CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,795 vulnerabilities with CWE-74
CVE-2025-14222 MEDIUM
Code-Projects Employee Profile Mgmt - SQL Injection
CVSS 6.3
CVE-2025-14218 HIGH
Currency Exchange System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-14217 HIGH
Currency Exchange System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-14216 HIGH
Currency Exchange System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-14215 HIGH
Currency Exchange System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-14214 MEDIUM
itsourcecode Student Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-14212 HIGH
Advanced Library Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-14211 HIGH
Advanced Library Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-14210 HIGH
projectworlds Advanced Library Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-14209 HIGH
Campcodes School File Mgmt Sys 1.0 - SQL Injection
CVSS 7.3
CVE-2025-14208 MEDIUM
D-Link DIR-823X - Command Injection
CVSS 6.3
CVE-2025-14207 HIGH
tushar-2223 Hotel-Management-System - SQL Injection in /admin/invoiceprint.php
CVSS 7.3
CVE-2025-14203 MEDIUM
Code-Projects Question Paper Generator <1.0 - SQL Injection
CVSS 6.3
CVE-2025-14193 MEDIUM
Employee Profile Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-14192 HIGH
RashminDungrani online-banking - SQL Injection in /site/dist/auth_login.php
CVSS 7.3
CVE-2025-14190 HIGH
Chanjet TPlus <20251121 - SQL Injection
CVSS 7.3
CVE-2025-14189 HIGH
Chanjet CRM <20251121 - SQL Injection
CVSS 7.3
CVE-2025-14188 HIGH
UGREEN DH2100+ <5.3.0.251125 - Command Injection
CVSS 7.2
CVE-2025-14186 LOW
Grandstream GXP1625 1.0.7.4 - Cross-Site Scripting via vpn_ip Parameter
CVSS 3.5
CVE-2025-14185 MEDIUM
Yonyou U8 Cloud <5.1sp - SQL Injection
CVSS 6.3
CVE-2025-14184 MEDIUM
SGAI Space1 NAS N1211DS <1.0.915 - Command Injection
CVSS 6.3
CVE-2025-14108 HIGH
ZSPACE Q2C NAS < 1.1.0210050 - Remote Command Injection via zfilev2_api.OpenSafe
CVSS 8.8
CVE-2025-14107 HIGH
ZSPACE Q2C NAS < 1.1.0210050 - Remote Command Injection via SafeStatus safe_dir Parameter
CVSS 8.8
CVE-2025-14106 HIGH
ZSPACE Q2C NAS <= 1.1.0210050 - OS Command Injection via zfilev2_api.CloseSafe
CVSS 8.8
CVE-2025-14091 HIGH
TrippWasTaken PHP-Guitar-Shop - SQL Injection in Product Details Page
CVSS 7.3
Details
Vulnerabilities 4,795
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits