CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,082 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 21 of 102
- CVE-2023-3444MEDIUMCVSS 5.7EG 5.72023-07-13
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to merge arbitra…
- CVE-2023-35075LOWCVSS 3.1EG 3.12023-11-27
Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible tho…
- CVE-2023-35810HIGHCVSS 7.2EG 7.22023-06-17
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected a…
- CVE-2023-35895MEDIUMCVSS 6.3EG 6.32023-12-20
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 259116.
- CVE-2023-36188CRITICALCVSS 9.8EG 9.82023-07-06
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.
- CVE-2023-36210CRITICALCVSS 9.8EG 9.82023-08-01
MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter.
- CVE-2023-36250HIGHCVSS 7.8EG 7.82023-09-14
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.
- CVE-2023-36260HIGHCVSS 7.5EG 7.52024-01-30
An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type w…
- CVE-2023-36469CRITICALCVSS 9.9EG 9.92023-06-29
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python…
- CVE-2023-36470CRITICALCVSS 9.9EG 9.92023-06-29
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By either creating a new or editing an existing document with an icon set, an attacker can inject XWiki syntax and Velocity code that …
- CVE-2023-36471CRITICALCVSS 9.0EG 9.02023-06-29
Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without scrip…
- CVE-2023-3665MEDIUMCVSS 5.5EG 5.52023-10-04
A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code.
- CVE-2023-36812CRITICALCVSS 9.8EG 9.82023-06-30
OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generat…
- CVE-2023-36830MEDIUMCVSS 6.3EG 6.32023-07-06
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the `library_path` config value to allow arbit…
- CVE-2023-3694MEDIUMCVSS 6.3EG 6.32023-07-17
A vulnerability, which was classified as critical, has been found in SourceCodester/projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /index.php. The manipulation of the argument ke…
- CVE-2023-37360MEDIUMCVSS 5.9EG 5.92023-06-30
pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).
- CVE-2023-37462CRITICALCVSS 9.9EG 9.92023-07-14
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from view right on that document to program…
- CVE-2023-37473HIGHCVSS 8.5EG 8.52023-07-14
zenstruck/collections is a set of helpers for iterating/paginating/filtering collections. Passing _callable strings_ (ie `system`) caused the function to be executed. This would result in a limited subset of specific user input being execu…
- CVE-2023-37897HIGHCVSS 7.2EG 7.22023-07-18
Grav is a file-based Web-platform built in PHP. Grav is subject to a server side template injection (SSTI) vulnerability. The fix for another SSTI vulnerability using `|map`, `|filter` and `|reduce` twigs implemented in the commit `71bbed1…
- CVE-2023-38060MEDIUMCVSS 6.3EG 6.32023-07-24
Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injectio…
- CVE-2023-38609HIGHCVSS 7.5EG 7.52023-07-28
An injection issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass certain Privacy preferences.
- CVE-2023-38896CRITICALCVSS 9.8EG 9.82023-08-15
An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.
- CVE-2023-39013CRITICALCVSS 9.8EG 9.82023-07-28
Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init.
- CVE-2023-39213CRITICALCVSS 9.6EG 9.62023-08-08
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.
- CVE-2023-3922LOWCVSS 3.0EG 3.02023-09-29
An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons …
- CVE-2023-39424CRITICALCVSS 9.9EG 9.92023-09-07
A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and execute it with SYSTEM privileges. Th…
- CVE-2023-39655CRITICALCVSS 9.6EG 8.12024-01-03
A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, …
- CVE-2023-39659CRITICALCVSS 9.8EG 9.82023-08-15
An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.
- CVE-2023-39661CRITICALCVSS 9.8EG 9.82023-08-15
An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function.
- CVE-2023-39662CRITICALCVSS 9.8EG 9.82023-08-15
An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function.
- CVE-2023-3997HIGHCVSS 8.6EG 8.62023-07-31
Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to c…
- CVE-2023-40035HIGHCVSS 7.2EG 7.22023-08-23
Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data …
- CVE-2023-41039HIGHCVSS 7.7EG 8.32023-08-30
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and s…
- CVE-2023-4157MEDIUMCVSS 4.8EG 5.22023-08-04
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in GitHub repository omeka/omeka-s prior to version 4.0.3.
- CVE-2023-41580HIGHCVSS 7.5EG 7.52023-10-02
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitiv…
- CVE-2023-41834MEDIUMCVSS 6.1EG 6.12023-09-19
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP reque…
- CVE-2023-4197HIGHCVSS 8.8EG 7.52023-11-01
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
- CVE-2023-4212MEDIUMCVSS 6.8EG 6.82023-08-22
A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. The vulnerability requires physical access to …
- CVE-2023-42135MEDIUMCVSS 6.8EG 6.82024-01-15
PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have …
- CVE-2023-42136HIGHCVSS 7.8EG 7.82024-01-15
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must …
- CVE-2023-43364CRITICALCVSS 9.8EG 9.82023-12-12
main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.
- CVE-2023-43655HIGHCVSS 8.8EG 6.42023-09-29
Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `reg…
- CVE-2023-43656CRITICALCVSS 9.0EG 5.62023-09-27
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions (those that have `generic.allowJsTransformationFunctions` in their config), may b…
- CVE-2023-43661HIGHCVSS 8.8EG 8.82023-10-11
Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb04…
- CVE-2023-43667HIGHCVSS 7.5EG 7.52023-10-16
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false log r…
- CVE-2023-43835HIGHCVSS 8.8EG 8.82023-10-02
Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content.
- CVE-2023-4393MEDIUMCVSS 6.1EG 5.42023-10-30
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization.
- CVE-2023-44109HIGHCVSS 7.5EG 7.52023-10-11
Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2023-44270MEDIUMCVSS 5.3EG 5.32023-09-29
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. Af…
- CVE-2023-44373CRITICALCVSS 9.1EG 9.12023-11-14
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323.
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →