Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,829 vulnerabilities with CWE-74

CVE-2021-21372 HIGH

Nim < 1.2.10 - Remote Code Execution via Nimble doCmd Command Injection

CVE-2021-21333 MEDIUM

Synapse < 1.27.0 - HTML Injection in Notification Emails

CVE-2021-3027 MEDIUM

LibrIT PaSSHport <2.5 - Info Disclosure

CVE-2021-29156 HIGH

ForgeRock OpenAM < 13.5.1 - Unauthenticated LDAP Injection via Webfinger Protocol

CVE-2021-1432 HIGH

Cisco IOS XE SD-WAN - Authenticated Command Injection via CLI

CVE-2021-27908 MEDIUM

Mautic < 3.3.2 - Authenticated Information Disclosure via Symfony Parameter Injection

CVE-2021-28963 MEDIUM

Shibboleth Service Provider < 3.2.1 - Content Injection via Template Parameter

CVE-2021-26069 MEDIUM

Atlassian Jira Server/Data Center <8.5.11, 8.6.0-8.13.2, 8.14.0-8.14.9 - Unauthenticated Info Disclosure via API

CVE-2021-24144 HIGH

Contact Form 7 Database Addon <1.2.5.6 - Code Injection

CVE-2021-22191 MEDIUM

Wireshark 3.2.0-3.2.11 and 3.4.0-3.4.3 - Remote Code Execution via Packet Injection or Crafted Capture File

CVE-2021-21381 HIGH

Flatpak 0.9.4-1.10.1 - Unauthenticated Arbitrary File Access via Desktop File Token Injection

CVE-2021-21510 MEDIUM

Dell iDRAC8 < 2.75.100.75 - Unauthenticated Host Header Injection

CVE-2021-21313 MEDIUM

GLPI < 9.5.4 - Cross-Site Scripting via _target Parameter in common.tabs.php

CVE-2021-21353 MEDIUM

pug < 3.0.1 - Remote Code Execution via Pretty Option Injection

CVE-2021-27730 CRITICAL

Accellion FTA <9_12_444 - Command Injection

CVE-2021-27132 CRITICAL

SerComm AG Combo VD625 AGSOT_2.1.0 - HTTP Header Injection via Content-Disposition Header

CVE-2021-3197 CRITICAL

Salt < 2015.8.10 - Injection

CVE-2021-26068 HIGH

Atlassian Jira Server for Slack 0.0.3-2.0.14 - Remote Code Execution via Template Injection

CVE-2021-21316 MEDIUM

less-openui5 < 0.10.0 - Remote Code Execution via Inline JavaScript in Less Files

CVE-2021-20644 MEDIUM

ELECOM WRC-1467GHBK-A Firmware - Stored Cross-Site Scripting via SSID Display

CVE-2021-23335 HIGH

Package is-user-valid - LDAP Injection

CVE-2021-21479 CRITICAL

SAP SCIMono < 0.0.19 - Remote Code Execution via Java Expression Injection

CVE-2021-21141 MEDIUM

Google Chrome <88.0.4324.96 - Info Disclosure

CVE-2021-21137 MEDIUM

Google Chrome <88.0.4324.96 - Info Disclosure

CVE-2021-21305 HIGH

CarrierWave <2.1.1 - Code Injection

Previous Page 173 of 194 Next

Details

Vulnerabilities 4,829

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy