Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,795 vulnerabilities with CWE-74

CVE-2025-14090 MEDIUM

Amttgroup Hibos - Injection

CVE-2025-14012 MEDIUM

jizhicms < 2.5.5 - SQL Injection via Batch Delete Comments Function

CVE-2025-14011 MEDIUM

jizhicms < 2.5.5 - SQL Injection via Add Display Name Field aid/tid Parameter

CVE-2025-13811 MEDIUM

jsnjfz WebStack-Guns 1.0 - SQL Injection via Sort Parameter

CVE-2025-13800 MEDIUM

ADSLR NBR1005GPEV2 < 250814-r037c - OS Command Injection via set_mesh_disconnect mac Parameter

CVE-2025-13799 MEDIUM

ADSLR B-QE2W401 Firmware < 250814-r037c - OS Command Injection via /send_order.cgi mac Parameter

CVE-2025-13798 MEDIUM

ADSLR NBR1005GPEV2 < 250814-r037c - Remote Command Injection via send_order.cgi mac Parameter

CVE-2025-13797 MEDIUM

ADSLR B-QE2W401 < 250814-r037c - OS Command Injection via del_swifimac Parameter

CVE-2025-13792 HIGH

Qualitor <8.20.104/8.24.97 - Code Injection

CVE-2025-13788 HIGH

Chanjet CRM < 2025-11-06 - SQL Injection via gblOrgID Parameter in /tools/upgradeattribute.php

CVE-2025-13786 HIGH

wtcms < 2019-12-20 - Remote Code Execution via Index.php Content Argument

CVE-2025-13783 MEDIUM

wtcms < 2019-12-20 - SQL Injection via CommentadminController ids Parameter

CVE-2025-13782 HIGH

WTCMS < 2019-12-20 - SQL Injection via SlideController Delete Function

CVE-2025-66025 MEDIUM

Caido < 0.53.0 - Unauthenticated Open Redirect via Markdown Link Injection

CVE-2025-13586 MEDIUM

Online Student Clearance System 1.0 - SQL Injection via txtconfirm_password Parameter

CVE-2025-13585 HIGH

itsourcecode COVID Tracking System 1.0 - SQL Injection via Login Page Code Parameter

CVE-2025-13583 HIGH

carmelo question_paper_generator 1.0 - SQL Injection via Fname Parameter in POST Handler

CVE-2025-13582 HIGH

Jonnys Liquor 1.0 - SQL Injection via Product Parameter in GET Parameter Handler

CVE-2025-13581 MEDIUM

itsourcecode Student Information System 1.0 - SQL Injection via schedule_edit1.php schedule_id Parameter

CVE-2025-13580 MEDIUM

code-projects Library System 1.0 - SQL Injection via ID Parameter in mail.php

CVE-2025-13579 MEDIUM

code-projects Library System 1.0 - SQL Injection via /return.php ID Parameter

CVE-2025-13578 HIGH

code-projects Library System 1.0 - SQL Injection via Username Parameter in Login

CVE-2025-13575 MEDIUM

fabian blog_site 1.0 - SQL Injection via Category Handler name/field

CVE-2025-13572 HIGH

projectworlds Advanced Library Management System 1.0 - SQL Injection via admin_id Parameter in delete_admin.php

CVE-2025-13571 MEDIUM

Simple Food Ordering System 1.0 - SQL Injection via ID Parameter in listorder.php

Previous Page 48 of 192 Next

Details

Vulnerabilities 4,795

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy