Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,805 vulnerabilities with CWE-74

CVE-2025-8937 MEDIUM

TOTOLINK N350R 1.2.3-B20130826 - OS Command Injection via formSysCmd

CVE-2025-8936 HIGH

1000 Projects Sales Management System 1.0 - SQL Injection via select2 Parameter in dordupdate.php

CVE-2025-8935 HIGH

1000 Projects Sales Management System 1.0 - SQL Injection via Username Parameter in custcmp.php

CVE-2025-8932 HIGH

1000projects Sales Management System 1.0 - SQL Injection via ssalescat Parameter

CVE-2025-8931 MEDIUM

Medical Store Management System 1.0 - SQL Injection via ChangePassword.java newPassTxt Parameter

CVE-2025-8930 MEDIUM

Medical Store Management System 1.0 - SQL Injection via Update Company Page companyNameTxt Parameter

CVE-2025-8929 MEDIUM

Medical Store Management System 1.0 - SQL Injection via MainPanel.java searchTxt Argument

CVE-2025-8928 MEDIUM

Medical Store Management System 1.0 - SQL Injection via UpdateMedicines.java productNameTxt Parameter

CVE-2025-8926 HIGH

SourceCodester COVID 19 Testing Management System 1.0 - SQL Injection via Username Parameter in login.php

CVE-2025-8925 HIGH

itsourcecode Sports Management System 1.0 - SQL Injection via /Admin/match.php Code Parameter

CVE-2025-8924 HIGH

Campcodes Online Water Billing System 1.0 - SQL Injection via /viewbill.php ID Parameter

CVE-2025-8923 HIGH

Job Diary 1.0 - SQL Injection via ID Parameter in edit-details.php

CVE-2025-8922 HIGH

Job Diary 1.0 - SQL Injection via /admin-inbox.php ID Parameter

CVE-2025-8921 HIGH

Job Diary 1.0 - SQL Injection via job_title Parameter in /user-apply.php

CVE-2025-8908 MEDIUM

Lingdang CRM < 8.6.5.4 - SQL Injection via openid Parameter in event.php

CVE-2025-8811 HIGH

code-projects Simple Art Gallery 1.0 - SQL Injection via fname Parameter in Admin Registration

CVE-2025-8809 HIGH

Online Medicine Guide 1.0 - SQL Injection via /addelidetails.php del Parameter

CVE-2025-8808 MEDIUM

xujeff tianti <= 2.3 - CSV Injection via exportOrder Function

CVE-2025-8806 MEDIUM

zhilink ADP Application Developer Platform 1.0.0 - SQL Injection via extId Parameter

CVE-2025-8773 HIGH

DahuaTech Monitoring Platform 1.0 - SQL Injection via userBean.loginName Parameter

CVE-2025-8752 HIGH

wangzhixuan spring-shiro-training - OS Command Injection via /role/add Endpoint

CVE-2025-8744 HIGH

CesiumLab Web < 4.0 - SQL Injection via ID Parameter in /lodmodels/

CVE-2025-8706 MEDIUM

Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 - SQL Injection via MM_MenID Parameter

CVE-2025-8705 MEDIUM

Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 - SQL Injection via BP_ProID Parameter

CVE-2025-8704 MEDIUM

Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 - SQL Injection via Analysis Conclusion Query Module

Previous Page 80 of 193 Next

Details

Vulnerabilities 4,805

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy