CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,096 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 74 of 102
- CVE-2025-7888CRITICALCVSS 9.8EG 6.32025-07-20
A vulnerability was found in TDuckCloud tduck-platform 5.1 and classified as critical. This issue affects the function UserFormDataMapper of the file src/main/java/com/tduck/cloud/form/mapper/UserFormDataMapper.java. The manipulation of th…
- CVE-2025-7894CRITICALCVSS 9.8EG 6.32025-07-20
A vulnerability, which was classified as critical, has been found in Onyx up to 0.29.1. This issue affects the function generate_simple_sql of the file backend/onyx/agents/agent_search/kb_search/nodes/a3_generate_simple_sql.py of the compo…
- CVE-2025-7904HIGHCVSS 8.8EG 6.32025-07-20
A vulnerability, which was classified as critical, was found in itsourcecode Insurance Management System 1.0. This affects an unknown part of the file /insertNominee.php. The manipulation of the argument nominee_id leads to sql injection. …
- CVE-2025-7905HIGHCVSS 8.8EG 6.32025-07-20
A vulnerability has been found in itsourcecode Insurance Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /insertPayment.php. The manipulation of the argument recipt_no leads to sql inje…
- CVE-2025-7915CRITICALCVSS 9.8EG 7.32025-07-21
A vulnerability was found in Chanjet CRM 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /mail/mailinactive.php of the component Login Page. The manipulation leads to sql injection. The atta…
- CVE-2025-7927HIGHCVSS 8.8EG 6.32025-07-21
A vulnerability has been found in PHPGurukul Online Banquet Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/view-user-queries.php. The manipulation of the argument viewid leads to s…
- CVE-2025-7928CRITICALCVSS 9.8EG 7.32025-07-21
A vulnerability was found in code-projects Church Donation System 1.0 and classified as critical. This issue affects some unknown processing of the file /members/edit_user.php. The manipulation of the argument firstname leads to sql inject…
- CVE-2025-7929CRITICALCVSS 9.8EG 7.32025-07-21
A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /members/edit_Members.php. The manipulation of the argument fname leads to sql injection…
- CVE-2025-7930CRITICALCVSS 9.8EG 7.32025-07-21
A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /members/add_members.php. The manipulation of the argument mobi…
- CVE-2025-7932HIGHCVSS 8.8EG 6.32025-07-21
A vulnerability classified as critical has been found in D-Link DIR‑817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remo…
- CVE-2025-7933CRITICALCVSS 9.8EG 7.32025-07-21
A vulnerability classified as critical was found in Campcodes Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /pages/settings_update.php of the component Setting Handler. The manipulation of the argument…
- CVE-2025-7934HIGHCVSS 8.8EG 6.32025-07-21
A vulnerability, which was classified as critical, has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. This issue affects the function queryPage of the file platform-schedule/src/main/java/com/platfo…
- CVE-2025-7935HIGHCVSS 8.8EG 6.32025-07-21
A vulnerability, which was classified as critical, was found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. Affected is the function SysLogController of the file platform-admin/src/main/java/com/platform/contr…
- CVE-2025-7936HIGHCVSS 8.8EG 6.32025-07-21
A vulnerability has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a and classified as critical. Affected by this vulnerability is the function queryPage of the file com/platform/controller/ScheduleJob…
- CVE-2025-7950CRITICALCVSS 9.8EG 7.32025-07-22
A vulnerability was found in code-projects Public Chat Room 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. …
- CVE-2025-7952HIGHCVSS 8.8EG 6.32025-07-22
A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The manipulation leads to command injection. …
- CVE-2025-8018HIGHCVSS 8.8EG 6.32025-07-22
A vulnerability was found in code-projects Food Ordering Review System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user/reservation_page.php. The manipulation of the argume…
- CVE-2025-8123HIGHCVSS 8.8EG 6.32025-07-24
A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible…
- CVE-2025-8124HIGHCVSS 8.8EG 6.32025-07-25
A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/unallocatedList. The manipulation of the argument par…
- CVE-2025-8125CRITICALCVSS 9.8EG 6.32025-07-25
A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /system/role/authUser/allocatedList. The manipulation of the argument params[dataSco…
- CVE-2025-8126HIGHCVSS 8.8EG 6.32025-07-25
A vulnerability classified as critical has been found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of the file /system/user/export. The manipulation of the argument params[dataScope] leads to sql injection. It is possible …
- CVE-2025-8127HIGHCVSS 8.8EG 6.32025-07-25
A vulnerability classified as critical was found in deerwms deer-wms-2 up to 3.3. This vulnerability affects unknown code of the file /system/user/list. The manipulation of the argument params[dataScope] leads to sql injection. The attack …
- CVE-2025-8134HIGHCVSS 8.8EG 6.32025-07-25
A vulnerability classified as critical was found in PHPGurukul BP Monitoring Management System 1.0. This vulnerability affects unknown code of the file /bwdates-report-result.php. The manipulation of the argument fromdate/todate leads to s…
- CVE-2025-8135HIGHCVSS 8.8EG 6.32025-07-25
A vulnerability, which was classified as critical, has been found in itsourcecode Insurance Management System 1.0. This issue affects some unknown processing of the file /updateAgent.php. The manipulation of the argument agent_id leads to …
- CVE-2025-8154MEDIUMCVSS 5.3EG 5.32026-05-11
In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses. By exploiting this vulnerability, a m…
- CVE-2025-8156HIGHCVSS 7.2EG 6.32025-07-25
A vulnerability was found in PHPGurukul User Registration & Login and User Management 3.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/lastsevendays-reg-users.php. The manipulation of …
- CVE-2025-8157HIGHCVSS 7.2EG 6.32025-07-25
A vulnerability was found in PHPGurukul User Registration & Login and User Management 3.3. It has been classified as critical. This affects an unknown part of the file /admin/lastthirtyays-reg-users.php. The manipulation of the argument ID…
- CVE-2025-8158HIGHCVSS 7.2EG 6.32025-07-25
A vulnerability was found in PHPGurukul Login and User Management System 3.3. It has been declared as critical. This vulnerability affects unknown code of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads t…
- CVE-2025-8161HIGHCVSS 8.8EG 6.32025-07-25
A vulnerability classified as critical was found in deerwms deer-wms-2 up to 3.3. Affected by this vulnerability is an unknown functionality of the file /system/role/export. The manipulation of the argument params[dataScope] leads to sql i…
- CVE-2025-8162HIGHCVSS 8.8EG 6.32025-07-25
A vulnerability, which was classified as critical, has been found in deerwms deer-wms-2 up to 3.3. Affected by this issue is some unknown functionality of the file /system/dept/list. The manipulation of the argument params[dataScope] leads…
- CVE-2025-8163HIGHCVSS 8.8EG 6.32025-07-25
A vulnerability, which was classified as critical, was found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of the file /system/role/list. The manipulation of the argument params[dataScope] leads to sql injection. It is poss…
- CVE-2025-8164HIGHCVSS 8.8EG 6.32025-07-25
A vulnerability has been found in code-projects Public Chat Room 1.0 and classified as critical. This vulnerability affects unknown code of the file send_message.php. The manipulation of the argument ID leads to sql injection. The attack c…
- CVE-2025-8165HIGHCVSS 8.8EG 6.32025-07-25
A vulnerability was found in code-projects Food Review System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/approve_reservation.php. The manipulation of the argument occasion leads to sql inj…
- CVE-2025-8166CRITICALCVSS 9.8EG 7.32025-07-25
A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php of the component HTTP POST Request Handler. The manipulation of the arg…
- CVE-2025-8172HIGHCVSS 8.8EG 6.32025-07-25
A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It…
- CVE-2025-8173CRITICALCVSS 9.8EG 7.32025-07-25
A vulnerability has been found in 1000 Projects ABC Courier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Add_reciver.php. The manipulation of the argument reciver…
- CVE-2025-8179CRITICALCVSS 9.8EG 7.32025-07-26
A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/changeimage.php. The manipulation of the argum…
- CVE-2025-8185CRITICALCVSS 9.8EG 7.32025-07-26
A vulnerability was found in 1000 Projects ABC Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /getbyid.php. The manipulation of the argument ID leads to sql injection. It is p…
- CVE-2025-8186HIGHCVSS 8.8EG 6.32025-07-26
A vulnerability was found in Campcodes Courier Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edit_branch.php. The manipulation of the argument ID leads to s…
- CVE-2025-8187HIGHCVSS 8.8EG 6.32025-07-26
A vulnerability was found in Campcodes Courier Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /edit_parcel.php. The manipulation of the argument ID leads to sql inject…
- CVE-2025-8188HIGHCVSS 8.8EG 6.32025-07-26
A vulnerability classified as critical has been found in Campcodes Courier Management System 1.0. This affects an unknown part of the file /edit_staff.php. The manipulation of the argument ID leads to sql injection. It is possible to initi…
- CVE-2025-8189HIGHCVSS 8.8EG 6.32025-07-26
A vulnerability classified as critical was found in Campcodes Courier Management System 1.0. This vulnerability affects unknown code of the file /edit_user.php. The manipulation of the argument ID leads to sql injection. The attack can be …
- CVE-2025-8190HIGHCVSS 8.8EG 6.32025-07-26
A vulnerability, which was classified as critical, has been found in Campcodes Courier Management System 1.0. This issue affects some unknown processing of the file /print_pdets.php. The manipulation of the argument ids leads to sql inject…
- CVE-2025-8203CRITICALCVSS 9.8EG 6.32025-07-26
A vulnerability classified as critical has been found in Jingmen Zeyou Large File Upload Control up to 6.3. Affected is an unknown function of the file /index.jsp. The manipulation of the argument ID leads to sql injection. It is possible …
- CVE-2025-8219CRITICALCVSS 9.8EG 6.32025-07-27
A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. It has been rated as critical. This issue affects some unknown processing of the file /crm/crmapi/erp/tabdetail_moduleSave_dxkp.php of the co…
- CVE-2025-8220CRITICALCVSS 9.4EG 7.32025-07-27
A vulnerability has been found in Engeman Web up to 12.0.0.2. The affected element is an unknown function of the file /Login/RecoveryPass of the component Password Recovery Page. The manipulation of the argument LanguageCombobox as part of…
- CVE-2025-8229HIGHCVSS 8.8EG 6.32025-07-27
A vulnerability classified as critical has been found in Campcodes Courier Management System 1.0. This affects an unknown part of the file /parcel_list.php. The manipulation of the argument s leads to sql injection. It is possible to initi…
- CVE-2025-8230HIGHCVSS 8.8EG 6.32025-07-27
A vulnerability classified as critical was found in Campcodes Courier Management System 1.0. This vulnerability affects unknown code of the file /manage_user.php. The manipulation of the argument ID leads to sql injection. The attack can b…
- CVE-2025-8232CRITICALCVSS 9.8EG 7.32025-07-27
A vulnerability, which was classified as critical, was found in code-projects Online Ordering System 1.0. Affected is an unknown function of the file /admin/delete_user.php. The manipulation of the argument ID leads to sql injection. It is…
- CVE-2025-8233CRITICALCVSS 9.8EG 7.32025-07-27
A vulnerability has been found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/user.php. The manipulation of the argument un leads to sql…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →