Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,516 vulnerabilities with CWE-74

CVE-2026-7028 MEDIUM

CodeAstro Online Job Portal All Jobs delete-jobs.php sql injection

CVE-2026-7023 MEDIUM

ByteDance coze-studio databaseTool database_impl.go ExecuteSQL sql injection

CVE-2026-7002 HIGH

KLiK SocialMediaWebsite Private Message get_message_ajax.php sql injection

CVE-2026-6994 MEDIUM

Envoy Query Parameter header_mutation.cc params.add injection

CVE-2026-6991 MEDIUM

colinhacks Zod CUID Data Type regexes.ts sql injection

CVE-2026-6989 MEDIUM

Tenda F453 Telnet Service telnet TendaTelnet command injection

CVE-2026-6987 HIGH

PicoClaw Web Launcher Management Plane restart command injection

CVE-2026-6982 MEDIUM

star7th ShowDoc API Page Sort Endpoint PageController.class.PHP sql injection

CVE-2026-6980 HIGH

Divyanshu-hash GitPilot-MCP main.py repo_path command injection

CVE-2026-6978 MEDIUM

JiZhiCMS addcache.html htmlspecialchars_decode sql injection

CVE-2026-41319 MEDIUM

MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade

CVE-2026-6799 MEDIUM

Comfast CF-N1-S Endpoint mbox-config command injection

CVE-2026-1089 MEDIUM

User‑Controlled HTTP Header In Fortra's GoAnywhere MFT Allows Arbitrary DNS Lookups

CVE-2026-0972 MEDIUM

GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances

CVE-2026-6629 HIGH

Metasoft 美特软件 MetaCRM Interface sql.jsp Statement.executeUpdate sql injection

CVE-2026-6628 MEDIUM

phili67 Ecclesia CRM Query Viewer view ValidateInput sql injection

CVE-2026-6603 HIGH

modelscope agentscope _python.py execute_shell_command code injection

CVE-2026-6599 MEDIUM

langflow-ai langflow Model Context Protocol Configuration API mcp_projects.py install_mcp_config injection

CVE-2026-6595 HIGH

ProjectsAndPrograms School Management System HTTP GET Parameter buslocation.php sql injection

CVE-2026-6576 MEDIUM

liangliangyy DjangoBlog WeChat Bot commonapi.py CommandHandler command injection

CVE-2026-6562 HIGH

dameng100 muucmf index.html getListByPage sql injection

CVE-2026-6490 HIGH

QueryMine sms GET Request Parameter deletecourse.php sql injection

CVE-2026-6488 MEDIUM

QueryMine sms GET Request Parameter editcourse.php sql injection

CVE-2026-5797 MEDIUM

Quiz and Survey Master (QSM) <= 11.1.0 - Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields

CVE-2026-39419 LOW

MaxKB: Sandbox Result Validation Bypass via Tool Output Spoofing

Previous Page 4 of 181 Next

Details

Vulnerabilities 4,516

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy