Request

CVE-2021-0268 HIGH

Juniper Networks Junos OS - Buffer Overflow

CVE-2021-28829 MEDIUM

TIBCO Administrator - Enterprise Edition <= 5.10.2 and 5.11.0-5.11.1 - Persistent CSV Injection in Administration GUI

CVE-2021-31402 HIGH

dio 4.0.0-4.9.9 - CRLF Injection via HTTP Method String

CVE-2021-27182 HIGH

MDaemon < 20.0.4 - IFRAME Injection in Webmail via Email Message

CVE-2021-22879 HIGH

Nextcloud Desktop Client <3.1.3 - Code Injection

CVE-2021-30057 MEDIUM

Knowage < 7.4 - Stored HTML Injection via LABEL and NAME Parameters

CVE-2021-21420 HIGH

Stripe for Visual Studio Code < 1.7.3 - Remote Code Execution via Malicious Repository Settings

Previous Page 172 of 194 Next

Details

Vulnerabilities 4,829

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy