CWE-74: Injection
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Yearly Trend
Top Affected Vendors
All Injection CVEs (2,237)
This SQL injection vulnerability in shawon100 RUET OJ allows attackers to manipulate database queries via the Name parameter in /contestproblem.php. A...
Oct 27, 2025This SQL injection vulnerability in RUET OJ's /description.php file allows remote attackers to manipulate database queries via the ID parameter. It af...
Oct 27, 2025This CVE describes a command injection vulnerability in D-Link DI-7001 MINI routers through the /msp_info.htm endpoint. Attackers can execute arbitrar...
Oct 27, 2025This SQL injection vulnerability in code-projects Online Event Judging System 1.0 allows attackers to manipulate database queries through the judge_id...
Oct 27, 2025This SQL injection vulnerability in code-projects Online Event Judging System 1.0 allows attackers to manipulate database queries via the contestant_i...
Oct 27, 2025CVE-2025-12255 is an SQL injection vulnerability in code-projects Online Event Judging System 1.0 affecting the /add_contestant.php file. Attackers ca...
Oct 27, 2025This SQL injection vulnerability in Online Event Judging System 1.0 allows attackers to execute arbitrary SQL commands through the content parameter i...
Oct 27, 2025This CSV injection vulnerability in Axosoft Scrum and Bug Tracking allows attackers to inject malicious formulas into ticket titles, which could execu...
Oct 27, 2025This SQL injection vulnerability in Client Details System 1.0 allows attackers to manipulate database queries via the ID parameter in welcome.php. Rem...
Oct 27, 2025CVE-2025-12238 is an SQL injection vulnerability in code-projects Automated Voting System 1.0 that allows attackers to manipulate database queries via...
Oct 27, 2025This SQL injection vulnerability in Shenzhen Ruiming Technology's Streamax Crocus system allows attackers to manipulate database queries through the s...
Oct 17, 2025This CVE describes a SQL injection vulnerability in Shenzhen Ruiming Technology's Streamax Crocus system version 1.3.40. Attackers can remotely exploi...
Oct 17, 2025This CVE describes a SQL injection vulnerability in Shenzhen Ruiming Technology's Streamax Crocus system version 1.3.40. Attackers can remotely exploi...
Oct 17, 2025This CVE describes a SQL injection vulnerability in Shenzhen Ruiming Technology's Streamax Crocus system version 1.3.40. Attackers can manipulate the ...
Oct 17, 2025This vulnerability allows remote attackers to execute arbitrary code through code injection in the getArticle function of ChanCMS. It affects all Chan...
Oct 17, 2025This SQL injection vulnerability in ChanCMS allows attackers to manipulate database queries through the hasUse function. It affects ChanCMS versions u...
Oct 17, 2025This SQL injection vulnerability in ChanCMS allows remote attackers to execute arbitrary SQL commands by manipulating the 'cid' parameter in the artic...
Oct 17, 2025This SQL injection vulnerability in ChanCMS allows remote attackers to execute arbitrary SQL commands by manipulating the 'cid' parameter in the findF...
Oct 17, 2025This SQL injection vulnerability in Automated Voting System 1.0 allows attackers to manipulate database queries through the 'firstname' parameter in t...
Oct 13, 2025This SQL injection vulnerability in RainyGao DocSys allows attackers to execute arbitrary SQL commands through the getUserList function. It affects al...
Oct 12, 2025This SQL injection vulnerability in Simple Food Ordering System 1.0 allows attackers to execute arbitrary SQL commands via the 'cname' parameter in /a...
Oct 11, 2025This SQL injection vulnerability in Simple Food Ordering System 1.0 allows attackers to manipulate database queries through the Category parameter in ...
Oct 11, 2025This vulnerability allows remote attackers to execute SQL injection attacks against SourceCodester Simple Inventory System 1.0 by manipulating the uem...
Oct 11, 2025This SQL injection vulnerability in SourceCodester Simple Inventory System 1.0 allows attackers to execute arbitrary SQL commands through the editBran...
Oct 11, 2025This CVE describes a SQL injection vulnerability in iPynch Social Network Website's search component that allows remote attackers to execute arbitrary...
Oct 11, 2025This SQL injection vulnerability in code-projects E-Commerce Website 1.0 allows attackers to manipulate database queries through the prod_id parameter...
Oct 11, 2025This SQL injection vulnerability in CodeAstro Gym Management System 1.0 allows attackers to manipulate database queries through the /admin/edit-equipm...
Oct 11, 2025This SQL injection vulnerability in CodeAstro Gym Management System 1.0 allows attackers to manipulate database queries through the /admin/actions/del...
Oct 11, 2025This SQL injection vulnerability in CodeAstro Gym Management System 1.0 allows attackers to manipulate database queries through the /admin/actions/del...
Oct 11, 2025This vulnerability allows remote attackers to execute SQL injection attacks against CodeAstro Gym Management System 1.0 through the /admin/equipment-e...
Oct 11, 2025This SQL injection vulnerability in CodeAstro Gym Management System 1.0 allows attackers to manipulate database queries through the 'plan' parameter i...
Oct 10, 2025This SQL injection vulnerability in code-projects Online Complaint Site 1.0 allows attackers to manipulate database queries through the Category param...
Oct 9, 2025This SQL injection vulnerability in Student Result Manager 1.0 allows remote attackers to execute arbitrary SQL commands by manipulating roll, name, o...
Oct 9, 2025CVE-2025-11530 is a SQL injection vulnerability in code-projects Online Complaint Site 1.0 that allows attackers to manipulate database queries throug...
Oct 9, 2025This vulnerability in Tenda AC7 routers allows remote attackers to execute arbitrary commands through command injection in the lanIp parameter of the ...
Oct 9, 2025This SQL injection vulnerability in code-projects Online Complaint Site 1.0 allows remote attackers to manipulate database queries through the cid par...
Oct 9, 2025This CVE describes a SQL injection vulnerability in code-projects Online Complaint Site 1.0. Attackers can manipulate the 'cid' parameter in the /cms/...
Oct 9, 2025This SQL injection vulnerability in code-projects E-Commerce Website 1.0 allows attackers to manipulate database queries through the supp_email parame...
Oct 8, 2025This SQL injection vulnerability in code-projects E-Commerce Website 1.0 allows attackers to manipulate database queries through the prod_name paramet...
Oct 8, 2025This CVE describes an SQL injection vulnerability in SourceCodester Farm Management System 1.0, specifically in the /uploadProduct.php file's Type par...
Oct 8, 2025This SQL injection vulnerability in SourceCodester Farm Management System 1.0 allows attackers to manipulate database queries through the Name paramet...
Oct 8, 2025This CVE describes an SQL injection vulnerability in the Blood-Bank-And-Donation-Management-System's donate_blood.php file, specifically in the 'fulln...
Oct 8, 2025This SQL injection vulnerability in SourceCodester Farm Management System 1.0 allows attackers to manipulate database queries through the /myCart.php ...
Oct 8, 2025This SQL injection vulnerability in SourceCodester Hotel and Lodge Management System 1.0 allows attackers to manipulate database queries through the C...
Oct 8, 2025This SQL injection vulnerability in code-projects Web-Based Inventory and POS System 1.0 allows attackers to manipulate database queries through the s...
Oct 8, 2025This SQL injection vulnerability in Campcodes Advanced Online Voting Management System 1.0 allows attackers to manipulate database queries through the...
Oct 7, 2025This SQL injection vulnerability in SourceCodester Hotel and Lodge Management System 1.0 allows attackers to manipulate database queries through the /...
Oct 7, 2025This vulnerability allows remote attackers to execute arbitrary SQL commands via the ID parameter in the /del_curr.php file of SourceCodester Hotel an...
Oct 7, 2025This SQL injection vulnerability in SourceCodester Hotel and Lodge Management System 1.0 allows remote attackers to manipulate database queries via th...
Oct 7, 2025This vulnerability allows remote attackers to execute arbitrary SQL commands via the 'currcode' parameter in the /pages/save_curr.php file of SourceCo...
Oct 7, 2025About Injection (CWE-74)
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Our database tracks 2,237 CVEs classified as CWE-74, with 129 rated critical and 1,305 rated high severity. The average CVSS score for Injection vulnerabilities is 7.0.
External reference: View CWE-74 on MITRE CWE →
Monitor Injection Vulnerabilities
Get alerted when new Injection CVEs affect your infrastructure.
Start Monitoring Free