CWE-74: Injection
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Yearly Trend
Top Affected Vendors
All Injection CVEs (2,168)
CVE-2026-1534 is a SQL injection vulnerability in code-projects Online Music Site 1.0 that allows remote attackers to execute arbitrary SQL commands v...
Jan 28, 2026CVE-2026-1535 is a SQL injection vulnerability in code-projects Online Music Site 1.0 that allows remote attackers to execute arbitrary SQL commands v...
Jan 28, 2026CVE-2026-1443 is a SQL injection vulnerability in code-projects Online Music Site 1.0 that allows remote attackers to execute arbitrary SQL commands v...
Jan 26, 2026This SQL injection vulnerability in code-projects Online Examination System 1.0 allows attackers to manipulate database queries through the login page...
Jan 26, 2026This CVE describes a command injection vulnerability in Sangfor Operation and Maintenance Security Management System. Attackers can execute arbitrary ...
Jan 26, 2026This CVE describes a command injection vulnerability in Tosei Online Store Management System 1.01. Attackers can remotely execute arbitrary commands b...
Jan 19, 2026This vulnerability allows remote attackers to execute SQL injection attacks against Yonyou KSOA 9.0 systems by manipulating the 'folderid' parameter i...
Jan 19, 2026This SQL injection vulnerability in Yonyou KSOA 9.0 allows remote attackers to execute arbitrary SQL commands via the folderid parameter in the /kmf/s...
Jan 19, 2026This is a SQL injection vulnerability in Yonyou KSOA 9.0 that allows remote attackers to execute arbitrary SQL commands via the 'folderid' parameter i...
Jan 19, 2026CVE-2026-1176 is a SQL injection vulnerability in itsourcecode School Management System 1.0 that allows remote attackers to execute arbitrary SQL comm...
Jan 19, 2026CVE-2026-1160 is a SQL injection vulnerability in PHPGurukul Directory Management System 1.0 that allows remote attackers to execute arbitrary SQL com...
Jan 19, 2026CVE-2026-1159 is a SQL injection vulnerability in itsourcecode Online Frozen Foods Ordering System 1.0 that allows remote attackers to execute arbitra...
Jan 19, 2026This CVE describes a SQL injection vulnerability in Yonyou KSOA 9.0 that allows remote attackers to execute arbitrary SQL commands via the 'folderid' ...
Jan 19, 2026This CVE describes a SQL injection vulnerability in Yonyou KSOA 9.0 that allows remote attackers to execute arbitrary SQL commands via the folderid pa...
Jan 19, 2026This CVE describes a remote command injection vulnerability in D-Link DIR-823X routers. Attackers can execute arbitrary commands by manipulating the w...
Jan 18, 2026This CVE describes a SQL injection vulnerability in Yonyou KSOA 9.0's /worksheet/work_mod.jsp file via the ID parameter in HTTP GET requests. Attacker...
Jan 18, 2026This CVE describes a SQL injection vulnerability in Yonyou KSOA 9.0 that allows remote attackers to execute arbitrary SQL commands via the ID paramete...
Jan 18, 2026This CVE describes a SQL injection vulnerability in Yonyou KSOA 9.0 that allows remote attackers to execute arbitrary SQL commands via the ID paramete...
Jan 18, 2026This CVE describes a SQL injection vulnerability in Yonyou KSOA 9.0 that allows remote attackers to execute arbitrary SQL commands via the ID paramete...
Jan 18, 2026This CVE describes a SQL injection vulnerability in itsourcecode Society Management System 1.0. Attackers can remotely exploit the /admin/delete_activ...
Jan 18, 2026This SQL injection vulnerability in EasyCMS allows attackers to manipulate database queries through the _order parameter in /UserAction.class.php. Att...
Jan 18, 2026This CVE describes a SQL injection vulnerability in FeMiner wms through commit 9cad1f1b179a98b9547fd003c23b07c7594775fa. Attackers can exploit the /sr...
Jan 17, 2026This CVE describes a SQL injection vulnerability in risesoft-y9 Digital-Infrastructure's REST authentication endpoint. Attackers can remotely execute ...
Jan 17, 2026This vulnerability allows remote attackers to execute SQL injection attacks against code-projects Online Music Site 1.0 by manipulating the ID paramet...
Jan 12, 2026This SQL injection vulnerability in code-projects Online Music Site 1.0 allows attackers to manipulate database queries through the txtusername parame...
Jan 12, 2026This SQL injection vulnerability in Intern Membership Management System 1.0 allows attackers to execute arbitrary SQL commands through the Username pa...
Jan 8, 2026CVE-2026-0607 is a SQL injection vulnerability in code-projects Online Music Site 1.0 that allows remote attackers to execute arbitrary SQL commands v...
Jan 6, 2026CVE-2026-0606 is a SQL injection vulnerability in code-projects Online Music Site 1.0 that allows remote attackers to execute arbitrary SQL commands v...
Jan 5, 2026CVE-2026-0605 is an SQL injection vulnerability in code-projects Online Music Site 1.0 that allows attackers to manipulate database queries through th...
Jan 5, 2026This SQL injection vulnerability in code-projects Online Product Reservation System 1.0 allows attackers to manipulate database queries through the em...
Jan 5, 2026This SQL injection vulnerability in code-projects Online Product Reservation System 1.0 allows attackers to manipulate database queries through the ad...
Jan 4, 2026This SQL injection vulnerability in Online Product Reservation System 1.0 allows attackers to manipulate database queries through the /handgunner-admi...
Jan 4, 2026This SQL injection vulnerability in code-projects Online Product Reservation System 1.0 allows remote attackers to execute arbitrary SQL commands thro...
Jan 4, 2026This SQL injection vulnerability in code-projects Online Product Reservation System 1.0 allows attackers to manipulate database queries through the ad...
Jan 4, 2026This SQL injection vulnerability in Online Music Site 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter in /Frontend/...
Jan 2, 2026CVE-2026-0570 is a SQL injection vulnerability in code-projects Online Music Site 1.0 that allows remote attackers to execute arbitrary SQL commands v...
Jan 2, 2026This SQL injection vulnerability in code-projects Content Management System 1.0 allows attackers to manipulate database queries through the /pages.php...
Jan 2, 2026This SQL injection vulnerability in code-projects Online Music Site 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter...
Jan 2, 2026This vulnerability allows remote attackers to execute SQL injection attacks against Yonyou KSOA 9.0 through the /kp/PrintZPYG.jsp file by manipulating...
Jan 2, 2026This CVE describes a SQL injection vulnerability in Yonyou KSOA 9.0 through the /worksheet/agent_worksdel.jsp endpoint. Attackers can manipulate the I...
Jan 2, 2026This CVE describes a SQL injection vulnerability in Yonyou KSOA 9.0's /worksheet/agent_work_report.jsp endpoint via the ID parameter. Attackers can re...
Jan 2, 2026This vulnerability allows remote attackers to execute arbitrary SQL commands via the ID parameter in the /worksheet/agent_worksadd.jsp endpoint of Yon...
Jan 2, 2026This SQL injection vulnerability in Online Guitar Store 1.0 allows attackers to execute arbitrary SQL commands via the dre_title parameter in the admi...
Jan 1, 2026CVE-2025-15354 is a SQL injection vulnerability in itsourcecode Society Management System 1.0 that allows remote attackers to execute arbitrary SQL co...
Dec 30, 2025This SQL injection vulnerability in itsourcecode Society Management System 1.0 allows attackers to manipulate database queries through the Username pa...
Dec 30, 2025BiggiDroid Simple PHP CMS 1.0 contains a SQL injection vulnerability in the admin login page that allows remote attackers to execute arbitrary SQL com...
Dec 30, 2025This CVE describes a command injection vulnerability in the Edimax BR-6208AC router's web configuration interface. Attackers can execute arbitrary com...
Dec 30, 2025This CVE describes a command injection vulnerability in Edimax BR-6208AC routers that allows remote attackers to execute arbitrary commands on affecte...
Dec 30, 2025CVE-2025-15243 is an SQL injection vulnerability in Simple Stock System 1.0's login.php file that allows remote attackers to execute arbitrary SQL com...
Dec 30, 2025CVE-2025-15208 is a SQL injection vulnerability in the Refugee Food Management System 1.0 that allows attackers to manipulate database queries through...
Dec 29, 2025About Injection (CWE-74)
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Our database tracks 2,168 CVEs classified as CWE-74, with 104 rated critical and 1,275 rated high severity. The average CVSS score for Injection vulnerabilities is 7.0.
External reference: View CWE-74 on MITRE CWE →
Monitor Injection Vulnerabilities
Get alerted when new Injection CVEs affect your infrastructure.
Start Monitoring Free