CWE-74: Injection

This vulnerability in Woodpecker CI/CD allows any user to create malicious workflows that can lead to host takeover of the agent executing the workflo...

CVE-2024-29896 is an injection vulnerability in Astro-Shield's automated CSP header generation feature. When enabled with user-controllable content, i...

The Feed Me plugin 4.6.1 for Craft CMS contains a denial of service vulnerability where remote attackers can submit crafted strings to Feed-Me Name an...

This vulnerability in Langchain allows attackers to inject malicious prompts that force the service to retrieve data from arbitrary URLs, enabling ser...

This CVE describes a log injection vulnerability in Apache InLong that allows attackers to inject malicious content into log files. This affects Apach...

This critical vulnerability in Apache Sling JCR Base allows remote code execution through JNDI/RMI injection when running on older JDK versions. Attac...

CVE-2022-29631 is a CRLF injection vulnerability in Jodd HTTP library that allows attackers to perform Server-Side Request Forgery (SSRF) attacks. By ...

CVE-2022-27924 is an unauthenticated memcache command injection vulnerability in Zimbra Collaboration Suite. It allows attackers to overwrite arbitrar...

This vulnerability in Signal for iOS allows attackers to spoof URLs using Right-to-Left Override (RTLO) characters combined with non-breaking spaces a...

This vulnerability in Python's urllib.parse module allows injection attacks via crafted URLs containing carriage return (\r) or line feed (\n) charact...

CVE-2021-37262 is a regex injection vulnerability in JFinal_cms 5.1.0 that allows attackers to craft malicious regular expressions, causing excessive ...

This is an injection vulnerability in Huawei smartphones that allows attackers to inject malicious input into affected systems. Successful exploitatio...

This LDAP injection vulnerability in Huntflow Enterprise allows unauthenticated remote attackers to bypass authentication by manipulating the email pa...

This vulnerability in Exim's STARTTLS implementation allows attackers to inject malicious responses during SMTP communication by exploiting buffering ...

This LDAP injection vulnerability in rConfig allows attackers to manipulate LDAP queries by sending crafted POST requests to the login endpoint. Attac...

This vulnerability in Asterisk IAX2 channel driver allows remote attackers to crash the service by sending packets with unsupported media formats. It ...

CVE-2021-29702 is a denial-of-service vulnerability in IBM Db2 where a specially crafted SELECT statement causes the database server to crash and term...

CVE-2021-33668 is an LDAP injection vulnerability in SAP's SCIMono software that allows unauthenticated attackers to inject malicious LDAP queries. Th...

CVE-2021-31402 is a CRLF injection vulnerability in the Dio HTTP client package for Dart. Attackers who can control the HTTP method string can inject ...

The vscode-stripe extension for Visual Studio Code contains a vulnerability where loading untrusted repositories with malicious settings could allow a...

CVE-2020-35564 is an injection vulnerability in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software that allows attackers to execute malicious code...

CVE-2021-23335 is an LDAP injection vulnerability in the is-user-valid npm package that allows attackers to manipulate LDAP queries. This can lead to ...

CarrierWave versions before 1.3.2 and 2.1.1 contain a code injection vulnerability in the #manipulate! method that allows remote code execution. Attac...

This SQL injection vulnerability in itsourcecode University Management System 1.0 allows attackers to manipulate database queries through the ID param...

This SQL injection vulnerability in itsourcecode University Management System 1.0 allows attackers to manipulate database queries through the /admin_s...

This CVE-2026-3409 vulnerability allows remote attackers to execute arbitrary code through a code injection flaw in the Flow Import Endpoint of eospho...

This SQL injection vulnerability in Online Art Gallery Shop 1.0 allows attackers to manipulate database queries through the registration form's fname ...

This vulnerability allows remote attackers to execute arbitrary code on MaxSite CMS installations through a code injection flaw in the MarkItUp Previe...

This SQL injection vulnerability in itsourcecode News Portal Project 1.0 allows attackers to manipulate database queries through the pagetitle paramet...

CVE-2026-3151 is an SQL injection vulnerability in itsourcecode College Management System 1.0 that allows attackers to manipulate database queries thr...

This SQL injection vulnerability in itsourcecode Document Management System 1.0 allows attackers to execute arbitrary SQL commands via the Username pa...

This SQL injection vulnerability in itsourcecode News Portal Project 1.0 allows attackers to manipulate database queries through the Category paramete...

This SQL injection vulnerability in itsourcecode Document Management System 1.0 allows attackers to manipulate database queries through the login page...

CVE-2026-3069 is an SQL injection vulnerability in itsourcecode Document Management System 1.0 that allows remote attackers to execute arbitrary SQL c...

CVE-2026-3068 is a SQL injection vulnerability in itsourcecode Document Management System 1.0 that allows remote attackers to execute arbitrary SQL co...

This SQL injection vulnerability in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0 allows attackers to execute arbitrary SQL co...

This SQL injection vulnerability in itsourcecode Event Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID para...

This SQL injection vulnerability in code-projects Online Reviewer System 1.0 allows remote attackers to manipulate database queries through the test_i...

CVE-2026-2867 is an SQL injection vulnerability in itsourcecode Vehicle Management System 1.0 that allows remote attackers to execute arbitrary SQL co...

This SQL injection vulnerability in Agri-Trading Online Shopping System 1.0 allows attackers to execute arbitrary SQL commands via manipulated Product...

This CVE describes a SQL injection vulnerability in Fujian Smart Integrated Management Platform System that allows attackers to execute arbitrary SQL ...

This SQL injection vulnerability in Fujian Smart Integrated Management Platform System allows remote attackers to execute arbitrary SQL commands via t...

This SQL injection vulnerability in itsourcecode Event Management System 1.0 allows attackers to manipulate database queries through the /admin/manage...

This SQL injection vulnerability in itsourcecode Event Management System 1.0 allows attackers to manipulate database queries through the ID parameter ...

This SQL injection vulnerability in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0 allows remote attackers to execute arbitrary SQ...

This SQL injection vulnerability in Huace Monitoring and Early Warning System 2.2 allows remote attackers to execute arbitrary SQL commands via the ID...

This CVE describes a command injection vulnerability in Tosei Self-service Washing Machine software version 4.02. Attackers can remotely execute arbit...

CVE-2026-2225 is a SQL injection vulnerability in itsourcecode News Portal Project 1.0 that allows remote attackers to execute arbitrary SQL commands ...

This SQL injection vulnerability in code-projects Online Reviewer System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID para...

CVE-2026-2220 is a SQL injection vulnerability in code-projects Online Reviewer System 1.0 that allows remote attackers to execute arbitrary SQL comma...