CWE-74: Injection
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Yearly Trend
Top Affected Vendors
All Injection CVEs (2,238)
This SQL injection vulnerability in SourceCodester Pet Grooming Management Software 1.0 allows remote attackers to execute arbitrary SQL commands via ...
Sep 15, 2025This SQL injection vulnerability in SourceCodester Student Grading System 1.0 allows attackers to manipulate database queries through the /update_acco...
Sep 15, 2025This SQL injection vulnerability in SourceCodester Student Grading System 1.0 allows attackers to manipulate database queries via the ID parameter in ...
Sep 15, 2025This vulnerability allows remote attackers to execute SQL injection attacks against SourceCodester Student Grading System 1.0 via the ID parameter in ...
Sep 15, 2025This SQL injection vulnerability in SourceCodester Student Grading System 1.0 allows attackers to manipulate database queries through the 'sy' paramet...
Sep 15, 2025This SQL injection vulnerability in SourceCodester Student Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the 'fname...
Sep 14, 2025This SQL injection vulnerability in SourceCodester Student Grading System 1.0 allows attackers to manipulate database queries through the /edit_user.p...
Sep 14, 2025This vulnerability allows remote attackers to execute arbitrary commands on D-Link DIR-823x routers by injecting malicious input into the target_addr ...
Sep 14, 2025This SQL injection vulnerability in SourceCodester Food Ordering Management System 1.0 allows attackers to manipulate database queries via the ticket_...
Sep 14, 2025This SQL injection vulnerability in Korzh EasyQuery allows attackers to execute arbitrary SQL commands through the Query Builder UI component. It affe...
Sep 14, 2025This SQL injection vulnerability in Jasmin Ransomware's handshake.php file allows remote attackers to execute arbitrary SQL commands by manipulating p...
Sep 14, 2025This SQL injection vulnerability in ruoyi-go 2.1 allows attackers to manipulate database queries through the sortName parameter in the background mana...
Sep 10, 2025This CVE describes a SQL injection vulnerability in ChanCMS up to version 3.3.0, specifically in the Search function's key parameter. Attackers can re...
Sep 10, 2025This CVE describes a SQL injection vulnerability in HJSoft HCM Human Resources Management System. Attackers can manipulate the ID parameter in the /te...
Sep 10, 2025This SQL injection vulnerability in uverif allows remote attackers to execute arbitrary SQL commands through manipulation of the 'note' parameter in t...
Sep 9, 2025This SQL injection vulnerability in ChanCMS allows attackers to execute arbitrary SQL commands through the /cms/article/search endpoint by manipulatin...
Sep 8, 2025This CVE describes an SQL injection vulnerability in PHPGurukul User Management System 1.0 affecting the /admin/edit-user-profile.php file. Attackers ...
Sep 8, 2025This vulnerability allows remote attackers to execute arbitrary code on SimStudioAI sim servers by injecting malicious code through the 'code' paramet...
Sep 8, 2025This CVE describes a SQL injection vulnerability in Portabilis i-Educar educational software versions up to 2.10. Attackers can exploit the 'ref_cod_a...
Sep 5, 2025This CVE describes a command injection vulnerability in TOTOLINK X5000R routers affecting the sub_410C34 function in the cgi-bin/cstecgi.cgi file. Att...
Sep 4, 2025This SQL injection vulnerability in itsourcecode Sports Management System 1.0 allows attackers to manipulate database queries through the /Admin/mode....
Sep 1, 2025This CVE describes an SQL injection vulnerability in the Chemical Inventory Management System up to version 1.0. Attackers can exploit the 'chem_name'...
Sep 1, 2025This SQL injection vulnerability in PHPGurukul User Management System 1.0 allows attackers to manipulate database queries through the uid parameter in...
Sep 1, 2025This SQL injection vulnerability in SourceCodester Advanced School Management System 1.0 allows remote attackers to execute arbitrary SQL commands via...
Aug 30, 2025This SQL injection vulnerability in SourceCodester Advanced School Management System 1.0 allows attackers to manipulate database queries through the '...
Aug 30, 2025This CVE describes a SQL injection vulnerability in Portabilis i-Educar's knowledge area listing page. Attackers can exploit this by manipulating the ...
Aug 30, 2025This CVE describes a SQL injection vulnerability in Portabilis i-Educar's Formula de Cálculo de Média page. Attackers can exploit the 'ID' parameter...
Aug 30, 2025CVE-2025-9665 is an SQL injection vulnerability in Simple Grading System 1.0 that allows attackers to manipulate database queries through the /edit_st...
Aug 29, 2025CVE-2025-9664 is an SQL injection vulnerability in Simple Grading System 1.0's admin panel that allows attackers to manipulate database queries throug...
Aug 29, 2025CVE-2025-9654 is a command injection vulnerability in AiondaDotCom mcp-ssh up to version 1.0.3 that allows remote attackers to execute arbitrary comma...
Aug 29, 2025CVE-2025-9607 is a SQL injection vulnerability in Portabilis i-Educar's Tabelas de Arredondamento page that allows remote attackers to execute arbitra...
Aug 29, 2025This CVE describes a command injection vulnerability in Telesquare TLR-2005KSH routers version 1.2.4. Attackers can execute arbitrary commands by mani...
Aug 29, 2025This vulnerability allows remote attackers to execute arbitrary commands on Comfast CF-N1 routers running firmware version 2.6.0. Attackers can exploi...
Aug 28, 2025A command injection vulnerability in the ping_config function of Comfast CF-N1 firmware version 2.6.0 allows remote attackers to execute arbitrary com...
Aug 28, 2025This vulnerability allows remote attackers to execute arbitrary commands on Comfast CF-N1 routers by injecting malicious input into the phy_interface ...
Aug 28, 2025CVE-2025-9532 is a SQL injection vulnerability in Portabilis i-Educar educational software that allows remote attackers to execute arbitrary SQL comma...
Aug 27, 2025CVE-2025-9417 is a SQL injection vulnerability in itsourcecode Apartment Management System 1.0 that allows remote attackers to execute arbitrary SQL c...
Aug 25, 2025This SQL injection vulnerability in lostvip-com ruoyi-go allows attackers to manipulate database queries through the orderByColumn/isAsc parameters. I...
Aug 25, 2025This CVE describes an SQL injection vulnerability in the lostvip-com ruoyi-go framework's login information service. Attackers can manipulate the 'isA...
Aug 25, 2025This vulnerability allows remote attackers to execute SQL injection attacks against YiFang CMS versions up to 2.0.5 by manipulating the new_url parame...
Aug 25, 2025This CVE describes a SQL injection vulnerability in Bjskzy Zhiyou ERP software up to version 11.0. Attackers can remotely exploit the getFieldValue fu...
Aug 24, 2025This SQL injection vulnerability in Chat2DB's JDBC Connection Handler allows remote attackers to execute arbitrary SQL commands on the database. It af...
Aug 19, 2025This SQL injection vulnerability in Shanghai Lingdang Information Technology's Lingdang CRM allows remote attackers to execute arbitrary SQL commands ...
Aug 19, 2025This vulnerability allows remote attackers to execute SQL injection attacks against Simple Cafe Ordering System 1.0 through the /portal.php file. Atta...
Aug 15, 2025This SQL injection vulnerability in Medical Store Management System 1.0 allows attackers to execute arbitrary SQL commands via the companyNameTxt para...
Aug 14, 2025This SQL injection vulnerability in Medical Store Management System 1.0 allows attackers to manipulate database queries through the password change fu...
Aug 14, 2025This SQL injection vulnerability in Medical Store Management System 1.0 allows attackers to execute arbitrary SQL commands through the searchTxt param...
Aug 13, 2025This SQL injection vulnerability in Medical Store Management System 1.0 allows attackers to manipulate database queries through the productNameTxt par...
Aug 13, 2025This is a critical SQL injection vulnerability in zhilink ADP Application Developer Platform 1.0.0 that allows remote attackers to execute arbitrary S...
Aug 10, 2025This critical SQL injection vulnerability in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 allows remote attackers to execute arbitra...
Aug 8, 2025About Injection (CWE-74)
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Our database tracks 2,238 CVEs classified as CWE-74, with 129 rated critical and 1,306 rated high severity. The average CVSS score for Injection vulnerabilities is 7.0.
External reference: View CWE-74 on MITRE CWE →
Monitor Injection Vulnerabilities
Get alerted when new Injection CVEs affect your infrastructure.
Start Monitoring Free