CWE-74: Injection
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Yearly Trend
Top Affected Vendors
All Injection CVEs (2,245)
This critical SQL injection vulnerability in PHPGurukul Employee Record Management System 1.3 allows remote attackers to execute arbitrary SQL command...
Jun 6, 2025This critical SQL injection vulnerability in Patient Record Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the it...
Jun 6, 2025This critical SQL injection vulnerability in PHPGurukul Employee Record Management System 1.3 allows attackers to manipulate database queries through ...
Jun 6, 2025A critical SQL injection vulnerability exists in code-projects Patient Record Management System 1.0, specifically in the view_hematology.php file's it...
Jun 6, 2025This critical SQL injection vulnerability in Brilliance Golden Link Secondary System allows remote attackers to execute arbitrary SQL commands via the...
Jun 5, 2025This critical SQL injection vulnerability in Brilliance Golden Link Secondary System allows remote attackers to execute arbitrary SQL commands by mani...
Jun 5, 2025This critical SQL injection vulnerability in PHPGurukul Human Metapneumovirus Testing Management System 1.0 allows remote attackers to execute arbitra...
Jun 5, 2025CVE-2025-5674 is a critical SQL injection vulnerability in the Patient Record Management System 1.0 that allows remote attackers to execute arbitrary ...
Jun 5, 2025This critical SQL injection vulnerability in PHPGurukul Medical Card Generation System 1.0 allows attackers to manipulate database queries through the...
Jun 5, 2025This critical SQL injection vulnerability in PHPGurukul Complaint Management System 2.0 allows attackers to manipulate database queries through the pi...
Jun 5, 2025This critical SQL injection vulnerability in PHPGurukul Complaint Management System 2.0 allows remote attackers to execute arbitrary SQL commands via ...
Jun 5, 2025This critical SQL injection vulnerability in PHPGurukul Complaint Management System 2.0 allows attackers to manipulate database queries through the de...
Jun 5, 2025This critical vulnerability in PHPGurukul Complaint Management System 2.0 allows remote attackers to execute SQL injection attacks via the fromdate/to...
Jun 5, 2025This critical SQL injection vulnerability in the NEWS-BUZZ 1.0 CMS allows remote attackers to execute arbitrary SQL commands via the 'change_to_admin'...
Jun 5, 2025This critical SQL injection vulnerability in PHPGurukul Online Fire Reporting System 1.2 allows attackers to manipulate database queries through the t...
Jun 4, 2025This critical SQL injection vulnerability in PHPGurukul Online Fire Reporting System 1.2 allows attackers to manipulate database queries through the m...
Jun 4, 2025This critical SQL injection vulnerability in PHPGurukul Online Fire Reporting System 1.2 allows attackers to manipulate database queries through the '...
Jun 4, 2025This critical SQL injection vulnerability in CodeAstro Real Estate Management System 1.0 allows attackers to manipulate database queries through the /...
Jun 4, 2025This critical SQL injection vulnerability in PHPGurukul Online Fire Reporting System 1.2 allows attackers to manipulate database queries via the 'full...
Jun 4, 2025This critical vulnerability in Tenda AC18 routers allows remote attackers to execute arbitrary commands via command injection in the formSetIptv funct...
Jun 4, 2025CVE-2025-5582 is a critical SQL injection vulnerability in CodeAstro Real Estate Management System 1.0 that allows remote attackers to execute arbitra...
Jun 4, 2025This critical SQL injection vulnerability in IdeaCMS allows remote attackers to manipulate database queries through the Article/Goods function. Attack...
Jun 4, 2025This critical vulnerability in PHPGurukul Notice Board System 1.0 allows remote attackers to execute SQL injection attacks via the searchdata paramete...
Jun 4, 2025This critical SQL injection vulnerability in PHPGurukul Teacher Subject Allocation Management System 1.0 allows attackers to manipulate database queri...
Jun 4, 2025This critical vulnerability in PHPGurukul Rail Pass Management System 1.0 allows remote attackers to execute SQL injection attacks via the fromdate/to...
Jun 4, 2025This critical SQL injection vulnerability in PHPGurukul Daily Expense Tracker System allows remote attackers to execute arbitrary SQL commands via the...
Jun 4, 2025This critical vulnerability in TOTOLINK X2000R routers allows remote attackers to execute arbitrary commands via command injection in the /boafrm/form...
Jun 3, 2025This critical vulnerability in TOTOLINK X15 routers allows remote attackers to execute arbitrary commands via command injection in the formMapReboot f...
Jun 3, 2025This CVE describes a critical SQL injection vulnerability in Baison Channel Middleware Product 2.0.1. Attackers can remotely exploit the /e3api/api/ma...
Jun 3, 2025This CVE describes a critical SQL injection vulnerability in Feng Office 3.5.1.5 that allows remote attackers to execute arbitrary SQL commands via th...
Jun 2, 2025This critical SQL injection vulnerability in AssamLook CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter in /view...
Jun 2, 2025This critical SQL injection vulnerability in AssamLook CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter in /prod...
Jun 2, 2025This critical SQL injection vulnerability in Blogbook's admin interface allows attackers to manipulate database queries via the post_id parameter in /...
Jun 1, 2025This critical SQL injection vulnerability in JeeWMS allows attackers to execute arbitrary SQL commands through the /generateController.do?dogenerate e...
May 31, 2025This critical SQL injection vulnerability in JeeWMS allows remote attackers to execute arbitrary SQL commands through the transEditor function. Any or...
May 31, 2025CVE-2025-5384 is a critical SQL injection vulnerability in JeeWMS that allows remote attackers to execute arbitrary SQL commands through the /cgAutoLi...
May 31, 2025A critical SQL injection vulnerability exists in PHPGurukul Online Birth Certificate System 2.0, specifically in the /admin/all-applications.php file ...
May 31, 2025This critical SQL injection vulnerability in llisoft MTA Maita Training System 4.5 allows remote attackers to execute arbitrary SQL commands via the s...
May 26, 2025This critical SQL injection vulnerability in FoxCMS 1.2.5 allows remote attackers to execute arbitrary SQL commands via the 'ids' parameter in the bat...
May 25, 2025This critical vulnerability in Netcore routers allows remote attackers to execute arbitrary commands by injecting malicious input into the 'url' param...
May 25, 2025A critical command injection vulnerability in Netcore networking devices allows remote attackers to execute arbitrary commands on affected systems. Th...
May 25, 2025A critical command injection vulnerability in Linksys FGW3000 routers allows remote attackers to execute arbitrary commands via manipulated filename p...
May 20, 2025CVE-2025-4866 is a critical code injection vulnerability in weibocom rill-flow's Management Console component. Attackers can remotely execute arbitrar...
May 18, 2025This critical vulnerability in Advaya Softech GEMS ERP Portal 2.1 allows remote attackers to execute SQL injection attacks via the userId parameter in...
May 18, 2025This critical vulnerability in TOTOLINK N300RH routers allows remote attackers to execute arbitrary commands by manipulating the FileName parameter in...
May 18, 2025This critical vulnerability in TOTOLINK N300RH routers allows remote attackers to execute arbitrary commands through command injection in the CloudACM...
May 18, 2025This critical SQL injection vulnerability in PHPGurukul Park Ticketing Management System 2.0 allows remote attackers to execute arbitrary SQL commands...
May 16, 2025This critical SQL injection vulnerability in SourceCodester/oretnom23 Stock Management System 1.0 allows attackers to manipulate database queries thro...
May 16, 2025This critical SQL injection vulnerability in SourceCodester/oretnom23 Stock Management System 1.0 allows attackers to manipulate database queries via ...
May 16, 2025A critical SQL injection vulnerability exists in PHPGurukul Park Ticketing Management System 2.0 through the /forgot-password.php endpoint. Attackers ...
May 16, 2025About Injection (CWE-74)
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Our database tracks 2,245 CVEs classified as CWE-74, with 132 rated critical and 1,310 rated high severity. The average CVSS score for Injection vulnerabilities is 7.0.
External reference: View CWE-74 on MITRE CWE →
Monitor Injection Vulnerabilities
Get alerted when new Injection CVEs affect your infrastructure.
Start Monitoring Free