Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,798 vulnerabilities with CWE-74

CVE-2025-10076 HIGH

SourceCodester Online Polling System 1.0 - SQL Injection via Email Parameter in manage-profile.php

CVE-2025-10068 HIGH

Online Discussion Forum 1.0 - SQL Injection via ID Parameter in add_views.php

CVE-2025-10062 HIGH

itsourcecode Student Information Management System 1.0 - SQL Injection via uname Parameter

CVE-2025-10033 HIGH

itsourcecode Online Discussion Forum 1.0 - SQL Injection via Username Parameter

CVE-2025-10031 HIGH

Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via /ajax.php ID Parameter

CVE-2025-10030 HIGH

Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via /ajax.php ID Parameter

CVE-2025-10025 HIGH

PHPGurukul Online Course Registration 3.1 - SQL Injection via Semester Parameter

CVE-2025-10012 MEDIUM

Portabilis i-educar < 2.10.0 - SQL Injection via ref_cod_aluno Parameter

CVE-2025-10011 MEDIUM

Portabilis i-educar < 2.10.0 - SQL Injection via ID Parameter in TabelaArredondamento Edit Endpoint

CVE-2025-6785 MEDIUM

Tesla Model 3 <2023.44 - Physical Access

CVE-2025-9935 HIGH

TOTOLINK N600R 4.3.0cu.7866_B20220506 - Unauthenticated Command Injection via cstecgi.cgi

CVE-2025-9934 MEDIUM

TOTOLINK X5000R 9.1.0cu.2415_B20250515 - OS Command Injection via pid Parameter

CVE-2025-9933 HIGH

PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via viewid Parameter

CVE-2025-9932 HIGH

PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via /admin/update-image.php lid Parameter

CVE-2025-9930 HIGH

1000projects Beauty Parlour Management System 1.0 - SQL Injection via mobnumber Parameter

CVE-2025-9928 HIGH

projectworlds Travel Management System 1.0 - SQL Injection via viewcategory.php t1 Parameter

CVE-2025-9927 HIGH

projectworlds Travel Management System 1.0 - SQL Injection via /viewpackage.php t1 Parameter

CVE-2025-9926 HIGH

projectworlds Travel Management System 1.0 - SQL Injection via /viewsubcategory.php t1 Parameter

CVE-2025-9925 HIGH

projectworlds Travel Management System 1.0 - SQL Injection via detail.php pid Parameter

CVE-2025-9924 HIGH

projectworlds Travel Management System 1.0 - SQL Injection via /enquiry.php t2 Parameter

CVE-2025-9919 HIGH

1000projects Beauty Parlour Management System 1.0 - SQL Injection via fromdate/todate Parameters

CVE-2025-9840 MEDIUM

itsourcecode Sports Management System 1.0 - SQL Injection via Gametype Code Parameter

CVE-2025-9839 HIGH

itsourcecode Student Information Management System 1.0 - SQL Injection via ID Parameter in Course Module

CVE-2025-9838 HIGH

itsourcecode Student Information Management System 1.0 - SQL Injection via ID Parameter in Subject Module

CVE-2025-9837 HIGH

itsourcecode Student Information Management System 1.0 - SQL Injection via studentId Parameter

Previous Page 71 of 192 Next

Details

Vulnerabilities 4,798

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy