Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,837 vulnerabilities with CWE-74

CVE-2020-15255 HIGH

Anuko Time Tracker <1.19.23.5325 - Info Disclosure

CVE-2020-15252 HIGH

XWiki < 11.10.6 - Authenticated Remote Code Execution via Servlet Context Access

CVE-2020-25768 MEDIUM

Contao < 4.4.52, 4.9.x < 4.9.6, 4.10.x < 4.10.1 - Insert Tag Injection in Front End Forms

CVE-2020-15227 HIGH

Nette <2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 - Code Injection

CVE-2020-26137 MEDIUM

urllib3 < 1.25.9 - CRLF Injection via HTTP Request Method

CVE-2020-21523 CRITICAL

halo CMS 1.1.3 - Server-Side Freemarker Template Injection via Edit Theme File Function

CVE-2020-26116 HIGH

Python 3.x < 3.5.10, 3.6.x < 3.6.12, 3.7.x < 3.7.9, 3.8.x < 3.8.5 - HTTP Header Injection via HTTPConnection.request

CVE-2020-25596 MEDIUM

Xen 3.2.0-4.14.x - Denial of Service via SYSENTER Instruction Handling

CVE-2020-15187 LOW

Helm <2.16.11, 3.3.2 - Local Execution

CVE-2020-15186 LOW

Helm <2.16.11-3.3.2 - Code Injection

CVE-2020-15185 LOW

Helm <2.16.11, <3.3.2 - Info Disclosure

CVE-2020-15184 LOW

Helm <2.16.11, <3.3.2 - Code Injection

CVE-2020-16875 HIGH

Microsoft Exchange Server DlpUtils AddTenantDlpPolicy RCE

CVE-2020-15171 MEDIUM

XWiki < 11.10.5 - Authenticated Remote Code Execution via Servlet Context Access

CVE-2020-15164 CRITICAL

Scratch Login <1.1 - Info Disclosure

CVE-2020-12855 HIGH

SecZetta NEProfile <3.3.11 - Host Header Injection

CVE-2020-13863 HIGH

Mitel MiCollab < 9.1.3 - HTTP Header Injection in SAS Portal

CVE-2020-24364 HIGH

MineTime <1.8.5 - Command Injection

CVE-2020-15147 HIGH

Red Discord Bot < 3.3.12 - Remote Code Execution via Streams Module Going Live Message

CVE-2020-15140 HIGH

Red Discord Bot < 3.3.11 - Remote Code Execution via Trivia Leaderboard Command

CVE-2020-15146 CRITICAL

SyliusResourceBundle <1.3.14-1.6.4 - RCE

CVE-2020-15143 HIGH

SyliusResourceBundle <1.3.14-1.6.4 - RCE

CVE-2020-15693 MEDIUM

Nim < 1.2.6 - CR-LF Injection in httpClient URL and Header Handling

CVE-2020-16087 HIGH

VNG Zalo Desktop 19.8.1.0 - Remote Code Execution via Crafted File

CVE-2020-17496 CRITICAL KEV

vBulletin 5.5.4-5.6.2 - Remote Command Execution via subWidgets Data in AJAX Widget Renderer

Previous Page 177 of 194 Next

Details

Vulnerabilities 4,837

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy