CWE-74: Injection

The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.

2,264

Total CVEs

133

Critical

1,328

High

7.0

Avg CVSS

In CISA KEV

Yearly Trend

2026

245

2025

1,633

2024

163

2023

2022

Top Affected Vendors

1 Phpgurukul 259

2 Fabian 191

3 Campcodes 170

4 Code Projects 125

5 Angeljudesuarez 88

6 Projectworlds 64

7 Carmelo 58

8 Anisha 53

9 Oretnom23 46

10 1000projects 45

All Injection CVEs (2,264)

CVE-2025-66025

4.3

This vulnerability allows attackers to inject malicious links into Caido's Markdown renderer on the Findings page. When users click these links, they ...

Nov 26, 2025

CVE-2025-12921

4.3

This XML injection vulnerability in OpenClinica Community Edition allows attackers to manipulate XML data during CRF data import. It affects OpenClini...

Nov 10, 2025

CVE-2025-8276

4.3

This CVE describes an XSS vulnerability in Patika Global Technologies HumanSuite that allows attackers to inject malicious scripts into web pages. The...

Sep 16, 2025

CVE-2025-8808

4.3

This CSV injection vulnerability in xujeff tianti 天梯 allows attackers to inject malicious formulas into exported CSV files. When users open these ...

Aug 10, 2025

CVE-2025-9769

4.1

This CVE describes a command injection vulnerability in D-Link DI-7400G+ routers that allows attackers to execute arbitrary commands on the device. Th...

Sep 1, 2025

CVE-2025-1465

4.1

This vulnerability in lmxcms 1.41 allows remote attackers to inject malicious code through the db.inc.php file in the Maintenance component. The code ...

Feb 19, 2025

CVE-2025-0214

4.1

This SQL injection vulnerability in TMD Custom Header Menu 4.0.0.1 for OpenCart allows attackers to manipulate database queries via the headermenu_id ...

Jan 4, 2025

CVE-2024-10491

4.0

This vulnerability in Express.js's response.links function allows attackers to inject malicious resources into Link headers when unsanitized user inpu...

Oct 29, 2024

CVE-2025-14186

3.5

A cross-site scripting (XSS) vulnerability in Grandstream GXP1625 VoIP phones allows attackers to inject malicious scripts via the vpn_ip parameter in...

Dec 7, 2025

CVE-2025-13180

3.5

This CVE describes a basic cross-site scripting (XSS) vulnerability in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System. ...

Nov 14, 2025

CVE-2025-13178

3.5

This vulnerability allows attackers to inject malicious scripts into the first_name and last_name fields of the user profile editor in Bdtask/CodeCany...

Nov 14, 2025

CVE-2025-41083

N/A

CVE-2025-41083 is a host header injection vulnerability in Altitude Authentication Service and Altitude Communication Server that allows attackers to ...

Jan 26, 2026

CVE-2025-15056

N/A

A cross-site scripting (XSS) vulnerability exists in Quill's HTML export feature due to insufficient input validation. This allows attackers to inject...

Jan 13, 2026

CVE-2025-64099

N/A

This vulnerability in OpenAM allows attackers to inject arbitrary claims into identity tokens when the 'claims_parameter_supported' feature is enabled...

Nov 12, 2025

← Previous Page 46 of 46

About Injection (CWE-74)

Our database tracks 2,264 CVEs classified as CWE-74, with 133 rated critical and 1,328 rated high severity. The average CVSS score for Injection vulnerabilities is 7.0.

External reference: View CWE-74 on MITRE CWE →

Monitor Injection Vulnerabilities

Get alerted when new Injection CVEs affect your infrastructure.

Start Monitoring Free