CWE-74
High likelihoodImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
4,516 vulnerabilities with CWE-74
CVE-2026-6219
MEDIUM
aandrew-me ytDownloader Compressor Feature compressor.js child_process.exec command injection
CVSS 5.3
CVE-2026-6202
MEDIUM
code-projects Easy Blog Site post.php sql injection
CVSS 6.3
CVE-2026-6193
HIGH
PHPGurukul Daily Expense Tracking System register.php sql injection
CVSS 7.3
CVE-2026-6191
MEDIUM
itsourcecode Construction Management System equipments.php sql injection
CVSS 6.3
CVE-2026-6190
MEDIUM
itsourcecode Construction Management System employees.php sql injection
CVSS 6.3
CVE-2026-6189
HIGH
SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
CVSS 7.3
CVE-2026-6188
HIGH
SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
CVSS 7.3
CVE-2026-6187
HIGH
SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
CVSS 7.3
CVE-2026-6183
HIGH
code-projects Simple Content Management System index.php sql injection
CVSS 7.3
CVE-2026-6182
HIGH
code-projects Simple Content Management System login.php sql injection
CVSS 7.3
CVE-2026-6167
HIGH
code-projects Faculty Management System subject-print.php sql injection
CVSS 7.3
CVE-2026-6166
HIGH
code-projects Vehicle Showroom Management System UpdateVehicleFunction.php sql injection
CVSS 7.3
CVE-2026-6165
HIGH
code-projects Vehicle Showroom Management System Login_check.php sql injection
CVSS 7.3
CVE-2026-6164
HIGH
code-projects Lost and Found Thing Management addcat.php sql injection
CVSS 7.3
CVE-2026-6163
HIGH
code-projects Lost and Found Thing Management catageory.php sql injection
CVSS 7.3
CVE-2026-6161
HIGH
code-projects Simple ChatBox Endpoint insert.php sql injection
CVSS 7.3
CVE-2026-6153
HIGH
code-projects Vehicle Showroom Management System StaffDetailsFunction.php sql injection
CVSS 7.3
CVE-2026-6152
HIGH
code-projects Vehicle Showroom Management System StaffAddingFunction.php sql injection
CVSS 7.3
CVE-2026-6151
HIGH
code-projects Vehicle Showroom Management System PaymentStatusFunction.php sql injection
CVSS 7.3
CVE-2026-6149
HIGH
code-projects Vehicle Showroom Management System BookVehicleFunction.php sql injection
CVSS 7.3
CVE-2026-6148
HIGH
code-projects Vehicle Showroom Management System MonthTotalReportUpdateFunction.php sql injection
CVSS 7.3
CVE-2026-6142
HIGH
tushar-2223 Hotel Management System roomdelete.php sql injection
CVSS 7.3
CVE-2026-6125
MEDIUM
Dromara warm-flow Workflow Definition save-json SpelHelper.parseExpression code injection
CVSS 6.3
CVE-2026-6118
MEDIUM
AstrBotDevs AstrBot MCP Endpoint tools.py add_mcp_server command injection
CVSS 6.3
CVE-2026-6110
HIGH
FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection
CVSS 7.3
Details
Vulnerabilities
4,516
Exploit Likelihood
High