CWE-74: Injection

This critical SQL injection vulnerability in code-projects Task Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the projectN...

This critical SQL injection vulnerability in Tailoring Management System 1.0 allows remote attackers to execute arbitrary SQL commands through the /in...

This CVE describes a critical SQL injection vulnerability in Project Worlds Free Download Online Shopping System. Attackers can remotely exploit the /...

This critical SQL injection vulnerability in AMTT Hotel Broadband Operation System allows attackers to manipulate database queries via the AccountID p...

This critical SQL injection vulnerability in 1000 Projects Bookstore Management System 1.0 allows remote attackers to execute arbitrary SQL commands v...

This critical SQL injection vulnerability in SourceCodester Online Veterinary Appointment System 1.0 allows remote attackers to execute arbitrary SQL ...

This critical SQL injection vulnerability in E-Health Care System 1.0 allows remote attackers to execute arbitrary SQL commands via manipulated parame...

This critical SQL injection vulnerability in University Event Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the ...

This critical SQL injection vulnerability in University Event Management System 1.0 allows attackers to manipulate database queries through the submit...

This vulnerability allows remote attackers to execute arbitrary commands on Tenda AC6 routers by injecting malicious commands into the 'mac' parameter...

This vulnerability allows remote attackers to execute SQL injection attacks on PHPGurukul Boat Booking System 1.0 by manipulating bookingdatefrom/nope...

This critical vulnerability in Intelbras InControl allows remote attackers to execute arbitrary code through code injection in the Relatório de Opera...

This vulnerability allows remote attackers to execute SQL injection attacks against the School Log Management System 1.0 by manipulating the ID parame...

This CVE describes a SQL injection vulnerability in LimeSurvey's survey general settings handler. Attackers can remotely exploit this flaw by manipula...

This vulnerability in EJBCA Enterprise 8.0 allows attackers to manipulate HTTP Host headers to redirect clients to malicious servers. By exploiting th...

In Roo Code versions before 3.20.3, the AI agent's search_files tool could read sensitive files outside the VS Code workspace when disabled reads were...

This CVE describes a command injection vulnerability in Ilevia EVE X1 Server's leaf_search.php file, allowing remote attackers to execute arbitrary co...

This critical vulnerability in Qualitor 8.20/8.24 allows remote attackers to execute arbitrary commands through command injection in the Office 365 co...

This CSV injection vulnerability in Axosoft Scrum and Bug Tracking allows attackers to inject malicious formulas into the Title field when adding work...

This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 routers by manipulating the delete_list parameter in the D...

This critical SQL injection vulnerability in WEB-Sekolah 1.0 allows remote attackers to execute arbitrary SQL commands via the Name parameter in /Pros...

This vulnerability in jsPDF allows attackers to inject arbitrary XML metadata into generated PDFs by controlling the first argument of the addMetadata...

This CVE describes a SQL injection vulnerability in bluelabsio records-mover up to version 1.5.4, specifically in the Table Object Handler component. ...

CVE-2025-5151 is a critical code injection vulnerability in defog-ai introspect's execute_analysis_code_safely function that allows attackers to execu...

This CVE describes an injection vulnerability in Hubble CLI where network attackers can inject malicious control characters into terminal output when ...

A critical code injection vulnerability exists in handrew browserpilot's GPTSeleniumAgent function where malicious instructions can execute arbitrary ...

This critical vulnerability in thautwarm's vscode-diana extension allows injection attacks through the Jinja2 template handler. Attackers with local a...

This critical vulnerability in InternLM LMDeploy allows code injection through manipulation of the Open function in the configuration file. Attackers ...

PowerCMS versions before 6.6.1, 5.2.8, and 4.5.9 contain an HTTP header injection vulnerability (CWE-74) that allows attackers to manipulate email con...

This vulnerability in Telstra Smart Modem Gen 2 allows remote attackers to inject malicious content via manipulated HTTP Content-Disposition headers. ...

This CVE describes a code injection vulnerability in the PPOM for WooCommerce WordPress plugin. Attackers can inject malicious code that gets executed...

This CVE describes a CRLF injection vulnerability in Ritlabs TinyWeb Server 1.94 that allows attackers to inject arbitrary HTTP headers or split respo...

Pega Platform versions 8.1 through Infinity 24.1.2 contain an HTML injection vulnerability in the Stage component that allows attackers to inject mali...

This CVE describes a command injection vulnerability in the EFM ipTIME A3004T router's administrator password handler. Attackers can execute arbitrary...

This critical vulnerability in Apereo CAS 5.2.6 allows remote attackers to execute arbitrary code through the Groovy Code Handler component. The vulne...

This CVE describes a command injection vulnerability in Comfast CF-AC100 routers version 2.6.0.8. Attackers can execute arbitrary commands remotely by...

This vulnerability allows remote attackers to execute SQL injection attacks via the Date parameter in the /daily-task-report.php file of SourceCodeste...

This SQL injection vulnerability in Simple Flight Ticket Booking System 1.0 allows attackers to execute arbitrary SQL commands through the /Adminupdat...

This CVE describes a command injection vulnerability in Wavlink NU516U1 routers affecting the firewall.cgi component. Attackers can remotely execute a...

This vulnerability allows remote attackers to execute arbitrary commands on Wavlink WL-NU516U1 routers by exploiting a command injection flaw in the f...

This SQL injection vulnerability in itsourcecode College Management System 1.0 allows attackers to manipulate database queries through the course_code...

This CVE describes a command injection vulnerability in D-Link DCS-931L IP cameras. Attackers can remotely execute arbitrary commands by manipulating ...

This CVE describes a SQL injection vulnerability in PHPGurukul Hospital Management System 4.0, specifically in the /admin/manage-users.php file's ID p...

This CVE describes a command injection vulnerability in D-Link DIR-600 routers affecting the ssdp.cgi component. Attackers can remotely execute arbitr...

CVE-2026-2162 is an SQL injection vulnerability in itsourcecode News Portal Project 1.0 that allows attackers to manipulate database queries through t...

This CVE describes a SQL injection vulnerability in PHPGurukul Hospital Management System 4.0, specifically in the /hms/admin/manage-doctors.php file ...

This vulnerability allows remote attackers to execute arbitrary commands on DCN DCME-320 devices through command injection in the Web Management Backe...

This SQL injection vulnerability in iomad's Company Admin Block allows remote attackers to execute arbitrary SQL commands on affected systems. Organiz...

This CVE describes a command injection vulnerability in Tenda HG10 routers affecting the /boaform/formSysCmd endpoint. Attackers can execute arbitrary...

This vulnerability allows remote attackers to execute arbitrary SQL commands through the AdminAddCategory.php file in code-projects Online Music Site ...