Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-943

CWE-943

Improper Neutralization of Special Elements in Data Query Logic

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.

56 vulnerabilities with CWE-943

CVE-2026-32247 HIGH

graphiti-core < 0.28.2 - Cypher Injection via SearchFilters.node_labels

CVE-2026-31825 MEDIUM

Sylius SQL Injection via Order Direction Parameter

CVE-2026-29793 CRITICAL

Feathersjs 5.0.0-5.0.41 - Command Injection

CVE-2026-30941 HIGH

Parse Server <8.6.14/9.5.2-alpha.1 - NoSQL Injection

CVE-2026-30833 MEDIUM

Rocket.Chat <8.2.0 - NoSQL Injection

CVE-2026-28211 HIGH

NVDA Dev & Test Toolbox 2.0-8.0 - Code Injection

CVE-2026-25591 MEDIUM

New API <0.10.8-alpha.10 - SQL Injection

CVE-2026-25514 HIGH

FacturaScripts < 2025.81 - Authenticated SQL Injection via Autocomplete CodeModel::all() Method

CVE-2026-25513 HIGH

FacturaScripts < 2025.81 - Authenticated SQL Injection via REST API Sort Parameter

CVE-2026-0504 LOW

SAP Identity Management - Info Disclosure

CVE-2025-36442 MEDIUM

IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.3 - Denial of Service via Crafted Query with XML Columns

CVE-2025-36366 MEDIUM

IBM Db2 11.5.0-11.5.8 - Denial of Service via JSON_Object Scalar Function

CVE-2025-36353 MEDIUM

IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.3 - Denial of Service via Data Query Logic

CVE-2025-42884 MEDIUM

SAP NetWeaver Enterprise Portal - Info Disclosure

CVE-2025-36185 MEDIUM

IBM Db2 12.1.0-12.1.2 - Denial of Service via Data Query Logic

CVE-2025-23292 MEDIUM

NVIDIA Delegated Licensing Service - SQL Injection

CVE-2025-33114 MEDIUM

IBM Db2 12.1.0-12.1.2 - Denial of Service via Specially Crafted Query

CVE-2025-24787 HIGH

WhoDB < 0.45.0 - Parameter Injection in Database Connection String

CVE-2024-4872 CRITICAL

MicroSCADA Pro/X SYS600 - Code Injection

CVE-2024-35136 MEDIUM

IBM Db2 10.5-11.5 - Denial of Service via Specially Crafted Query

CVE-2024-31882 MEDIUM

IBM Db2 11.1-11.5 - Authenticated Denial of Service via Crafted SQL Statement

CVE-2024-28192 MEDIUM

your_spotify < 1.8.0 - Unauthenticated NoSQL Injection in Public Access Token Processing

CVE-2022-36084 CRITICAL

cruddl <2.7.0-3.0.2 - Code Injection

CVE-2021-1481 MEDIUM

Cisco SD-WAN vManage Software - SQL Injection

CVE-2021-34712 MEDIUM

Cisco SD-WAN vManage Software - SQL Injection

Previous Page 2 of 3 Next

Details

Vulnerabilities 56

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy