CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,795 vulnerabilities with CWE-74
CVE-2026-2527 MEDIUM
Wavlink WL-WN579A3 <20210219 - Command Injection
CVSS 6.3
CVE-2026-2526 MEDIUM
Wavlink WL-WN579A3 <20210219 - Command Injection
CVSS 6.3
CVE-2026-2469 HIGH
directorytree/imapengine <1.22.3 - Code Injection
CVSS 7.6
CVE-2026-25814 CRITICAL
PlaciPy 1.0.0 - NoSQL Injection via DynamoDB Query Parameters
CVSS 9.8
CVE-2026-2227 MEDIUM
D-Link DCS-931L < 1.13.00 - OS Command Injection via AdminID Parameter
CVSS 4.7
CVE-2026-2225 HIGH
itsourcecode News Portal Project 1.0 - SQL Injection via Administrator Login Email Parameter
CVSS 7.3
CVE-2026-2223 HIGH
Online Reviewer System 1.0 - SQL Injection via ID Parameter
CVSS 7.3
CVE-2026-2221 HIGH
Online Reviewer System 1.0 - SQL Injection via Username Parameter in Login
CVSS 7.3
CVE-2026-2220 HIGH
Online Reviewer System 1.0 - SQL Injection via difficulty_id Parameter
CVSS 7.3
CVE-2026-2218 MEDIUM
D-Link DCS-933L < 1.14.11 - OS Command Injection via AdminID Parameter
CVSS 6.3
CVE-2026-2217 HIGH
Event Management System 1.0 - SQL Injection via ID Parameter in manage_user.php
CVSS 7.3
CVE-2026-2212 HIGH
Online Music Site 1.0 - SQL Injection via AdminEditCategory.php ID Parameter
CVSS 7.3
CVE-2026-2211 HIGH
Online Music Site 1.0 - SQL Injection via AdminDeleteCategory.php ID Parameter
CVSS 7.3
CVE-2026-2199 HIGH
Online Reviewer System 1.0 - SQL Injection via ID Parameter in user-delete.php
CVSS 7.3
CVE-2026-2198 HIGH
Online Reviewer System 1.0 - SQL Injection via difficulty_id Parameter
CVSS 7.3
CVE-2026-2197 HIGH
Online Reviewer System 1.0 - SQL Injection via exam-delete.php test_id Parameter
CVSS 7.3
CVE-2026-2196 HIGH
Online Reviewer System 1.0 - SQL Injection via exam-update.php test_id Parameter
CVSS 7.3
CVE-2026-2195 HIGH
Online Reviewer System 1.0 - SQL Injection via ID Parameter
CVSS 7.3
CVE-2026-2194 MEDIUM
D-Link DI-7100G C1 24.04.18D1 - Remote Command Injection via start_proxy_client_email Function
CVSS 6.3
CVE-2026-2193 MEDIUM
D-Link DI-7100G C1 24.04.18D1 - OS Command Injection via usb_username Parameter
CVSS 6.3
CVE-2026-2190 HIGH
itsourcecode School Management System 1.0 - SQL Injection via ID Parameter in controller.php
CVSS 7.3
CVE-2026-2189 HIGH
itsourcecode School Management System 1.0 - SQL Injection via ay Parameter
CVSS 7.3
CVE-2026-2182 HIGH
UTT 521G 3.1.1-190816 - OS Command Injection via setSysAdm passwd1 Parameter
CVSS 7.2
CVE-2026-2179 MEDIUM
PHPGurukul Hospital Management System 4.0 - SQL Injection via /admin/manage-users.php ID Parameter
CVSS 4.7
CVE-2026-2178 MEDIUM
r-huijts xcode-mcp-server <f3419f00117aa9949e326f78cc940166c88f18cb...
CVSS 6.3
Details
Vulnerabilities 4,795
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits