CWE-20: Improper Input Validation

CVE-2026-0848 allows arbitrary code execution in NLTK versions <=3.9.2 due to improper input validation in the StanfordSegmenter module. Attackers can...

This vulnerability in n8n workflow automation platform allows unauthenticated remote attackers to execute certain form-based workflows that can access...

An unauthenticated remote attacker can execute arbitrary system commands with root privileges on Cisco Secure Email Gateway and Cisco Secure Email and...

This critical vulnerability in Intel Neural Compressor software allows unauthenticated remote attackers to execute arbitrary code with elevated privil...

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProtect feature that allows unauthenticated attackers t...

This critical vulnerability in D-Link D-View 8 allows attackers to manipulate the probe inventory, potentially leading to information disclosure from ...

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized directories through unverified object instantiation...

This CVE describes a critical CSRF vulnerability in the Fiber web framework for Go that allows attackers to forge malicious requests on behalf of user...

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex UPS CS141 devices, enabling arbitrary code execut...

CVE-2021-44228 (Log4Shell) is a critical remote code execution vulnerability in Apache Log4j2 that allows attackers to execute arbitrary code by explo...

CVE-2021-21321 is a path traversal vulnerability in fastify-reply-from npm package that allows attackers to bypass URL prefix restrictions when proxyi...

This CVE describes a critical server-side JavaScript injection vulnerability in Budibase Cloud (SaaS) that allows any authenticated user to execute ar...

A command injection vulnerability in Wrangler's `pages deploy` command allows attackers who control the `--commit-hash` parameter to execute arbitrary...

CVE-2026-23836 is a critical remote code execution vulnerability in HotCRP conference review software. It allows authenticated users to execute arbitr...

An improper input validation vulnerability in Avaya Call Management System allows remote attackers to execute arbitrary commands via specially crafted...

A privilege escalation vulnerability in Gardener allows project administrators to gain control over seed clusters managing their shoot clusters. This ...

A privilege escalation vulnerability in Gardener External DNS Management allows users with administrative privileges at the project or shoot cluster l...

This CVE describes multiple Poisoned Pipeline Execution vulnerabilities in the arduino-esp32 GitHub Actions CI/CD workflow. Attackers could inject mal...

Discord-Recon, a Discord bot for bug bounty automation, is vulnerable to remote code execution (RCE) allowing attackers to execute shell commands on t...

This vulnerability allows attackers to execute arbitrary code with SYSTEM permissions on Windows systems running 1E End-User Interaction product pack....

This vulnerability allows attackers to execute arbitrary code with SYSTEM privileges on Windows systems running the vulnerable 1E-Exchange-URLResponse...

This CVE describes a command injection vulnerability in Honeywell PM43 printers' web interface modules. Attackers can execute arbitrary commands on af...

CVE-2023-25915 is a critical remote code execution vulnerability affecting Fortra's GoAnywhere MFT software. Authenticated attackers can exploit impro...

CVE-2023-27586 is a server-side request forgery (SSRF) vulnerability in CairoSVG that allows attackers to make unauthorized network requests from vuln...

Databasir 1.01 has a remote code execution vulnerability where JDBC drivers uploaded by users are not validated before use. This allows any authentica...

CVE-2021-43779 is an authenticated remote code execution vulnerability in the GLPI addressing plugin that allows attackers with valid credentials to e...

This vulnerability in Cisco Jabber for Windows allows authenticated remote attackers to execute arbitrary code by sending specially crafted XMPP messa...

CVE-2026-27590 is a path confusion vulnerability in Caddy server's FastCGI handling that occurs when processing Unicode characters in request paths. A...

An unauthenticated remote attacker can write arbitrary data to any file on Asustor ADM systems when a specific function is enabled during AD Domain jo...

This CVE describes a vulnerability in the ROOT data analysis framework's built-in zlib modules, specifically in the inffast.C program files. The vulne...

CVE-2026-21675 is a use-after-free vulnerability in iccDEV's CIccXform::Create() function that can lead to arbitrary code execution. This affects appl...

CVE-2025-8769 is a critical remote code execution vulnerability in Telenium Online Web Application. Attackers can inject arbitrary Perl code through c...

This vulnerability allows unauthenticated attackers to create new user accounts with administrator privileges in WordPress sites using the Fox LMS plu...

This vulnerability allows authenticated attackers to execute arbitrary commands with root privileges on DB Electronica Telecomunicazioni Mozart FM Tra...

This vulnerability allows remote attackers to execute arbitrary commands with root privileges on QVidium Opera11 devices by sending a malicious GET re...

This vulnerability allows unauthenticated attackers to upload malicious files to arbitrary locations on TRUfusion Enterprise servers via path traversa...

CVE-2025-12285 is a missing initial password change vulnerability affecting BLU-IC2 and BLU-IC4 devices. This allows attackers to access systems using...

This vulnerability allows attackers to manipulate mail configuration files and execute arbitrary commands on affected BLU-IC2 and BLU-IC4 devices. Att...

Ericsson Indoor Connect 8855 has an improper input validation vulnerability that allows attackers to execute arbitrary commands with escalated privile...

This vulnerability in Apple's Safari browser and related operating systems allows processing malicious web content to cause unexpected process crashes...

An input validation vulnerability in Apple operating systems allows attackers to execute arbitrary code or cause denial of service by sending speciall...

This CVE describes a critical command injection vulnerability in Hoverfly's middleware API endpoint that allows remote code execution. Attackers can e...

This vulnerability in Apache CXF allows untrusted users who can configure JMS endpoints to use RMI or LDAP URLs, potentially leading to remote code ex...

This CVE describes an improper input validation vulnerability in UniFi Access devices that allows command injection. An attacker with network access t...

CVE-2025-50578 allows unauthenticated attackers to manipulate HTTP headers (X-Forwarded-Host and Referer) to perform Host Header Injection and Open Re...

This vulnerability allows malicious applications to bypass security restrictions and execute arbitrary binaries on macOS devices. It affects macOS sys...

This CVE describes memory corruption vulnerabilities in Apple's graphics processing that could allow arbitrary code execution. Attackers can exploit t...

This CVE describes a critical SQL injection vulnerability in XWiki Platform that allows attackers to execute arbitrary SQL queries on Oracle databases...

This critical vulnerability allows unauthenticated attackers to execute arbitrary code with system privileges on affected D-Link devices by sending a ...

This vulnerability allows unauthenticated remote attackers to upload arbitrary files, including malicious PHP scripts, to Tiki Wiki CMS Groupware serv...