CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,798 vulnerabilities with CWE-74
CVE-2025-10413 HIGH
Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
CVE-2025-10409 MEDIUM
SourceCodester Student Grading System 1.0 - SQL Injection via fname Parameter
CVSS 6.3
CVE-2025-10408 MEDIUM
SourceCodester Student Grading System 1.0 - SQL Injection via /edit_user.php ID Parameter
CVSS 6.3
CVE-2025-10407 MEDIUM
SourceCodester Student Grading System 1.0 - SQL Injection via view_user.php ID Parameter
CVSS 6.3
CVE-2025-10405 HIGH
Baptism Information Management System 1.0 - SQL Injection via bapt_id Parameter
CVSS 7.3
CVE-2025-10404 HIGH
itsourcecode Baptism Information Management System 1.0 - SQL Injection via rptbaptismal.php ID Parameter
CVSS 7.3
CVE-2025-10403 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via viewid Parameter
CVSS 7.3
CVE-2025-10402 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via /admin/readenq.php delid Parameter
CVSS 7.3
CVE-2025-10401 MEDIUM
D-Link DIR-823x Firmware < 250416 - OS Command Injection via diag_ping target_addr Parameter
CVSS 6.3
CVE-2025-10400 MEDIUM
SourceCodester Food Ordering Management System 1.0 - SQL Injection via ticket_id Parameter
CVSS 6.3
CVE-2025-10399 MEDIUM
Korzh EasyQuery <7.4.0 - SQL Injection
CVSS 6.3
CVE-2025-10396 HIGH
Pet Grooming Management Software 1.0 - SQL Injection via /admin/edit_role.php ID Parameter
CVSS 7.3
CVE-2025-10394 MEDIUM
fcba_zzm Smart Park Management System 2.0 - Remote Code Injection in Scheduled Task Module
CVSS 4.7
CVE-2025-10387 MEDIUM
codesiddhant jasmin_ransomware <= 1.0.1 - SQL Injection via handshake.php
CVSS 6.3
CVE-2025-10325 MEDIUM
Wavlink WL-WN578W2 221110 - OS Command Injection via login.cgi ipaddr Parameter
CVSS 6.3
CVE-2025-10324 HIGH
Wavlink WL-WN578W2 221110 - OS Command Injection via firewall.cgi Parameter Manipulation
CVSS 7.3
CVE-2025-10323 HIGH
Wavlink WL-WN578W2 221110 - OS Command Injection via sel_EncrypTyp Parameter
CVSS 7.3
CVE-2025-10251 MEDIUM
FoxCMS < 1.24 - SQL Injection via Images.php batchCope Function
CVSS 6.3
CVE-2025-10218 MEDIUM
lostvip ruoyi-go 2.1 - SQL Injection via SysRoleDao SelectListPage sortName Parameter
CVSS 6.3
CVE-2025-10210 MEDIUM
chancms < 3.3.0 - SQL Injection via Search Function Key Parameter
CVSS 6.3
CVE-2025-10197 MEDIUM
HJSoft HCM <20250822 - SQL Injection
CVSS 6.3
CVE-2025-10107 MEDIUM
TRENDnet TEW-831DR 1.0 - Command Injection
CVSS 4.7
CVE-2025-7350 HIGH
Rockwell Automation Stratix - Malicious Configuration Remote Code Execution
CVE-2025-10123 HIGH
D-Link DIR-823X < 250416 - Unauthenticated Command Injection via Hostname Parameter
CVSS 7.3
CVE-2025-10122 MEDIUM
Maccms10 2025.1000.4050 - SQL Injection via Database Controller Rep Function
CVSS 4.7
Details
Vulnerabilities 4,798
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits