CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,792 vulnerabilities with CWE-74
CVE-2026-11456 HIGH
Chanjet CRM HTTP GET Request jxf_dump_systable.php sql injection
CVSS 7.3
CVE-2026-11455 MEDIUM
FoundationAgents MetaGPT common.py check_cmd_exists command injection
CVSS 5.0
CVE-2026-11453 MEDIUM
Tiobon Employee Self-Service System Login Endpoint BlogSearch.aspx sql injection
CVSS 6.3
CVE-2026-11452 HIGH
GL.iNet GL-MT3000 SET_USER_PWD glc FUN_0042e200 command injection
CVSS 7.3
CVE-2026-11451 HIGH
GL.iNet GL-MT3000 FTP Protocol glc snprintf command injection
CVSS 7.3
CVE-2026-11450 HIGH
GL.iNet GL-MT3000 Path Normalization dlopen command injection
CVSS 7.3
CVE-2026-11449 MEDIUM
GL.iNet GL-MT3000 LuCI JSON-RPC rpc rpc_sys command injection
CVSS 6.3
CVE-2026-11448 MEDIUM
GL.iNet GL-MT3000 Minidlna Service rpc realpath command injection
CVSS 4.7
CVE-2026-11447 MEDIUM
GL.iNet GL-MT3000 MTK Backend iwinfo.so iwinfo_backend command injection
CVSS 6.3
CVE-2026-11435 HIGH
Jinher OA nextselectplan.aspx sql injection
CVSS 7.3
CVE-2026-11412 MEDIUM
Jinher OA GetFormSn.aspx sql injection
CVSS 6.3
CVE-2026-11406 MEDIUM
GL.iNet MT3000 OpenVPN Client Import Workflow ovpnclient.sh command injection
CVSS 6.3
CVE-2026-11342 HIGH
code-projects Hotel and Tourism Reservation System details.php sql injection
CVSS 7.3
CVE-2026-11339 MEDIUM
D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection
CVSS 6.3
CVE-2026-11334 HIGH
tittuvarghese CollegeManagementSystem fetch.php sql injection
CVSS 7.3
CVE-2026-10878 MEDIUM
D-Link DWR-M920 formSmsManage sub_41C8E8 command injection
CVSS 6.3
CVE-2026-10877 HIGH
SourceCodester Ship Ferry Ticket Reservation System Admin Login login.php sql injection
CVSS 7.3
CVE-2026-47644 MEDIUM
Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability
CVSS 6.5
CVE-2026-10875 MEDIUM
projectworlds Online Art Gallery Shop Project adminHome.ph sql injection
CVSS 6.3
CVE-2026-10874 MEDIUM
projectworlds Online Art Gallery Shop Project adminHome.php sql injection
CVSS 6.3
CVE-2026-41237 HIGH
Froxlor <2.3.7 DNS Record Validation - Zone File Injection
CVE-2026-41234 HIGH
Froxlor: BIND Zone File Injection via TXT Record Content
CVSS 7.6
CVE-2026-10811 MEDIUM
itsourcecode Fees Management System receipt.php sql injection
CVSS 6.3
CVE-2026-10809 MEDIUM
itsourcecode Fees Management System manage_user.php sql injection
CVSS 6.3
CVE-2026-10808 MEDIUM
itsourcecode Fees Management System manage_student.php sql injection
CVSS 6.3
Details
Vulnerabilities 4,792
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits