CWE-707
244 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-707page 5 of 5
- CVE-2024-10768LOWCVSS 3.5EG 3.52024-11-04
A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/two_tables.php. The manipulatio…
- CVE-2024-10791HIGHCVSS 7.3EG 7.32024-11-04
A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /doctorAction.php. The manipulation of the argument Name leads to sql inj…
- CVE-2024-10805MEDIUMCVSS 6.3EG 6.32024-11-04
A vulnerability was found in code-projects University Event Management System 1.0. It has been classified as critical. This affects an unknown part of the file doedit.php. The manipulation of the argument id leads to sql injection. It is p…
- CVE-2024-10806LOWCVSS 2.4EG 2.42024-11-05
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability affects unknown code of the file betweendates-detailsreports.php. The manipulation of the argument fromdate/tod…
- CVE-2024-10807LOWCVSS 2.4EG 2.42024-11-05
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been rated as problematic. This issue affects some unknown processing of the file hms/doctor/search.php. The manipulation of the argument searchdata leads to cr…
- CVE-2024-10808MEDIUMCVSS 6.3EG 6.32024-11-05
A vulnerability has been found in code-projects E-Health Care System 1.0 and classified as critical. This vulnerability affects unknown code of the file Admin/req_detail.php. The manipulation of the argument id leads to sql injection. The …
- CVE-2024-10809MEDIUMCVSS 6.3EG 6.32024-11-05
A vulnerability was found in code-projects E-Health Care System 1.0 and classified as critical. This issue affects some unknown processing of the file /Doctor/chat.php. The manipulation of the argument name/message leads to sql injection. …
- CVE-2024-10810MEDIUMCVSS 6.3EG 6.32024-11-05
A vulnerability was found in code-projects E-Health Care System 1.0. It has been classified as critical. Affected is an unknown function of the file Doctor/app_request.php. The manipulation of the argument app_id leads to sql injection. It…
- CVE-2024-10840LOWCVSS 2.4EG 2.42024-11-05
A vulnerability classified as problematic has been found in romadebrian WEB-Sekolah 1.0. Affected is an unknown function of the file /Admin/akun_edit.php of the component Backend. The manipulation of the argument kode leads to cross site s…
- CVE-2024-10841MEDIUMCVSS 5.5EG 5.52024-11-05
A vulnerability classified as critical was found in romadebrian WEB-Sekolah 1.0. Affected by this vulnerability is an unknown functionality of the file /Proses_Kirim.php of the component Mail Handler. The manipulation of the argument Name …
- CVE-2024-10842LOWCVSS 2.4EG 2.42024-11-05
A vulnerability, which was classified as problematic, has been found in romadebrian WEB-Sekolah 1.0. Affected by this issue is some unknown functionality of the file /Admin/Proses_Edit_Akun.php of the component Backend. The manipulation of…
- CVE-2024-10844HIGHCVSS 7.3EG 7.32024-11-05
A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0. This affects an unknown part of the file search.php. The manipulation of the argument s leads to sql injection. It is possible t…
- CVE-2024-10845HIGHCVSS 7.3EG 7.32024-11-05
A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file book_detail.php. The manipulation of the argument id leads to sql injection. Th…
- CVE-2024-10914HIGHCVSS 8.1EG 9.02024-11-06
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_ad…
- CVE-2024-10915HIGHCVSS 8.1EG 9.02024-11-06
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The mani…
- CVE-2024-21864HIGHCVSS 7.8EG 7.82024-05-16
Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent network access.
- CVE-2024-43572HIGHCVSS 7.8EG 9.0⚠ KEV2024-10-08
Microsoft Management Console Remote Code Execution Vulnerability
- CVE-2024-9324MEDIUMCVSS 6.3EG 6.32024-09-29
A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation …
- CVE-2025-0697MEDIUMCVSS 5.3EG 5.32025-01-24
A vulnerability, which was classified as problematic, was found in Telstra Smart Modem Gen 2 up to 20250115. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument Content-Disposition leads to i…
- CVE-2025-11445MEDIUMCVSS 6.3EG 6.32025-10-08
A vulnerability was detected in Kilo Code up to 4.86.0. Affected is the function ClineProvider of the file src/core/webview/ClineProvider.ts of the component Prompt Handler. Performing manipulation results in injection. The attack can be i…
- CVE-2025-13268MEDIUMCVSS 6.3EG 6.32025-11-17
A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Exec…
- CVE-2025-14674MEDIUMCVSS 6.3EG 6.32025-12-14
A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/st…
- CVE-2025-1611MEDIUMCVSS 4.7EG 4.72025-02-24
A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. It i…
- CVE-2025-24921MEDIUMCVSS 6.6EG 6.62025-08-12
Improper neutralization for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
- CVE-2025-26633HIGHCVSS 7.0EG 9.0⚠ KEV2025-03-11
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
- CVE-2025-27712MEDIUMCVSS 5.7EG 5.72025-11-11
Improper neutralization for some Intel(R) Neural Compressor software before version v3.4 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low …
- CVE-2025-3804MEDIUMCVSS 5.3EG 5.32025-04-19
A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a…
- CVE-2025-3805MEDIUMCVSS 5.3EG 5.32025-04-19
A vulnerability classified as critical was found in sarrionandia tournatrack up to 4c13a23f43da5317eea4614870a7a8510fc540ec. Affected by this vulnerability is an unknown functionality of the file check_id.py of the component Jinja2 Templat…
- CVE-2025-66545LOWCVSS 3.5EG 3.52025-12-05
Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, a user with read-only permission can restore a file from the trash bin…
- CVE-2025-9797LOWCVSS 2.4EG 2.42025-09-01
A vulnerability was determined in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. This impacts an unknown function of the file /admin/product/edit/ of the component Edit Product Page. This manipulation causes injection…
- CVE-2026-10210MEDIUMCVSS 6.3EG 6.32026-06-01
A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function _sanitize_prompt_description of the file astrbot/core/skills/skill_manager.py. The manipulation results in injection. The attack may be…
- CVE-2026-10220HIGHCVSS 7.3EG 7.32026-06-01
A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function _serve_plugin_skill/skill_view of the file tools/skills_tool.py. Executing a manipulation can lead to injection. The attack may be perfor…
- CVE-2026-10221HIGHCVSS 7.3EG 7.32026-06-01
A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function _compress_context of the file run_agent.py. The manipulation leads to injection. It is possible to initiate the attack…
- CVE-2026-10222MEDIUMCVSS 5.6EG 5.62026-06-01
A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function _sanitize_env_lines of the file hermes_cli/config.py. The manipulation results in injection. It is possible to launch …
- CVE-2026-10223MEDIUMCVSS 6.3EG 6.32026-06-01
A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The attack can be initiated remotely. The exp…
- CVE-2026-10661MEDIUMCVSS 4.3EG 4.32026-06-02
A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blender_mcp/server.py. The manipulation of the argument input_image_url leads to injection…
- CVE-2026-5561MEDIUMCVSS 6.3EG 6.32026-04-05
A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. E…
- CVE-2026-6599MEDIUMCVSS 6.3EG 6.32026-04-20
A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get_client_ip/install_mcp_config of the file src/backend/base/langflow/api/v1/mcp_projects.py of the component Model Context Protocol Co…
- CVE-2026-6994MEDIUMCVSS 6.3EG 6.32026-04-25
A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/header_mutation/header_mutation.cc of the component Query Parameter Handler. This manipulation causes inje…
- CVE-2026-7045MEDIUMCVSS 6.3EG 6.32026-04-26
A vulnerability was determined in baomidou dynamic-datasource 2.5.0. Affected by this vulnerability is the function DsSpelExpressionProcessor#doDetermineDatasource of the file dynamic-datasource-spring/src/main/java/com/baomidou/dynamic/da…
- CVE-2026-9353HIGHCVSS 7.3EG 7.32026-05-24
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.23. Impacted is an unknown function of the file agent/skills_guard.py of the component Skills Guard Multi-Word Prompt Handler. The manipulation of the arg…
- CVE-2026-9366HIGHCVSS 7.3EG 7.32026-05-24
A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted element is the function _scan_context_content of the file agent/prompt_builder.py. The manipulation results in injection. The attack may be performed from remot…
- CVE-2026-9420MEDIUMCVSS 6.3EG 6.32026-05-25
A vulnerability was found in KLiK SocialMediaWebsite 1.0. This affects an unknown part of the component HTTP GET Request Parameter Handler. The manipulation results in injection. It is possible to launch the attack remotely. The exploit ha…
- CVE-2026-9422HIGHCVSS 7.3EG 7.32026-05-25
A vulnerability was identified in KLiK SocialMediaWebsite 1.0. This issue affects some unknown processing of the component HTTP POST Request Parameter Handler. Such manipulation leads to injection. The attack can be launched remotely. The …
Map vulnerabilities like CWE-707 to your infrastructure
EchelonGraph correlates every CVE — across CWE-707 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →