CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,795 vulnerabilities with CWE-74
CVE-2026-1443 HIGH
Online Music Site 1.0 - SQL Injection via AdminDeleteUser.php ID Parameter
CVSS 7.3
CVE-2026-1422 HIGH
Online Examination System 1.0 - SQL Injection via User Parameter in Login Page
CVSS 7.3
CVE-2026-1419 MEDIUM
D-Link DCS-700L Firmware 1.03.09 - OS Command Injection via LightSensorControl Parameter
CVSS 4.7
CVE-2026-1414 MEDIUM
Sangfor O&M Security Management System <= 3.0.12 - OS Command Injection
CVSS 6.3
CVE-2026-1413 MEDIUM
Sangfor O&M Security Management System <= 3.0.12 - Remote Command Injection
CVSS 6.3
CVE-2026-1412 HIGH
Sangfor O&M Security Management System <= 3.0.12 - Remote Command Injection
CVSS 7.3
CVE-2026-1327 MEDIUM
Totolink NR1800X 9.1.0u.6279_B20210910 - OS Command Injection via setTracerouteCfg POST Parameter
CVSS 6.3
CVE-2026-1326 MEDIUM
Totolink NR1800X 9.1.0u.6279_B20210910 - OS Command Injection via Hostname Parameter in setWanCfg
CVSS 6.3
CVE-2026-24010 HIGH
horilla < 1.5.0 - Authenticated File Upload via Profile Picture
CVSS 8.0
CVE-2026-24002 CRITICAL
Grist < 1.7.9 - Pyodide Sandbox Escape Code Execution
CVSS 9.0
CVE-2026-0865 MEDIUM
Python CPython - HTTP Header Injection
CVE-2026-1192 HIGH
Tosei Online Store Management System 1.01 - Command Injection
CVSS 7.3
CVE-2026-1179 HIGH
Yonyou KSOA 9.0 - SQL Injection via /kmf/user_popedom.jsp folderid Parameter
CVSS 7.3
CVE-2026-1178 HIGH
Yonyou KSOA 9.0 - SQL Injection via /kmf/select.jsp folderid Parameter
CVSS 7.3
CVE-2026-1177 HIGH
Yonyou KSOA 9.0 - SQL Injection via /kmf/save_folder.jsp folderid Parameter
CVSS 7.3
CVE-2026-1176 HIGH
itsourcecode School Management System 1.0 - SQL Injection via ID Parameter in subject/index.php
CVSS 7.3
CVE-2026-1160 HIGH
PHPGurukul Directory Management System 1.0 - SQL Injection via Search Parameter
CVSS 7.3
CVE-2026-1159 HIGH
Online Frozen Foods Ordering System 1.0 - SQL Injection via product_name Parameter
CVSS 7.3
CVE-2026-1154 MEDIUM
SourceCodester E-Learning System 1.0 - Cross-Site Scripting via Lesson Module Title/Description
CVSS 4.3
CVE-2026-1150 MEDIUM
Totolink LR350 9.3.5u.6369_B20220309 - Command Injection via setTracerouteCfg POST Parameter
CVSS 6.3
CVE-2026-1149 MEDIUM
Totolink LR350 9.3.5u.6369_B20220309 - OS Command Injection via setDiagnosisCfg ip Parameter
CVSS 6.3
CVE-2026-1133 HIGH
Yonyou KSOA 9.0 - SQL Injection via /kmf/folder.jsp folderid Parameter
CVSS 7.3
CVE-2026-1132 HIGH
Yonyou KSOA 9.0 - SQL Injection via /kmf/edit_folder.jsp folderid Parameter
CVSS 7.3
CVE-2026-1131 HIGH
Yonyou KSOA 9.0 - SQL Injection via /kmc/save_catalog.jsp catalogid Parameter
CVSS 7.3
CVE-2026-1130 HIGH
Yonyou KSOA 9.0 - SQL Injection via ID Parameter in worksheet/worksadd_plan.jsp
CVSS 7.3
Details
Vulnerabilities 4,795
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits