CWE-74
High likelihoodImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
4,792 vulnerabilities with CWE-74
CVE-2026-8773
MEDIUM
linlinjava litemall Database Setting DbUtil.java load argument injection
CVSS 4.7
CVE-2026-8772
MEDIUM
linlinjava litemall Admin Endpoint sql injection
CVSS 4.7
CVE-2026-8771
HIGH
linlinjava litemall Front-end WeChat API WxGoodsController.java list sql injection
CVSS 7.3
CVE-2026-8753
MEDIUM
kalcaddle Kodbox fileThumb Plugin VideoResize.class.php parseVideoInfo command injection
CVSS 6.3
CVE-2026-8734
HIGH
Oinone Pamirs queryListByWrapper RSQLToSQLNodeConnector.makeVariable sql injection
CVSS 7.3
CVE-2026-8724
MEDIUM
Dataease Data Dashboard SqlparserUtils.java SqlparserUtils.transFilter sql injection
CVSS 4.7
CVE-2026-42334
HIGH
Mongoose: Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection
CVSS 7.5
CVE-2026-44458
MEDIUM
Hono: CSS Declaration Injection via Style Object Values in JSX SSR
CVSS 4.3
CVE-2026-44455
MEDIUM
Hono: Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection
CVSS 4.7
CVE-2026-44246
HIGH
nnU-Net: Agentic workflow injection in `.github/workflows/issue-triage.yml` of `MIC-DKFZ/nnUNet`
CVSS 7.2
CVE-2026-42838
MEDIUM
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS 5.4
CVE-2026-41109
HIGH
GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
CVSS 8.8
CVE-2026-33833
HIGH
Azure Machine Learning Notebook Spoofing Vulnerability
CVSS 8.2
CVE-2026-8346
MEDIUM
D-Link DIR-816 portForward command injection
CVSS 6.3
CVE-2026-8345
MEDIUM
D-Link DIR-816 singlePortForward sub_445E7C command injection
CVSS 6.3
CVE-2026-8344
MEDIUM
D-Link DIR-816 formDMZ.cgi sub_445E7C command injection
CVSS 6.3
CVE-2026-8231
MEDIUM
CodeAstro Online Catering Ordering System deleteorder.php sql injection
CVSS 6.3
CVE-2026-8211
MEDIUM
codelibs Fess JSP File AdminDesignAction.java update code injection
CVSS 4.7
CVE-2026-8210
MEDIUM
aandrew-me tgpt Update helper.go helper.Update command injection
CVSS 5.3
CVE-2026-41885
MEDIUM
Path traversal / URL injection via unsanitised lng/ns/projectId/version in i18next-locize-backend
CVSS 6.5
CVE-2026-8133
HIGH
zyx0814 FilePress Shares Filelist API admin.php sql injection
CVSS 7.3
CVE-2026-8132
HIGH
CodeAstro Leave Management System login.php sql injection
CVSS 7.3
CVE-2026-8131
HIGH
SourceCodester SUP Online Shopping replymsg.php sql injection
CVSS 7.3
CVE-2026-8130
HIGH
SourceCodester SUP Online Shopping message.php sql injection
CVSS 7.3
CVE-2026-8129
HIGH
SourceCodester SUP Online Shopping wishlist.php sql injection
CVSS 7.3
Details
Vulnerabilities
4,792
Exploit Likelihood
High