CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,837 vulnerabilities with CWE-74
CVE-2020-27260 MEDIUM
Innokas Vital Signs Monitor VC150 <1.7.15 - Code Injection
CVSS 5.3
CVE-2020-28468 HIGH
pwntools < 4.3.1 - Server-Side Template Injection in Shellcraft Generator
CVSS 8.1
CVE-2020-26293 MEDIUM
HtmlSanitizer < 5.0.372 - Cross-Site Scripting Bypass via Style Tag
CVSS 6.1
CVE-2020-10208 CRITICAL
Amino AK45x AK5xx AK65x Aria6xx Aria7xx Kami7B Firmware - Authenticated OS Command Injection in EntoneWebEngine
CVSS 9.9
CVE-2020-16268 HIGH
1E Client 4.1.0.267 and 5.0.0.745 - Authenticated Privilege Escalation via MSI Repair Option
CVSS 8.8
CVE-2020-26282 CRITICAL
browserup_proxy < 2.1.2 - Unauthenticated Remote Code Execution via Java EL Expression Injection
CVSS 10.0
CVE-2020-35669 MEDIUM
dart/http < 0.12.2 and Pub/http < 0.13.3 - CRLF Injection via HTTP Method
CVSS 6.1
CVE-2020-35608 HIGH
Microsoft Azure Sphere 20.07 - Remote Code Execution via AF_PACKET Socket
CVSS 7.8
CVE-2020-27687 HIGH
ThingsBoard < 3.2 - Host Header Injection in Password-Reset Emails
CVSS 8.8
CVE-2020-8177 HIGH
curl 7.20.0-7.70.0 - Arbitrary File Overwrite via -J Flag
CVSS 7.8
CVE-2020-25967 HIGH
fastadmin V1.0.0.20200506_beta - Server-Side Template Injection in Member Center
CVSS 8.8
CVE-2020-26260 MEDIUM
BookStack < 0.30.5 - Server-Side Request Forgery and Arbitrary File Access via Image URL Export Manipulation
CVSS 6.4
CVE-2020-29655 HIGH
RT-AC88U Download Master <3.1.0.108 - Command Injection
CVSS 7.5
CVE-2020-14193 MEDIUM
Automation for Jira < 7.1.15 - Template Injection via Mustache Partials
CVSS 5.4
CVE-2020-26238 HIGH
cron-utils < 9.1.3 - Unauthenticated Remote Code Execution via Java EL Expression Injection
CVSS 7.9
CVE-2020-13942 CRITICAL
Apache Unomi 1.5.0-1.5.1 - Unauthenticated Remote Code Execution via /context.json Endpoint
CVSS 9.8
CVE-2020-26081 MEDIUM
Cisco IoT Field Network Director < 4.6.1 - Unauthenticated Cross-Site Scripting
CVSS 6.1
CVE-2020-26884 MEDIUM
RSA Archer <6.8.0.3,6.9 - Open Redirect
CVSS 6.1
CVE-2020-27627 MEDIUM
JetBrains TeamCity <2020.1.2 - Command Injection
CVSS 6.1
CVE-2020-26222 HIGH
Dependabot 0.119.0.beta1-0.125.1 - Remote Code Execution via Malicious Source Branch Name
CVSS 8.7
CVE-2020-28031 MEDIUM
eramba <= c2.8.1 - Authenticated HTTP Host Header Injection
CVSS 4.3
CVE-2020-15238 HIGH
Blueman < 2.1.4 - Command Injection via DhcpClient D-Bus Method
CVSS 7.1
CVE-2020-15244 HIGH
Magento <19.4.8-20.0.4 - Code Injection
CVSS 8.0
CVE-2020-3561 MEDIUM
Cisco Adaptive Security Appliance and Firepower Threat Defense - Unauthenticated CRLF Injection via Clientless SSL VPN
CVSS 4.7
CVE-2020-7749 HIGH
osm-static-maps < 3.9.0 - Cross-Site Scripting and Server-Side Request Forgery via Template Injection
CVSS 7.6
Details
Vulnerabilities 4,837
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits