CWE-74: Injection
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Yearly Trend
Top Affected Vendors
All Injection CVEs (2,254)
A critical command injection vulnerability in Linksys FGW3000 routers allows remote attackers to execute arbitrary commands via manipulated filename p...
May 20, 2025CVE-2025-4866 is a critical code injection vulnerability in weibocom rill-flow's Management Console component. Attackers can remotely execute arbitrar...
May 18, 2025This critical vulnerability in Advaya Softech GEMS ERP Portal 2.1 allows remote attackers to execute SQL injection attacks via the userId parameter in...
May 18, 2025This critical vulnerability in TOTOLINK N300RH routers allows remote attackers to execute arbitrary commands by manipulating the FileName parameter in...
May 18, 2025This critical vulnerability in TOTOLINK N300RH routers allows remote attackers to execute arbitrary commands through command injection in the CloudACM...
May 18, 2025This critical SQL injection vulnerability in PHPGurukul Park Ticketing Management System 2.0 allows remote attackers to execute arbitrary SQL commands...
May 16, 2025This critical SQL injection vulnerability in SourceCodester/oretnom23 Stock Management System 1.0 allows attackers to manipulate database queries thro...
May 16, 2025This critical SQL injection vulnerability in SourceCodester/oretnom23 Stock Management System 1.0 allows attackers to manipulate database queries via ...
May 16, 2025A critical SQL injection vulnerability exists in PHPGurukul Park Ticketing Management System 2.0 through the /forgot-password.php endpoint. Attackers ...
May 16, 2025A critical SQL injection vulnerability exists in code-projects Employee Record System 1.0, specifically in the /dashboard/getData.php file's keywords ...
May 16, 2025This critical vulnerability in TOTOLINK A3002R and A3002RU routers allows remote attackers to execute arbitrary commands via command injection in the ...
May 16, 2025This critical SQL injection vulnerability in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 allows remote attackers to execute arbitrary SQL co...
May 15, 2025This critical SQL injection vulnerability in LmxCMS 1.41 allows remote attackers to execute arbitrary SQL commands via the 'sortid' parameter in POST ...
May 11, 2025This is a critical SQL injection vulnerability in mayicms up to version 5.8E that allows remote attackers to execute arbitrary SQL commands via the Va...
May 10, 2025A critical SQL injection vulnerability exists in Changjietong UFIDA CRM 1.0 through the /optnty/optntyday.php file's gblOrgID parameter. This allows r...
May 10, 2025CVE-2025-4459 is a critical SQL injection vulnerability in Patient Record Management System 1.0 that allows remote attackers to execute arbitrary SQL ...
May 9, 2025This CVE describes a critical command injection vulnerability in D-Link DIR-619L routers. Attackers can remotely execute arbitrary commands on affecte...
May 9, 2025This critical vulnerability in D-Link DIR-605L routers allows remote attackers to execute arbitrary commands via command injection in the wake_on_lan ...
May 9, 2025A critical SQL injection vulnerability exists in Brilliance Golden Link Secondary System through the /paraframework/queryTsDictionaryType.htm endpoint...
May 6, 2025This critical vulnerability in D-Link DIR-880L routers allows remote attackers to execute arbitrary commands by manipulating HTTP headers. The command...
May 6, 2025This critical SQL injection vulnerability in SourceCodester Simple To-Do List System 1.0 allows attackers to manipulate database queries via the /dele...
May 4, 2025This critical SQL injection vulnerability in code-projects Online Bus Reservation System 1.0 allows remote attackers to execute arbitrary SQL commands...
May 3, 2025This critical SQL injection vulnerability in PHPGurukul Boat Booking System 1.0 allows remote attackers to manipulate database queries through the /ad...
May 1, 2025This CVE describes a critical command injection vulnerability in Netgear WG302v2 wireless access points. Attackers can remotely execute arbitrary comm...
Apr 30, 2025This critical SQL injection vulnerability in PHPGurukul Pre-School Enrollment System 1.0 allows remote attackers to manipulate database queries via th...
Apr 30, 2025This critical vulnerability in LB-LINK BL-AC3600 routers allows remote attackers to execute arbitrary commands via command injection in the password h...
Apr 29, 2025CVE-2025-4021 is a critical SQL injection vulnerability in code-projects Patient Record Management System 1.0 that allows remote attackers to execute ...
Apr 28, 2025CVE-2025-3968 is a critical SQL injection vulnerability in codeprojects News Publishing Site Dashboard 1.0 that allows remote attackers to execute arb...
Apr 27, 2025This critical SQL injection vulnerability in novel-cloud 1.4.0 allows remote attackers to execute arbitrary SQL commands through the RestResp function...
Apr 27, 2025CVE-2025-3955 is a critical SQL injection vulnerability in codeprojects Patient Record Management System 1.0 that allows remote attackers to execute a...
Apr 27, 2025This is a critical SQL injection vulnerability in xxyopen Novel-Plus 5.1.0 that allows remote attackers to execute arbitrary SQL commands via the 'sor...
Apr 22, 2025This critical SQL injection vulnerability in SourceCodester Web-based Pharmacy Product Management System 1.0 allows remote attackers to execute arbitr...
Apr 16, 2025A critical SQL injection vulnerability exists in code-projects Patient Record Management System 1.0. Attackers can remotely exploit this vulnerability...
Apr 16, 2025This critical SQL injection vulnerability in xxyopen Novel-Plus allows attackers to manipulate database queries through the /api/front/search/books en...
Apr 16, 2025This critical SQL injection vulnerability in Fannuo Enterprise Content Management System allows remote attackers to execute arbitrary SQL commands via...
Apr 14, 2025This critical SQL injection vulnerability in ghostxbh uzy-ssm-mall 1.0.0 allows remote attackers to execute arbitrary SQL commands by manipulating the...
Apr 14, 2025This critical SQL injection vulnerability in phpshe 1.8 allows remote attackers to execute arbitrary SQL commands via the brand_id[] parameter in the ...
Apr 14, 2025This critical SQL injection vulnerability in joey-zhou's xiaozhi-esp32-server-java allows remote attackers to execute arbitrary SQL commands via the '...
Apr 7, 2025A critical SQL injection vulnerability in code-projects Patient Record Management System 1.0 allows remote attackers to execute arbitrary SQL commands...
Apr 7, 2025A critical SQL injection vulnerability in code-projects Patient Record Management System 1.0 allows remote attackers to execute arbitrary SQL commands...
Apr 7, 2025This critical SQL injection vulnerability in Kenj_Frog's company-financial-management system version 1.0 allows remote attackers to execute arbitrary ...
Apr 6, 2025This critical SQL injection vulnerability in Patient Record Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the it...
Apr 5, 2025This critical vulnerability in TOTOLINK A6000R routers allows remote attackers to execute arbitrary commands via command injection in the apcli_cancel...
Apr 4, 2025This critical SQL injection vulnerability in itsourcecode Library Management System 1.0 allows attackers to execute arbitrary SQL commands through the...
Apr 4, 2025This critical SQL injection vulnerability in Patient Record Management System 1.0 allows remote attackers to manipulate database queries through the /...
Apr 4, 2025This critical SQL injection vulnerability in PHPGurukul Old Age Home Management System 1.0 allows remote attackers to execute arbitrary SQL commands v...
Apr 4, 2025A critical SQL injection vulnerability in code-projects Patient Record Management System 1.0 allows remote attackers to execute arbitrary SQL commands...
Apr 4, 2025This critical SQL injection vulnerability in Patient Record Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the it...
Apr 4, 2025This critical SQL injection vulnerability in Patient Record Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the bi...
Apr 4, 2025A critical SQL injection vulnerability in CodeAstro Student Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the stude...
Apr 4, 2025About Injection (CWE-74)
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Our database tracks 2,254 CVEs classified as CWE-74, with 132 rated critical and 1,319 rated high severity. The average CVSS score for Injection vulnerabilities is 7.0.
External reference: View CWE-74 on MITRE CWE →
Monitor Injection Vulnerabilities
Get alerted when new Injection CVEs affect your infrastructure.
Start Monitoring Free