Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,843 vulnerabilities with CWE-74

CVE-2020-9757 CRITICAL

Craft CMS SEOmatic < 3.3.0 - Server-Side Template Injection via Metacontainers Controller

CVE-2020-5249 MEDIUM

Puma < 3.12.3 and 3.12.4 - HTTP Response Splitting via Early-Hints Header Injection

CVE-2020-5247 MEDIUM

Puma < 3.12.3 - HTTP Response Splitting via Header Injection

CVE-2020-9382 MEDIUM

Widgets extension < 1.4.0 - Unauthenticated Arbitrary Wiki Page Execution via #widget Parser Function

CVE-2020-5245 HIGH

Dropwizard-Validation < 1.3.19 - Remote Code Execution via Java Expression Language Injection

CVE-2020-8800 HIGH

SuiteCRM <= 7.11.11 - PHP Object Injection via EmailsControllerActionGetFromFields

CVE-2020-5230 HIGH

Opencast < 7.6 - Path Traversal and Arbitrary File Write via Media Package Identifier

CVE-2020-8093 MEDIUM

Bitdefender Antivirus for Mac < 8.0.0 - Code Injection via DYLD Environment Variable

CVE-2020-5219 HIGH

peerigon angular-expressions < 1.0.1 - Remote Code Execution via Expression Compilation

CVE-2020-5217 MEDIUM

Secure Headers < 3.8.0, 5.1.0, 6.2.0 - Directive Injection via Semicolon in CSP Directives

CVE-2020-5216 MEDIUM

Secure Headers < 3.9.0, 5.2.0-6.3.0 - Directive Injection via Newline in Content-Security-Policy

CVE-2019-25150 HIGH

Email Templates <1.3 - Code Injection

CVE-2019-25031 MEDIUM

Unbound <1.9.5 - Configuration Injection

CVE-2019-20409 CRITICAL

Atlassian Jira < 8.8.0 - Remote Code Execution via Velocity Template Injection

CVE-2019-16385 MEDIUM

Cybele Thinfinity VirtualUI 2.5.17.2 - Reflected XSS

CVE-2019-13285 HIGH

CoSoSys Endpoint Protector 5.1.0.2 - Host Header Injection

CVE-2019-12425 HIGH

Apache OFBiz 17.12.01 - Host Header Injection

CVE-2019-18860 MEDIUM

Squid < 4.9 - Cross-Site Scripting via cachemgr.cgi Host Parameter

CVE-2019-12416 MEDIUM

Apache DeltaSpike < 1.9.2 and 1.9.4 - Injection in ClientSideWindowStrategy

CVE-2019-11073 HIGH

PRTG Network Monitor < 19.4.54.1506 - Authenticated RCE via HttpTransactionSensor.exe

CVE-2019-19614 HIGH

Halvotec RAQuest <10.24.11206.1 - Command Injection

CVE-2019-10795 MEDIUM

undefsafe < 2.0.3 - Prototype Pollution via __proto__ Payload

CVE-2019-10794 MEDIUM

component-flatten - Prototype Pollution via __proto__ Payload

CVE-2019-10793 MEDIUM

dot-object < 2.1.3 - Prototype Pollution via __proto__ Payload

CVE-2019-10792 MEDIUM

bodymen < 1.1.1 - Prototype Pollution via __proto__ Payload

Previous Page 180 of 194 Next

Details

Vulnerabilities 4,843

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy