Weaknesses of type CWE-74
4,162 resultsCVE-2021-29085HIGHImproper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management EPSS 1.3%CVE-2024-28114HIGHRemote Code Execution using Server Side Template Injection in Peering ManagerEPSS 1.3%CVE-2023-28637HIGHDataEase AWS redshift data source exists for remote code execution vulnerabilityEPSS 1.3%CVE-2022-36323CRITICALAffected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges EPSS 1.3%CVE-2026-7469MEDIUMTenda 4G300 DelFil sub_425A28 command injectionEPSS 1.3%CVE-2023-51388CRITICALHertzBeat AviatorScript Inject RCEEPSS 1.3%CVE-2025-58046HIGHDataease has a JDBC attack vulnerability in the Impala datasourceEPSS 1.3%CVE-2026-4192MEDIUMAvinashBole quip-mcp-server index.ts setupToolHandlers command injectionEPSS 1.3%CVE-2025-3544HIGHH3C Magic BE18000 HTTP POST Request getCapabilityWeb FCGI_CheckStringIfContainsSemicolon command injectionEPSS 1.3%CVE-2025-3543HIGHH3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request setsyncpppoecfg FCGI_WizardProtoProcess command injectionEPSS 1.3%CVE-2025-3545HIGHH3C Magic BE18000 HTTP POST Request setLanguage FCGI_CheckStringIfContainsSemicolon command injectionEPSS 1.3%CVE-2025-3540HIGHH3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getCapability FCGI_WizardProtoProcess command injectionEPSS 1.3%CVE-2025-3542HIGHH3C Magic NX15/Magic NX400/Magic R3010 HTTP POST Request getsyncpppoecfg FCGI_WizardProtoProcess command injectionEPSS 1.3%CVE-2025-3539HIGHH3C Magic BE18000 HTTP POST Request getBasicInfo FCGI_CheckStringIfContainsSemicolon command injectionEPSS 1.3%CVE-2025-5146MEDIUMNetcore NBR200V2 HTTP Header routerd passwd_set command injectionEPSS 1.3%CVE-2025-5147MEDIUMNetcore NBR1005GPEV2/NBR200V2/B6V2 network_tools tools_ping command injectionEPSS 1.3%CVE-2025-5145MEDIUMNetcore POWER13 Query String cgi-bin command injectionEPSS 1.3%CVE-2025-47867HIGHA Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbiEPSS 1.3%CVE-2022-4064MEDIUMDalli Meta Protocol request_formatter.rb self.meta_set injectionEPSS 1.3%CVE-2024-42472CRITICALFlatpak may allow access to files outside sandbox for certain appsEPSS 1.3%