Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,843 vulnerabilities with CWE-74

CVE-2018-21051 CRITICAL

Android N(7.x) and O(8.x) - Arbitrary Code Execution via Fingerprint Trustlet Invalid Free

CVE-2018-20914 HIGH

cPanel < 70.0.23 - Session File Injection via OpenID Provider

CVE-2018-20898 MEDIUM

cPanel 61.9999.55-71.9980.37 - Email Injection via cPAddons Moderation

CVE-2018-20885 MEDIUM

cPanel < 74.0.0 - Apache HTTP Server Configuration Injection via DocumentRoot Variable Interpolation

CVE-2018-1943 MEDIUM

IBM Cloud Private <3.1.2 - HTTP HOST header injection

CVE-2018-4153 MEDIUM

macOS < 10.14 - Injection via Improved Validation

CVE-2018-18996 CRITICAL

LCDS Laquis SCADA < 4.1.0.4150 - Remote Code Execution

CVE-2018-18992 HIGH

LCDS Laquis SCADA < 4.1.0.4150 - Remote Code Execution

CVE-2018-16492 CRITICAL

extend <2.0.2, 3.0.0-3.0.2 - Prototype Pollution

CVE-2018-16491 CRITICAL

node.extend <1.1.7 - Prototype Pollution

CVE-2018-16490 HIGH

mpath < 0.5.1 - Prototype Pollution

CVE-2018-16489 CRITICAL

just-extend < 4.0.0 - Prototype Pollution via Function Property Injection

CVE-2018-16486 CRITICAL

defaults-deep <=0.2.4 - Prototype Pollution

CVE-2018-16627 MEDIUM

Kirby 2.5.12 - Host Header Injection via Forget Password Feature

CVE-2018-1000854 CRITICAL

esigate < 5.2 - Remote Code Execution via ESI Directive with User-Specified XSLT

CVE-2018-18250 HIGH

Icinga Web 2 < 2.6.2 - Cross-Site Scripting via Navigation Dashlet Name Parameter

CVE-2018-20167 HIGH

Terminology < 1.3.1 - Remote Code Execution via Popmedia Control Sequence

CVE-2018-1474 MEDIUM

IBM BigFix Platform <9.2.14, <9.5.9 - HTTP Response Splitting

CVE-2018-1896 MEDIUM

IBM Connections 5.0, 5.5, and 6.0 - Host Header Injection

CVE-2018-18207 MEDIUM

Virtualmin 6.03 - Frame Injection via Settings Editor File Parameter

CVE-2018-16763 CRITICAL

FUEL CMS < 1.4.2 - Unauthenticated Remote Code Execution via Pages Filter or Preview Data Parameter

CVE-2018-9062 MEDIUM

Lenovo ThinkPad and V Series Firmware - Arbitrary Code Execution via Improper BIOS Region Check

CVE-2018-1549 MEDIUM

IBM Rational Quality Manager 5.0-5.0.2 and 6.0-6.0.5 - HTTP Response Splitting via Crafted URL

CVE-2018-4995 CRITICAL

Adobe Acrobat and Reader DC < 15.006.30417, 15.008.20082-18.011.20038 - Security Bypass via XFA Newline Injection

CVE-2018-0313 HIGH

Cisco NX-OS - Authenticated Remote Code Execution via NX-API HTTP/HTTPS Packet

Previous Page 184 of 194 Next

Details

Vulnerabilities 4,843

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy