CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,095 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 52 of 102
- CVE-2025-2738HIGHCVSS 7.3EG 7.32025-03-25
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/manage-scdetails.php. The manipulation of the argument namesc leads to…
- CVE-2025-2739HIGHCVSS 7.3EG 7.32025-03-25
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/manage-services.php. The manipulation of the argument sertitle leads t…
- CVE-2025-2740HIGHCVSS 7.3EG 7.32025-03-25
A vulnerability classified as critical has been found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/eligibility.php. The manipulation of the argument pagetitle leads to sql injection. …
- CVE-2025-27511HIGHCVSS 7.2EG 7.22026-06-11
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url lea…
- CVE-2025-27787HIGHCVSS 7.5EG 7.52025-03-19
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to denial of service (DoS) in restart.py. `model_name` in train.py takes user input, and passes it to the `stop_train` function in restart.py, which uses it …
- CVE-2025-27794MEDIUMCVSS 6.8EG 6.82025-03-12
Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain (e.g., `subdomain.host.com`) sets cookies scoped to the pa…
- CVE-2025-2831MEDIUMCVSS 6.3EG 6.32025-03-27
A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /adm…
- CVE-2025-2846HIGHCVSS 7.3EG 7.32025-03-27
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects the function registration of the file /oews/classes/Users.php?f=registration of the component Registration. The manipula…
- CVE-2025-2847MEDIUMCVSS 6.3EG 6.32025-03-27
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. This issue affects some unknown processing of the file /dashboard/admin/over_month.php. The manipulation of the argument mm leads to s…
- CVE-2025-2852MEDIUMCVSS 4.7EG 4.72025-03-27
A vulnerability has been found in SourceCodester Food Ordering Management System up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/menus/view_menu.php. The manipulation of t…
- CVE-2025-2854MEDIUMCVSS 6.3EG 6.32025-03-27
A vulnerability classified as critical was found in code-projects Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file update_employee.php. The manipulation of the argument emp_type leads to…
- CVE-2025-2916MEDIUMCVSS 6.3EG 6.32025-03-28
A vulnerability, which was classified as critical, has been found in Aishida Call Center System up to 20250314. This issue affects some unknown processing of the file /doscall/weixin/open/amr2mp3. The manipulation of the argument File lead…
- CVE-2025-2927HIGHCVSS 7.3EG 7.32025-03-28
A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been classified as critical. Affected is an unknown function of the file /parameter/getFileTypeList.jsp. The manipulation of the argument typename leads to sql injection. It i…
- CVE-2025-2951MEDIUMCVSS 6.3EG 6.32025-03-30
A vulnerability classified as critical has been found in Bluestar Micro Mall 1.0. Affected is an unknown function of the file /api/data.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attac…
- CVE-2025-2984MEDIUMCVSS 6.3EG 6.32025-03-31
A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /delete.php. The manipulation of the argument emp_id leads to sql injecti…
- CVE-2025-2985MEDIUMCVSS 6.3EG 6.32025-03-31
A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. This affects an unknown part of the file update_account.php. The manipulation of the argument deduction leads to sql injection. I…
- CVE-2025-29993MEDIUMCVSS 5.3EG 5.32025-03-27
The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail.
- CVE-2025-3003MEDIUMCVSS 6.3EG 6.32025-03-31
A vulnerability, which was classified as critical, was found in ESAFENET CDG 3. Affected is an unknown function of the file /CDGServer3/UserAjax. The manipulation of the argument Username leads to sql injection. It is possible to launch th…
- CVE-2025-3006HIGHCVSS 7.3EG 7.32025-03-31
A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /edit-category.php?id=8. The manipulation of the argument Category leads to sql in…
- CVE-2025-3008MEDIUMCVSS 5.5EG 5.52025-03-31
A vulnerability classified as critical has been found in Novastar CX40 up to 2.44.0. Affected is the function system/popen of the file /usr/nova/bin/netconfig of the component NetFilter Utility. The manipulation leads to command injection.…
- CVE-2025-3009MEDIUMCVSS 6.3EG 6.32025-03-31
A vulnerability classified as critical was found in Jinher Network OA C6. Affected by this vulnerability is an unknown functionality of the file /C6/JHSoft.Web.NetDisk/NetDiskProperty.aspx. The manipulation of the argument ID leads to sql …
- CVE-2025-3018MEDIUMCVSS 6.3EG 6.32025-03-31
A vulnerability, which was classified as critical, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /classes/Users.php?f=delete. The manipulation of the argument ID leads to sql injection. It…
- CVE-2025-3026MEDIUMCVSS 6.1EG 6.12025-03-31
The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Not tested in higher versions. By modifying the ‘Host’ header in an HTTP request, it is possible to manipulate the generated links and thus redirect the client to a…
- CVE-2025-3038MEDIUMCVSS 6.3EG 6.32025-03-31
A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_account.php. The manipulation of the argument salary_rate leads to sql inject…
- CVE-2025-3039MEDIUMCVSS 6.3EG 6.32025-03-31
A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add_employee.php. The manipulation of the argument lname/fname leads to sql injectio…
- CVE-2025-3045MEDIUMCVSS 6.3EG 6.32025-04-01
A vulnerability, which was classified as critical, was found in oretnom23/SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown function of the file /remove-apartment.php. The manipulation of the argument ID leads …
- CVE-2025-30664MEDIUMCVSS 6.6EG 6.62025-05-14
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
- CVE-2025-3118MEDIUMCVSS 6.3EG 6.32025-04-02
A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been classified as critical. This affects an unknown part of the file /tutor/courses/view_course.php. The manipulation of the argument ID leads to sql injection. I…
- CVE-2025-3119MEDIUMCVSS 6.3EG 6.32025-04-02
A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /tutor/courses/manage_course.php. The manipulation of the argument ID leads to sql i…
- CVE-2025-3120MEDIUMCVSS 6.3EG 6.32025-04-02
A vulnerability was found in SourceCodester Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The manipulation of the argument apartmentno le…
- CVE-2025-3134MEDIUMCVSS 6.3EG 6.32025-04-03
A vulnerability classified as critical has been found in code-projects Payroll Management System 1.0. This affects an unknown part of the file /add_overtime.php. The manipulation of the argument rate leads to sql injection. It is possible …
- CVE-2025-3135MEDIUMCVSS 6.3EG 6.32025-04-03
A vulnerability classified as critical was found in fcba_zzm ics-park Smart Park Management System 2.1. This vulnerability affects unknown code of the file /api/system/dept/update. The manipulation leads to sql injection. The attack can be…
- CVE-2025-3137HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability, which was classified as critical, was found in PHPGurukul Online Security Guards Hiring System 1.0. Affected is an unknown function of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql i…
- CVE-2025-3138HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability has been found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-guard-detail.php. The manipulation of the …
- CVE-2025-3140MEDIUMCVSS 6.3EG 6.32025-04-03
A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /view_category.php. The manipulation of the argument ID leads to sql injection. I…
- CVE-2025-3141MEDIUMCVSS 6.3EG 6.32025-04-03
A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_category.php. The manipulation of the argument ID leads to sql i…
- CVE-2025-3142MEDIUMCVSS 6.3EG 6.32025-04-03
A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The manipulation of the argument buildingno lead…
- CVE-2025-3143MEDIUMCVSS 6.3EG 6.32025-04-03
A vulnerability classified as critical has been found in SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown function of the file /visitor-entry.php. The manipulation of the argument visname/address leads to sql …
- CVE-2025-3146HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management System 1.0. This affects an unknown part of the file /view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. It i…
- CVE-2025-3147HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-subadmin.php. The manipulation of the argument sadminusername leads to sql injection.…
- CVE-2025-3151HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability was found in SourceCodester Gym Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /signup.php. The manipulation of the argument user_name leads to sql inj…
- CVE-2025-3163MEDIUMCVSS 5.3EG 5.32025-04-03
A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possibl…
- CVE-2025-3164MEDIUMCVSS 4.7EG 4.72025-04-03
A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/semantic/database/testConnect of the component H2 Databas…
- CVE-2025-3168HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability was found in PHPGurukul Time Table Generator System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-class.php. The manipulation of the argument editi…
- CVE-2025-3170HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability classified as critical has been found in Project Worlds Online Lawyer Management System 1.0. This affects an unknown part of the file /admin_user.php. The manipulation of the argument block_id/unblock_id leads to sql inject…
- CVE-2025-3171HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability classified as critical was found in Project Worlds Online Lawyer Management System 1.0. This vulnerability affects unknown code of the file /approve_lawyer.php. The manipulation of the argument unblock_id leads to sql injec…
- CVE-2025-3172HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability, which was classified as critical, has been found in Project Worlds Online Lawyer Management System 1.0. This issue affects some unknown processing of the file /lawyer_booking.php. The manipulation of the argument unblock_i…
- CVE-2025-3173HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability, which was classified as critical, was found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the file /save_booking.php. The manipulation of the argument lawyer_id/description leads…
- CVE-2025-3174HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability has been found in Project Worlds Online Lawyer Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /searchLawyer.php. The manipulation of the argument exp…
- CVE-2025-3175HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability was found in Project Worlds Online Lawyer Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /save_user_edit_profile.php. The manipulation of the argument firs…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →