CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,096 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 68 of 102
- CVE-2025-6535HIGHCVSS 8.8EG 6.32025-06-24
A vulnerability has been found in xxyopen/201206030 novel-plus up to 5.1.3 and classified as critical. This vulnerability affects the function list of the file novel-admin/src/main/resources/mybatis/system/UserMapper.xml of the component U…
- CVE-2025-6567CRITICALCVSS 9.8EG 7.32025-06-24
A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file Recruitment/admin/view_application.php. The manipulation of the argument…
- CVE-2025-6570HIGHCVSS 8.8EG 6.32025-06-24
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdat…
- CVE-2025-6578CRITICALCVSS 9.8EG 7.32025-06-24
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete_account.php. The manipulation of the argument admin_…
- CVE-2025-6579CRITICALCVSS 9.8EG 7.32025-06-24
A vulnerability was found in code-projects Car Rental System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /message_admin.php. The manipulation of the argument Message leads to sql injection. Th…
- CVE-2025-6580CRITICALCVSS 9.8EG 7.32025-06-24
A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the component Login. The manipulation of the argument Username leads to sql injection. It is possi…
- CVE-2025-6581HIGHCVSS 8.8EG 6.32025-06-24
A vulnerability classified as critical was found in SourceCodester Best Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-customer.php. The manipulation of the argument name/email/mobi…
- CVE-2025-6582HIGHCVSS 8.8EG 6.32025-06-25
A vulnerability, which was classified as critical, has been found in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /edit-customer-detailed.php. The manipulation of the arg…
- CVE-2025-6583HIGHCVSS 8.8EG 6.32025-06-25
A vulnerability, which was classified as critical, was found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /view-appointment.php. The manipulation of the argument viewid leads to sql injection…
- CVE-2025-66025MEDIUMCVSS 4.3EG 4.32025-11-26
Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. Whe…
- CVE-2025-6604HIGHCVSS 8.8EG 6.32025-06-25
A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/add-staff.php. The manipulation of the argument Name leads to sql injection. It is po…
- CVE-2025-6605HIGHCVSS 8.8EG 6.32025-06-25
A vulnerability classified as critical was found in SourceCodester Best Salon Management System 1.0. This vulnerability affects unknown code of the file /panel/edit-staff.php. The manipulation of the argument editid leads to sql injection.…
- CVE-2025-6606HIGHCVSS 8.8EG 6.32025-06-25
A vulnerability, which was classified as critical, has been found in SourceCodester Best Salon Management System 1.0. This issue affects some unknown processing of the file /panel/add-services.php. The manipulation of the argument Type lea…
- CVE-2025-6607HIGHCVSS 8.8EG 6.32025-06-25
A vulnerability, which was classified as critical, was found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/stock.php. The manipulation of the argument ID leads to sql injection. It i…
- CVE-2025-6608HIGHCVSS 8.8EG 6.32025-06-25
A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /panel/edit-services.php. The manipulation of the argument…
- CVE-2025-6609HIGHCVSS 8.8EG 6.32025-06-25
A vulnerability was found in SourceCodester Best Salon Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /panel/bwdates-reports-details.php. The manipulation of the argument …
- CVE-2025-6610HIGHCVSS 7.2EG 4.72025-06-25
A vulnerability was found in itsourcecode Employee Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/editempprofile.php. The manipulation of the argument FirstName leads to sql…
- CVE-2025-6611CRITICALCVSS 9.8EG 7.32025-06-25
A vulnerability was found in code-projects Inventory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /php_action/createBrand.php. The manipulation of the argument brandStatus lea…
- CVE-2025-6612CRITICALCVSS 9.8EG 7.32025-06-25
A vulnerability was found in code-projects Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /php_action/removeCategories.php. The manipulation of the argument categories…
- CVE-2025-6665CRITICALCVSS 9.8EG 7.32025-06-25
A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /php_action/editBrand.php. The manipulation of the argument …
- CVE-2025-6668CRITICALCVSS 9.8EG 7.32025-06-25
A vulnerability was found in code-projects Inventory Management System 1.0. It has been classified as critical. This affects an unknown part of the file /php_action/fetchSelectedBrand.php. The manipulation of the argument brandId leads to …
- CVE-2025-6738MEDIUMCVSS 6.3EG 6.32025-06-27
A vulnerability, which was classified as critical, has been found in huija bicycleSharingServer up to 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Affected by this issue is the function userDao.selectUserByUserNameLike of the file UserService…
- CVE-2025-67486HIGHCVSS 7.2EG 7.22026-05-08
Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerability in the user extrafields functionality.…
- CVE-2025-6749MEDIUMCVSS 6.3EG 6.32025-06-27
A vulnerability classified as critical was found in huija bicycleSharingServer up to 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Affected by this vulnerability is the function searchAdminMessageShow of the file AdminController.java. The mani…
- CVE-2025-6753MEDIUMCVSS 6.3EG 6.32025-06-27
A vulnerability was found in huija bicycleSharingServer 1.0 and classified as critical. This issue affects the function selectAdminByNameLike of the file AdminController.java. The manipulation leads to sql injection. The attack may be init…
- CVE-2025-6766HIGHCVSS 8.8EG 6.32025-06-27
A vulnerability was found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been declared as critical. This vulnerability affects the function getOfficeName of the file OfficeServiceImpl.java. The manipulation o…
- CVE-2025-6767MEDIUMCVSS 6.3EG 6.32025-06-27
A vulnerability was found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been rated as critical. This issue affects the function findDoctorByCondition of the file DoctorServiceImpl.java. The manipulation of t…
- CVE-2025-6768MEDIUMCVSS 6.3EG 6.32025-06-27
A vulnerability classified as critical has been found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected is the function findAllHosByCondition of the file HospitalServiceImpl.java. The manipulation of the argum…
- CVE-2025-67733HIGHCVSS 7.1EG 7.12026-02-23
Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corruptin…
- CVE-2025-67746MEDIUMCVSS 4.3EG 4.32025-12-30
Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of…
- CVE-2025-6775CRITICALCVSS 9.8EG 6.32025-06-27
A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the ar…
- CVE-2025-6777CRITICALCVSS 9.8EG 7.32025-06-27
A vulnerability, which was classified as critical, has been found in code-projects Food Distributor Site 1.0. This issue affects some unknown processing of the file /admin/process_login.php. The manipulation of the argument username/passwo…
- CVE-2025-6785MEDIUMCVSS 4.7EG 4.72025-09-04
Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle. Testing completed on Tesla Model 3 v…
- CVE-2025-6819CRITICALCVSS 9.8EG 7.32025-06-28
A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /php_action/removeBrand.php. The manipulation of the argumen…
- CVE-2025-6820CRITICALCVSS 9.8EG 7.32025-06-28
A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /php_action/createProduct.php. The manipulation of the argument product…
- CVE-2025-6821CRITICALCVSS 9.8EG 7.32025-06-28
A vulnerability was found in code-projects Inventory Management System 1.0. It has been classified as critical. This affects an unknown part of the file /php_action/createOrder.php. The manipulation leads to sql injection. It is possible t…
- CVE-2025-6822CRITICALCVSS 9.8EG 7.32025-06-28
A vulnerability was found in code-projects Inventory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /php_action/removeProduct.php. The manipulation of the argument productId lea…
- CVE-2025-6823CRITICALCVSS 9.8EG 7.32025-06-28
A vulnerability was found in code-projects Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /php_action/editProduct.php. The manipulation of the argument editProductName…
- CVE-2025-6826CRITICALCVSS 9.8EG 7.32025-06-28
A vulnerability, which was classified as critical, has been found in code-projects Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /Payroll_Management_System/ajax.php?action=save_department. …
- CVE-2025-6827CRITICALCVSS 9.8EG 7.32025-06-28
A vulnerability, which was classified as critical, was found in code-projects Inventory Management System 1.0. This affects an unknown part of the file /php_action/editOrder.php. The manipulation leads to sql injection. It is possible to i…
- CVE-2025-6828CRITICALCVSS 9.8EG 7.32025-06-28
A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /orders.php. The manipulation of the argument i leads to sql injection. The att…
- CVE-2025-6829HIGHCVSS 8.8EG 6.32025-06-28
A vulnerability was found in aaluoxiang oa_system up to c3a08168c144f27256a90838492c713f55f1b207 and classified as critical. This issue affects the function outAddress of the component External Address Book Handler. The manipulation leads …
- CVE-2025-6834CRITICALCVSS 9.8EG 7.32025-06-29
A vulnerability was found in code-projects Inventory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /php_action/editPayment.php. The manipulation of the argument orderId leads t…
- CVE-2025-6835CRITICALCVSS 9.8EG 7.32025-06-29
A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student-issue-book.php. The manipulation of the argument reg leads to sql injection. The …
- CVE-2025-6836CRITICALCVSS 9.8EG 7.32025-06-29
A vulnerability classified as critical has been found in code-projects Library System 1.0. Affected is an unknown function of the file /profile.php. The manipulation of the argument phone leads to sql injection. It is possible to launch th…
- CVE-2025-6840CRITICALCVSS 9.8EG 7.32025-06-29
A vulnerability, which was classified as critical, was found in code-projects Product Inventory System 1.0. This affects an unknown part of the file /index.php of the component Login. The manipulation of the argument Username leads to sql …
- CVE-2025-6841HIGHCVSS 7.2EG 4.72025-06-29
A vulnerability has been found in code-projects Product Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation of the argument ID leads to sql injectio…
- CVE-2025-6842HIGHCVSS 7.2EG 4.72025-06-29
A vulnerability was found in code-projects Product Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit_user.php. The manipulation of the argument ID leads to sql injection. Th…
- CVE-2025-6844CRITICALCVSS 9.8EG 7.32025-06-29
A vulnerability was found in code-projects Simple Forum 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /signin.php. The manipulation of the argument User leads to sql injection…
- CVE-2025-6845CRITICALCVSS 9.8EG 7.32025-06-29
A vulnerability was found in code-projects Simple Forum 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /register1.php. The manipulation of the argument User leads to sql injection. The …
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →