Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,795 vulnerabilities with CWE-74

CVE-2025-15420 HIGH

Yonyou KSOA 9.0 - SQL Injection via worksheetagent_work_report.jsp ID Parameter

CVE-2025-15410 HIGH

Online Guitar Store 1.0 - SQL Injection via L_email Parameter in /login.php

CVE-2025-15409 HIGH

Online Guitar Store 1.0 - SQL Injection via /admin/Delete_product.php del_pro Parameter

CVE-2025-15408 HIGH

Online Guitar Store 1.0 - SQL Injection via dre_title Parameter

CVE-2025-15407 HIGH

Online Guitar Store 1.0 - SQL Injection via Create_category.php dre_Ctitle Parameter

CVE-2025-15394 MEDIUM

idreamsoft iCMS < 8.0.0 - Remote Code Injection via Config Parameter

CVE-2025-15393 MEDIUM

KodiCMS < 13.82.135 - Remote Code Injection via Layout API Endpoint

CVE-2025-15392 MEDIUM

KodiCMS < 13.82.135 - SQL Injection via Search API Endpoint Keyword Parameter

CVE-2025-15391 MEDIUM

D-Link DIR-806A 100CNb11 - OS Command Injection in SSDP Request Handler

CVE-2025-15357 MEDIUM

D-Link DI-7400G+ 19.12.25A1 - OS Command Injection via cmd Parameter

CVE-2025-15354 HIGH

Society Management System 1.0 - SQL Injection via Username Parameter in add_admin.php

CVE-2025-15353 HIGH

itsourcecode Society Management System 1.0 - SQL Injection via Username Parameter in edit_admin_query

CVE-2025-15263 HIGH

BiggiDroid Simple PHP CMS 1.0 - SQL Injection via Admin Login Username Parameter

CVE-2025-15257 HIGH

Edimax BR-6208AC 1.02/1.03 - Command Injection via Web Configuration Interface

CVE-2025-15256 HIGH

Edimax BR-6208AC 1.02-1.03 - OS Command Injection via formStaDrvSetup rootAPmac Parameter

CVE-2025-67746 MEDIUM

Composer 2.0.0-2.2.25 and 2.0.0-2.9.2 - Terminal Output Injection via ANSI Control Characters

CVE-2025-15250 MEDIUM

08CMS Novel System <3.4 - Code Injection

CVE-2025-15243 HIGH

Simple Stock System 1.0 - SQL Injection via Username Parameter in Login

CVE-2025-15212 MEDIUM

Refugee Food Management System 1.0 - SQL Injection via regfood.php 'a' Parameter

CVE-2025-15211 MEDIUM

Refugee Food Management System 1.0 - SQL Injection via refNo/Fname/Lname/sex/age/contact/nationality_nid Parameters

CVE-2025-15210 MEDIUM

Refugee Food Management System 1.0 - SQL Injection via editrefugee.php Argument

CVE-2025-15209 MEDIUM

Refugee Food Management System 1.0 - SQL Injection via editfood.php Parameter Manipulation

CVE-2025-15208 HIGH

Refugee Food Management System 1.0 - SQL Injection via rfid Parameter in editrefugee.php

CVE-2025-15207 HIGH

Campcodes Supplier Management System 1.0 - SQL Injection via chkId[] Parameter

CVE-2025-15206 HIGH

Campcodes Supplier Management System 1.0 - SQL Injection via txtAreaCode Parameter

Previous Page 40 of 192 Next

Details

Vulnerabilities 4,795

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy