Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,837 vulnerabilities with CWE-74

CVE-2020-16254 MEDIUM

Chartkick < 3.3.2 - CSS Injection

CVE-2020-7695 MEDIUM

Uvicorn < 0.11.7 - HTTP Response Splitting via CRLF Injection in HTTP Headers

CVE-2020-15953 HIGH

LibEtPan < 1.9.4 - Response Injection via STARTTLS Buffering Issue

CVE-2020-15111 MEDIUM

Fiber < 1.12.6 - CRLF Injection via Attachment Filename

CVE-2020-14928 MEDIUM

evolution-data-server <3.36.3 - Response Injection

CVE-2020-14505 CRITICAL

Advantech iView < 5.6 - Remote Code Execution via HTTP Request Command Injection

CVE-2020-5246 HIGH

Traccar < 4.9 - LDAP Injection via User Input in LDAP Search Filter

CVE-2020-9376 HIGH

D-Link DIR-610 Firmware - Information Disclosure via getcfg.php

CVE-2020-11994 HIGH

Apache Camel 2.22.0-2.22.5 - Server-Side Template Injection and Arbitrary File Disclosure

CVE-2020-12736 HIGH

Code42 < 7.0.4 - Remote Code Execution via Email Invitation Subject Template Injection

CVE-2020-4027 MEDIUM

Atlassian Confluence < 7.4.5 and 7.5.0 - Authenticated Velocity Template Injection via Custom User Macros

CVE-2020-10753 MEDIUM

Red Hat Ceph Storage RadosGW - HTTP Header Injection

CVE-2020-15011 MEDIUM

GNU Mailman <2.1.33 - Code Injection

CVE-2020-14954 MEDIUM

Mutt <1.14.4-NeoMutt <2020-06-19 - Response Injection

CVE-2020-13262 MEDIUM

GitLab CE/EE <13.0.1 - Code Injection

CVE-2020-9495 MEDIUM

Apache Archiva < 2.2.5 - LDAP Injection via Login Form

CVE-2020-13445 HIGH

Liferay Portal <7.3.2 & DXP 7.0-7.2 - RCE

CVE-2020-11078 MEDIUM

httplib2 < 0.18.0 - HTTP Request Smuggling via CRLF Injection

CVE-2020-5574 MEDIUM

Movable Type <7.2.1, <6.5.3, <6.3.11 - Code Injection

CVE-2020-11060 HIGH

GLPI < 9.4.6 - Authenticated Remote Code Execution via Backup Functionality

CVE-2020-6245 MEDIUM

SAP BusinessObjects <4.2 - Code Injection

CVE-2020-12790 HIGH

nystudio107 SEOmatic < 3.2.49 - Server-Side Template Injection via Twig Template

CVE-2020-11056 HIGH

Sprout Forms < 3.9.0 - Server-Side Template Injection via Notification Email Custom Fields

CVE-2020-3246 MEDIUM

Cisco Umbrella - CRLF Injection via Crafted URL

CVE-2020-12108 MEDIUM

GNU Mailman < 2.1.31 - Arbitrary Content Injection via /options/mailman

Previous Page 178 of 194 Next

Details

Vulnerabilities 4,837

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy