CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,795 vulnerabilities with CWE-74
CVE-2026-3753 MEDIUM
SourceCodester Sales and Inventory System <1.0 - SQL Injection
CVSS 6.3
CVE-2026-3752 MEDIUM
SourceCodester Employee Task Management System <1.0 - SQL Injection
CVSS 4.7
CVE-2026-3751 MEDIUM
SourceCodester Employee Task Management System 1.0 - SQL Injection
CVSS 4.7
CVE-2026-3747 HIGH
itsourcecode University Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2026-3746 HIGH
SourceCodester Tourism Website 1.0 - SQL Injection
CVSS 7.3
CVE-2026-3745 MEDIUM
Student Web Portal 1.0 - SQL Injection
CVSS 6.3
CVE-2026-3744 HIGH
Student Web Portal 1.0 - SQL Injection
CVSS 7.3
CVE-2026-3740 HIGH
itsourcecode University Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2026-3736 HIGH
Simple Flight Ticket Booking System 1.0 - SQL Injection
CVSS 7.3
CVE-2026-3735 HIGH
Simple Flight Ticket Booking System 1.0 - SQL Injection
CVSS 7.3
CVE-2026-3730 HIGH
Free Hotel Reservation System 1.0 - SQL Injection
CVSS 7.3
CVE-2026-3723 HIGH
Simple Flight Ticket Booking System 1.0 - SQL Injection
CVSS 7.3
CVE-2026-3711 MEDIUM
Simple Flight Ticket Booking System 1.0 - SQL Injection
CVSS 4.7
CVE-2026-3710 MEDIUM
Simple Flight Ticket Booking System 1.0 - SQL Injection
CVSS 4.7
CVE-2026-3709 HIGH
Simple Flight Ticket Booking System 1.0 - SQL Injection
CVSS 7.3
CVE-2026-3708 HIGH
Simple Flight Ticket Booking System 1.0 - SQL Injection
CVSS 7.3
CVE-2026-3705 HIGH
Simple Flight Ticket Booking System 1.0 - SQL Injection
CVSS 7.3
CVE-2026-3704 MEDIUM
Wavlink NU516U1 251208 - Command Injection
CVSS 4.7
CVE-2026-3682 MEDIUM
welovemedia FFmate <=2.0.15 - Command Injection
CVSS 6.3
CVE-2026-3680 MEDIUM
RyuzakiShinji biome-mcp-server <=1.0.0 - Command Injection
CVSS 6.3
CVE-2026-3672 MEDIUM
JeecgBoot <= 3.9.1 - SQL Injection via isExistSqlInjectKeyword Function
CVSS 6.3
CVE-2026-30852 HIGH
Caddy 2.7.5-2.11.2 - Info Disclosure
CVSS 7.5
CVE-2026-29186 HIGH
Backstage plugin-techdocs-node < 1.14.3 - Arbitrary Code Execution via MkDocs Configuration Bypass
CVSS 7.7
CVE-2026-3662 MEDIUM
Wavlink WL-NU516U1 240425 - Command Injection
CVSS 4.7
CVE-2026-3661 MEDIUM
Wavlink WL-NU516U1 240425 - Command Injection
CVSS 4.7
Details
Vulnerabilities 4,795
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits