CWE-74: Injection
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Yearly Trend
Top Affected Vendors
All Injection CVEs (2,188)
CVE-2025-7514 is a critical SQL injection vulnerability in Modern Bag 1.0 that allows remote attackers to execute arbitrary SQL commands via the idSta...
Jul 13, 2025CVE-2025-7512 is a critical SQL injection vulnerability in Modern Bag 1.0 that allows remote attackers to execute arbitrary SQL commands via the conta...
Jul 13, 2025This critical SQL injection vulnerability in Modern Bag 1.0 allows remote attackers to execute arbitrary SQL commands via the 'namepro' parameter in /...
Jul 13, 2025CVE-2025-7508 is a critical SQL injection vulnerability in Modern Bag 1.0's admin/product-update.php file that allows remote attackers to manipulate d...
Jul 13, 2025This critical SQL injection vulnerability in PHPGurukul Vehicle Parking Management System 1.13 allows attackers to execute arbitrary SQL commands via ...
Jul 12, 2025This critical SQL injection vulnerability in PHPGurukul Vehicle Parking Management System allows attackers to manipulate database queries through the ...
Jul 12, 2025CVE-2025-7478 is a critical SQL injection vulnerability in Modern Bag 1.0 that allows remote attackers to execute arbitrary SQL commands via the idCat...
Jul 12, 2025A critical SQL injection vulnerability in Simple Car Rental System 1.0 allows remote attackers to execute arbitrary SQL commands via the 'mpesa' param...
Jul 12, 2025CVE-2025-7471 is a critical SQL injection vulnerability in Modern Bag 1.0 that allows remote attackers to execute arbitrary SQL commands via the user-...
Jul 12, 2025This critical SQL injection vulnerability in Campcodes Sales and Inventory System 1.0 allows remote attackers to execute arbitrary SQL commands via th...
Jul 12, 2025This critical SQL injection vulnerability in ABC Courier Management 1.0 allows remote attackers to execute arbitrary SQL commands via the Name paramet...
Jul 12, 2025This critical SQL injection vulnerability in Campcodes Online Movie Theater Seat Reservation System 1.0 allows attackers to manipulate database querie...
Jul 11, 2025This critical SQL injection vulnerability in Campcodes Online Movie Theater Seat Reservation System 1.0 allows remote attackers to execute arbitrary S...
Jul 11, 2025A critical SQL injection vulnerability in Campcodes Online Movie Theater Seat Reservation System 1.0 allows remote attackers to execute arbitrary SQL ...
Jul 11, 2025This critical SQL injection vulnerability in Campcodes Online Recruitment Management System 1.0 allows remote attackers to execute arbitrary SQL comma...
Jul 11, 2025CVE-2025-7411 is a critical SQL injection vulnerability in LifeStyle Store 1.0 that allows remote attackers to execute arbitrary SQL commands via the ...
Jul 10, 2025CVE-2025-7410 is a critical SQL injection vulnerability in LifeStyle Store 1.0 that allows remote attackers to execute arbitrary SQL commands via the ...
Jul 10, 2025Campcodes Payroll Management System 1.0 contains a critical SQL injection vulnerability in the /ajax.php?action=save_deductions endpoint. Attackers ca...
Jul 9, 2025CVE-2025-7218 is a critical SQL injection vulnerability in Campcodes Payroll Management System 1.0 that allows remote attackers to execute arbitrary S...
Jul 9, 2025CVE-2025-7211 is a critical SQL injection vulnerability in LifeStyle Store 1.0 that allows remote attackers to execute arbitrary SQL commands via the ...
Jul 9, 2025This critical SQL injection vulnerability in Jonnys Liquor 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter in /admi...
Jul 8, 2025This critical SQL injection vulnerability in Agri-Trading Online Shopping System allows remote attackers to execute arbitrary SQL commands through the...
Jul 8, 2025This critical SQL injection vulnerability in the Student Enrollment System 1.0 allows attackers to manipulate database queries through the Username pa...
Jul 8, 2025CVE-2025-7185 is a critical SQL injection vulnerability in code-projects Library System 1.0 that allows remote attackers to execute arbitrary SQL comm...
Jul 8, 2025This critical SQL injection vulnerability in Campcodes Sales and Inventory System 1.0 allows attackers to execute arbitrary SQL commands through the C...
Jul 8, 2025This critical SQL injection vulnerability in Staff Audit System 1.0 allows attackers to execute arbitrary SQL commands through the User parameter in /...
Jul 8, 2025A critical SQL injection vulnerability in code-projects Library System 1.0 allows attackers to manipulate database queries through the Username parame...
Jul 8, 2025This critical SQL injection vulnerability in PHPGurukul Hospital Management System 1.0 allows remote attackers to execute arbitrary SQL commands via t...
Jul 8, 2025CVE-2025-7173 is a critical SQL injection vulnerability in code-projects Library System 1.0 that allows remote attackers to execute arbitrary SQL comm...
Jul 8, 2025A critical SQL injection vulnerability exists in the Crime Reporting System 1.0's registration.php file, allowing remote attackers to manipulate datab...
Jul 8, 2025This critical SQL injection vulnerability in the Crime Reporting System 1.0 allows attackers to execute arbitrary SQL commands via the email parameter...
Jul 8, 2025This critical SQL injection vulnerability in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 allows attackers to manipulate database queries thr...
Jul 8, 2025This critical SQL injection vulnerability in PHPGurukul Zoo Management System 2.1 allows attackers to manipulate database queries through the Username...
Jul 8, 2025CVE-2025-7157 is a critical SQL injection vulnerability in code-projects Online Note Sharing 1.0 that allows attackers to execute arbitrary SQL comman...
Jul 8, 2025This critical vulnerability in PHPGurukul Online Notes Sharing System 1.0 allows remote attackers to perform SQL injection via the sessionid parameter...
Jul 8, 2025This critical SQL injection vulnerability in CodeAstro Patient Record Management System 1.0 allows attackers to execute arbitrary SQL commands through...
Jul 7, 2025This critical SQL injection vulnerability in Campcodes Online Recruitment Management System 1.0 allows remote attackers to execute arbitrary SQL comma...
Jul 7, 2025A critical SQL injection vulnerability in Campcodes Online Recruitment Management System 1.0 allows remote attackers to execute arbitrary SQL commands...
Jul 7, 2025Campcodes Payroll Management System 1.0 contains a critical SQL injection vulnerability in the /ajax.php?action=save_payroll endpoint via manipulation...
Jul 7, 2025This critical SQL injection vulnerability in Campcodes Payroll Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the...
Jul 7, 2025This critical SQL injection vulnerability in Campcodes Payroll Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the...
Jul 7, 2025This critical SQL injection vulnerability in Campcodes Complaint Management System 1.0 allows attackers to manipulate database queries via the email p...
Jul 7, 2025This critical SQL injection vulnerability in Campcodes Complaint Management System 1.0 allows attackers to execute arbitrary SQL commands via the User...
Jul 7, 2025This critical SQL injection vulnerability in Campcodes Employee Management System 1.0 allows remote attackers to execute arbitrary SQL commands via th...
Jul 1, 2025A critical SQL injection vulnerability exists in Campcodes Employee Management System 1.0, specifically in the /mark.php file's ID parameter. This all...
Jul 1, 2025A critical SQL injection vulnerability in Campcodes Employee Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the I...
Jul 1, 2025CVE-2025-6958 is a critical SQL injection vulnerability in Campcodes Employee Management System 1.0 that allows remote attackers to execute arbitrary ...
Jul 1, 2025A critical SQL injection vulnerability in Campcodes Employee Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the '...
Jul 1, 2025CVE-2025-6938 is a critical SQL injection vulnerability in Simple Pizza Ordering System 1.0 that allows remote attackers to execute arbitrary SQL comm...
Jul 1, 2025CVE-2025-6936 is a critical SQL injection vulnerability in Simple Pizza Ordering System 1.0 that allows remote attackers to execute arbitrary SQL comm...
Jul 1, 2025About Injection (CWE-74)
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Our database tracks 2,188 CVEs classified as CWE-74, with 109 rated critical and 1,287 rated high severity. The average CVSS score for Injection vulnerabilities is 7.0.
External reference: View CWE-74 on MITRE CWE →
Monitor Injection Vulnerabilities
Get alerted when new Injection CVEs affect your infrastructure.
Start Monitoring Free