Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,795 vulnerabilities with CWE-74

CVE-2025-14968 HIGH

Simple Stock System 1.0 - SQL Injection via Email Parameter in Update Endpoint

CVE-2025-14967 HIGH

Student Management System 1.0 - SQL Injection via school_year Parameter in candidates_report.php

CVE-2025-14966 MEDIUM

fastadmin < 1.6.1.20250430 - SQL Injection via Backend Controller selectpage Function

CVE-2025-14961 HIGH

Simple Blood Donor Management System 1.0 - SQL Injection via campaignname Parameter in /editedcampaign.php

CVE-2025-14960 HIGH

Simple Blood Donor Management System 1.0 - SQL Injection via Name Parameter in editeddonor.php

CVE-2025-14959 HIGH

Simple Stock System 1.0 - SQL Injection via Username Parameter in signup.php

CVE-2025-14952 HIGH

Campcodes Supplier Management System 1.0 - SQL Injection via txtCategoryName Parameter

CVE-2025-14951 HIGH

Scholars Tracking System 1.0 - SQL Injection via post_content Parameter

CVE-2025-14950 HIGH

Scholars Tracking System 1.0 - SQL Injection via /delete_post.php ID Parameter

CVE-2025-14940 HIGH

Scholars Tracking System 1.0 - SQL Injection via /admin/delete_user.php ID Parameter

CVE-2025-14939 MEDIUM

Online Appointment Booking System 1.0 - SQL Injection via Managername Parameter

CVE-2025-14900 MEDIUM

CodeAstro Real Estate Management System 1.0 - SQL Injection via /admin/userdelete.php ID Parameter

CVE-2025-14899 MEDIUM

CodeAstro Real Estate Management System 1.0 - SQL Injection in Administrator Endpoint

CVE-2025-14898 MEDIUM

CodeAstro Real Estate Management System 1.0 - SQL Injection in Administrator Endpoint

CVE-2025-14897 MEDIUM

CodeAstro Real Estate Management System 1.0 - SQL Injection via /admin/useragentdelete.php

CVE-2025-14884 HIGH

D-Link DIR-605 202WWB03 - OS Command Injection in Firmware Update Service

CVE-2025-14877 HIGH

Campcodes Supplier Management System 1.0 - SQL Injection via cmbAreaCode Parameter

CVE-2025-14856 MEDIUM

RuoYi < 4.8.1 - Remote Code Injection via /monitor/cache/getnames Fragment Parameter

CVE-2025-14837 MEDIUM

ZZCMS 2025 - Remote Code Injection in Backend Website Settings Module

CVE-2025-14834 MEDIUM

Simple Stock System 1.0 - SQL Injection via Username Parameter in checkuser.php

CVE-2025-14833 HIGH

Online Appointment Booking System 1.0 - SQL Injection via /admin/deletemanagerclinic.php Clinic Parameter

CVE-2025-14832 HIGH

Online Cake Ordering System 1.0 - SQL Injection via updateproduct.php ID Parameter

CVE-2025-14780 MEDIUM

Xiongwei Smart Catering Cloud Platform 2.1.6446.28761 - SQL Injection

CVE-2025-14730 MEDIUM

CTCMS < 2.1.2 - Remote Code Injection via Cj_Add/Cj_Edit Argument

CVE-2025-14729 MEDIUM

CTCMS < 2.1.2 - Remote Code Execution via CT_App_Paytype Argument

Previous Page 43 of 192 Next

Details

Vulnerabilities 4,795

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy