CWE-74
High likelihoodImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
4,516 vulnerabilities with CWE-74
CVE-2026-7290
MEDIUM
JeecgBoot loadDict Endpoint SqlInjectionUtil.java SqlInjectionUtil sql injection
CVSS 6.3
CVE-2026-7283
MEDIUM
SourceCodester Pharmacy Sales and Inventory System ajax.php save_expired sql injection
CVSS 4.7
CVE-2026-7282
MEDIUM
SourceCodester Pharmacy Sales and Inventory System ajax.php delete_expired sql injection
CVSS 4.7
CVE-2026-7268
MEDIUM
SourceCodester Pizzafy Ecommerce System ajax.php save_category sql injection
CVSS 6.3
CVE-2026-7267
MEDIUM
SourceCodester Pizzafy Ecommerce System view_prod.php sql injection
CVSS 6.3
CVE-2026-7266
MEDIUM
SourceCodester Pizzafy Ecommerce System ajax.php save_order sql injection
CVSS 6.3
CVE-2026-7265
MEDIUM
SourceCodester Pizzafy Ecommerce System index.php category sql injection
CVSS 6.3
CVE-2026-7264
MEDIUM
SourceCodester Pizzafy Ecommerce System ajax.php get_cart_items sql injection
CVSS 6.3
CVE-2026-7229
MEDIUM
code-projects Coaching Management System POST reply.php sql injection
CVSS 6.3
CVE-2026-7228
HIGH
SourceCodester Pizzafy Ecommerce System ajax.php get_cart_count sql injection
CVSS 7.3
CVE-2026-7227
HIGH
SourceCodester Pizzafy Ecommerce System ajax.php login sql injection
CVSS 7.3
CVE-2026-7226
HIGH
SourceCodester Pizzafy Ecommerce System ajax.php login2 sql injection
CVSS 7.3
CVE-2026-7225
HIGH
SourceCodester Pizzafy Ecommerce System ajax.php delete_menu sql injection
CVSS 7.3
CVE-2026-7224
HIGH
SourceCodester Pizzafy Ecommerce System ajax.php delete_cart sql injection
CVSS 7.3
CVE-2026-7215
HIGH
egtai gmx-vmd-mcp VMD Launch mcp_server.py launch_vmd_gui_tool command injection
CVSS 7.3
CVE-2026-7211
HIGH
dvladimirov MCP Git Search API mcp_server.py GitSearchRequest command injection
CVSS 7.3
CVE-2026-7206
HIGH
dubydu sqlite-mcp entry.py extract_to_json sql injection
CVSS 7.3
CVE-2026-7199
HIGH
SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
CVSS 7.3
CVE-2026-7196
MEDIUM
CodeAstro Online Classroom guestdetails sql injection
CVSS 6.3
CVE-2026-7194
HIGH
SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
CVSS 7.3
CVE-2026-7160
HIGH
Tenda HG3 formTracert command injection
CVSS 8.8
CVE-2026-7157
HIGH
disler aider-mcp-server aider_ai_code server.py command injection
CVSS 7.3
CVE-2026-7148
MEDIUM
CodeAstro Online Classroom addnewfaculty sql injection
CVSS 6.3
CVE-2026-7143
MEDIUM
1000 Projects Portfolio Management System MCA block_status.php sql injection
CVSS 6.3
CVE-2026-7131
HIGH
code-projects Online Lot Reservation System loginuser.php sql injection
CVSS 7.3
Details
Vulnerabilities
4,516
Exploit Likelihood
High