Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,795 vulnerabilities with CWE-74

CVE-2025-12313 MEDIUM

D-Link DI-7001 MINI 19.09.19A1/24.04.18B1 - OS Command Injection via /msp_info.htm cmd Parameter

CVE-2025-12309 HIGH

Nero Social Networking Site 1.0 - SQL Injection via ID Parameter in friendprofile.php

CVE-2025-12308 HIGH

Nero Social Networking Site 1.0 - SQL Injection via deletemessage.php message_id Parameter

CVE-2025-12307 HIGH

Nero Social Networking Site 1.0 - SQL Injection via ID Parameter in addfriend.php

CVE-2025-12306 HIGH

Nero Social Networking Site 1.0 - SQL Injection via ID Parameter in acceptoffres.php

CVE-2025-12294 MEDIUM

SourceCodester Point of Sales 1.0 - SQL Injection via delete_category.php ID Parameter

CVE-2025-12293 HIGH

SourceCodester Point of Sales 1.0 - SQL Injection via Category Parameter in category.php

CVE-2025-12292 HIGH

SourceCodester Point of Sales 1.0 - SQL Injection via Username Parameter

CVE-2025-12287 MEDIUM

Bdtask Wholesale < 2025-10-13 - SQL Injection via Admin Dashboard Edit Profile

CVE-2025-12277 HIGH

Abdullah-Hasan-Sajjad Online-School <f09dda77b4c29aa083ff57f4b1eb99...

CVE-2025-12266 MEDIUM

Zytec Dalian Zhuoyun Technology Central Authentication Service <202...

CVE-2025-12263 MEDIUM

Online Event Judging System 1.0 - SQL Injection via judge_id Parameter in edit_judge.php

CVE-2025-12262 MEDIUM

Online Event Judging System 1.0 - SQL Injection via crit_id Parameter in edit_criteria.php

CVE-2025-12261 MEDIUM

CodeAstro Gym Management System 1.0 - SQL Injection via ID Parameter in remove-announcement.php

CVE-2025-12257 HIGH

SourceCodester Online Student Result System 1.0 - SQL Injection via ID Parameter in view_result.php

CVE-2025-12256 MEDIUM

Online Event Judging System 1.0 - SQL Injection via contestant_id Parameter

CVE-2025-12255 MEDIUM

Online Event Judging System 1.0 - SQL Injection via fullname Parameter

CVE-2025-12254 MEDIUM

Online Event Judging System 1.0 - SQL Injection via fullname Parameter in add_judge.php

CVE-2025-12253 HIGH

Amttgroup Hibos - Injection

CVE-2025-12252 MEDIUM

Online Event Judging System 1.0 - SQL Injection via /ajax/action.php Content Parameter

CVE-2025-12249 MEDIUM

Axosoft Scrum and Bug Tracking 22.1.1.11545 - Code Injection

CVE-2025-12248 HIGH

CLTPHP 3.0 - SQL Injection via /home/search.html Keyword Parameter

CVE-2025-12243 MEDIUM

Client Details System 1.0 - SQL Injection via ID Parameter in welcome.php

CVE-2025-12242 MEDIUM

CodeAstro Gym Management System 1.0 - SQL Injection via ID Parameter in check-attendance.php

CVE-2025-12238 MEDIUM

Automated Voting System 1.0 - SQL Injection via Username Parameter in /admin/user.php

Previous Page 55 of 192 Next

Details

Vulnerabilities 4,795

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy