CWE-943

Improper Neutralization of Special Elements in Data Query Logic

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.

45 vulnerabilities with CWE-943
CVE-2026-33566 MEDIUM
LogonTracer <2.0.0 - Cypher Injection
CVSS 4.3
CVE-2026-41328 CRITICAL
Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field
CVSS 9.1
CVE-2026-41327 CRITICAL
Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field
CVSS 9.1
CVE-2026-41274 CRITICAL
Flowise: Cypher Injection in GraphCypherQAChain
CVE-2026-6626 MEDIUM
Cockpit-HQ Cockpit Asset Handler/Aggregate data query logic injection
CVSS 6.3
CVE-2026-40352 HIGH
FastGPT: NoSQL Injection in updatePasswordByOld Leads to Account Takeover
CVSS 8.8
CVE-2026-40351 CRITICAL
FastGPT: NoSQL Injection in loginByPassword leads to Authentication Bypass
CVSS 9.8
CVE-2026-34973 MEDIUM
phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure
CVSS 5.3
CVE-2026-33980 HIGH
Azure Data Explorer MCP Server: KQL Injection in multiple tools allows MCP client to execute arbitrary Kusto queries
CVSS 8.3
CVE-2026-22558 HIGH
Ubiquiti INC Unifi Network Application < 10.1.89 - SQL Injection
CVSS 7.7
CVE-2026-3023 HIGH
Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web
CVSS 8.8
CVE-2026-3022 MEDIUM
Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web
CVSS 6.5
CVE-2026-3021 MEDIUM
Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web
CVSS 6.5
CVE-2026-32248 CRITICAL
Parse Server <9.6.0-alpha.12/8.6.38 - Auth Bypass
CVSS 9.8
CVE-2026-32247 HIGH
Graphiti <0.28.2 - Code Injection
CVSS 8.1
CVE-2026-31825 MEDIUM
Sylius <2.2.3 - SQL Injection
CVSS 5.3
CVE-2026-29793 CRITICAL
Feathersjs 5.0.0-5.0.41 - Command Injection
CVSS 9.8
CVE-2026-30941 HIGH
Parse Server <8.6.14/9.5.2-alpha.1 - NoSQL Injection
CVSS 7.5
CVE-2026-30833 MEDIUM
Rocket.Chat <8.2.0 - NoSQL Injection
CVSS 5.3
CVE-2026-28211 HIGH
NVDA Dev & Test Toolbox 2.0-8.0 - Code Injection
CVSS 7.8
CVE-2026-25591 MEDIUM
New API <0.10.8-alpha.10 - SQL Injection
CVSS 6.5
CVE-2026-25514 HIGH
Facturascripts < 2025.81 - SQL Injection
CVSS 8.8
CVE-2026-25513 HIGH
Facturascripts < 2025.81 - SQL Injection
CVSS 8.8
CVE-2026-0504 LOW
SAP Identity Management - Info Disclosure
CVSS 3.8
CVE-2025-36442 MEDIUM
IBM Db2 < 11.5.9 - Denial of Service
CVSS 6.5
Details
Vulnerabilities 45
Links
MITRE CWE Entry Search this CWE With Exploits