CWE-74: Injection

CVE-2026-0582 is an SQL injection vulnerability in itsourcecode Society Management System 1.0 that allows attackers to manipulate database queries thr...

This CVE describes a command injection vulnerability in Tenda AC1206 routers that allows remote attackers to execute arbitrary commands on affected de...

This CVE describes a SQL injection vulnerability in the sfturing hosp_order software's findOrderHosNum function. Attackers can exploit this by manipul...

This SQL injection vulnerability in Daptin's Aggregate API allows remote attackers to execute arbitrary SQL commands by manipulating column/group/orde...

This vulnerability allows remote attackers to execute arbitrary code on Kohana KodiCMS systems through code injection in the Layout API Endpoint's Sav...

This CVE describes a remote command injection vulnerability in D-Link DIR-806A routers via the SSDP request handler. Attackers can execute arbitrary c...

This CVE describes a SQL injection vulnerability in Kohana KodiCMS's Search API Endpoint. Attackers can remotely exploit this by manipulating the 'key...

This CVE describes a command injection vulnerability in D-Link DI-7400G+ routers that allows remote attackers to execute arbitrary commands on affecte...

This SQL injection vulnerability in Refugee Food Management System 1.0 allows attackers to manipulate database queries through the 'a' parameter in /h...

This CVE describes a SQL injection vulnerability in the Refugee Food Management System 1.0. Attackers can manipulate parameters in the /home/refugee.p...

This SQL injection vulnerability in Refugee Food Management System 1.0 allows attackers to manipulate database queries through the /home/editrefugee.p...

CVE-2025-15209 is a SQL injection vulnerability in the Refugee Food Management System 1.0 that allows remote attackers to execute arbitrary SQL comman...

CVE-2025-15205 is an SQL injection vulnerability in code-projects Student File Management System 1.0 affecting the /download.php file via the istore_i...

This CVE describes a command injection vulnerability in D-Link DWR-M920 routers that allows remote attackers to execute arbitrary commands by manipula...

This CVE describes a command injection vulnerability in D-Link DWR-M920 routers that allows remote attackers to execute arbitrary commands by manipula...

This CVE describes a command injection vulnerability in TRENDnet TEW-822DRE routers that allows remote attackers to execute arbitrary commands on affe...

This vulnerability allows remote attackers to execute arbitrary commands on ZSPACE Z4Pro+ devices through command injection in the HTTP POST request h...

This CVE describes a command injection vulnerability in ZSPACE Z4Pro+ devices that allows remote attackers to execute arbitrary commands on affected s...

This vulnerability allows remote attackers to execute arbitrary commands on ZSPACE Z4Pro+ devices through command injection in the HTTP POST request h...

This vulnerability allows remote attackers to execute arbitrary code through a file upload manipulation in ChenJinchuang Lin-CMS-TP5. Attackers can ex...

This SQL injection vulnerability in ketr JEPaaS allows attackers to execute arbitrary SQL commands by manipulating the 'keyWord' parameter in the post...

This vulnerability allows remote attackers to execute arbitrary commands on JD Cloud BE6500 routers by exploiting a command injection flaw in the ddns...

This CVE describes a SQL injection vulnerability in the loganhong php loganSite software's article handler component. Attackers can remotely exploit t...

This SQL injection vulnerability in DedeCMS allows attackers to manipulate database queries through the orderby parameter in /freelist_main.php. Attac...

This vulnerability allows remote attackers to execute arbitrary code on RuoYi systems up to version 4.8.1 through code injection in the /monitor/cache...

CVE-2025-14834 is an SQL injection vulnerability in Simple Stock System 1.0 that allows attackers to manipulate database queries via the Username para...

This SQL injection vulnerability in Xiongwei Smart Catering Cloud Platform allows remote attackers to execute arbitrary SQL commands through the filte...

This vulnerability allows remote attackers to execute arbitrary code through injection in the QLExpressEngine.doEval function in aizuda snail-job. Aff...

This CVE describes a SQL injection vulnerability in code-projects Prison Management System 2.0 affecting the /admin/search.php file. Attackers can man...

This CVE describes a SQL injection vulnerability in haxxorsid Stock-Management-System that allows remote attackers to execute arbitrary SQL commands v...

This vulnerability allows remote attackers to execute SQL injection attacks against Jihai Jshop MiniProgram Mall System 2.9.0 by manipulating the cat_...

CVE-2025-14247 is an SQL injection vulnerability in Simple Shopping Cart 1.0's /Admin/additems.php file, allowing remote attackers to manipulate datab...

This SQL injection vulnerability in Simple Shopping Cart 1.0 allows attackers to manipulate database queries through the user_id parameter in /Custome...

This SQL injection vulnerability in Daily Time Recording System 4.5.0 allows attackers to manipulate database queries through the detail_Id parameter ...

This CVE describes a SQL injection vulnerability in Philipinho Simple-PHP-Blog's edit.php file that allows attackers to execute arbitrary SQL commands...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DCS-930L IP cameras via command injection in the /setSystemAdmin en...

CVE-2025-14222 is a SQL injection vulnerability in code-projects Employee Profile Management System 1.0 that allows attackers to manipulate database q...

This vulnerability allows remote attackers to execute arbitrary SQL commands via the ID parameter in /section_edit1.php in itsourcecode Student Inform...

This CVE describes a command injection vulnerability in D-Link DIR-823X routers where attackers can execute arbitrary commands by manipulating the ppp...

This SQL injection vulnerability in code-projects Question Paper Generator allows attackers to manipulate database queries through the 'subid' paramet...

This SQL injection vulnerability in Employee Profile Management System 1.0 allows attackers to manipulate database queries via the per_id parameter in...

This CVE describes a SQL injection vulnerability in Yonyou U8 Cloud enterprise software. Attackers can remotely exploit this by manipulating the 'user...

This vulnerability allows remote attackers to execute arbitrary commands on SGAI Space1 NAS N1211DS devices through command injection in the gsaiagent...

This CVE describes a SQL injection vulnerability in jsnjfz WebStack-Guns 1.0 that allows remote attackers to execute arbitrary SQL commands by manipul...

This vulnerability allows remote attackers to execute arbitrary commands on ADSLR NBR1005GPEV2 routers by injecting malicious input into the 'mac' par...

This CVE describes a command injection vulnerability in the ADSLR B-QE2W401 device's web interface. Attackers can remotely execute arbitrary commands ...

This vulnerability allows remote attackers to execute arbitrary commands on ADSLR NBR1005GPEV2 routers by injecting malicious commands into the 'mac' ...

This vulnerability allows remote attackers to execute arbitrary commands on ADSLR NBR1005GPEV2 routers by injecting malicious input into the 'mac' par...

This CVE describes a SQL injection vulnerability in taosir WTCMS's comment administration component. Attackers can remotely exploit this flaw by manip...

CVE-2025-13581 is an SQL injection vulnerability in itsourcecode Student Information System 1.0 that allows remote attackers to execute arbitrary SQL ...