CWE-20: Improper Input Validation

An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers on the local network to execute arbitrary OS commands through ...

An insufficient input validation vulnerability in NETGEAR Orbi routers' DHCPv6 functionality allows authenticated attackers on the same network (WiFi ...

An insufficient input validation vulnerability in NETGEAR XR1000v2 routers allows attackers on the local network to execute arbitrary operating system...

This CVE describes a sandbox escape vulnerability in the Graphics: CanvasWebGL component due to incorrect boundary conditions. It allows attackers to ...

This vulnerability allows an authenticated attacker on a guest virtual machine to execute arbitrary code on the Hyper-V host. It affects Windows syste...

This vulnerability allows remote attackers to execute arbitrary code on Casa Systems NL1901ACV VDSL modems by exploiting improper input validation in ...

A command injection vulnerability in GitHub Enterprise Server allows attackers with editor role access to the Management Console to execute arbitrary ...

CVE-2024-26240 is a Secure Boot security feature bypass vulnerability that allows attackers to bypass Secure Boot protections and load untrusted or ma...

CVE-2024-26189 is a Secure Boot security feature bypass vulnerability that allows attackers to circumvent Secure Boot protections on affected systems....

A command injection vulnerability in GitHub Enterprise Server allows authenticated users with editor role in the Management Console to execute arbitra...

This vulnerability in DockerSpawner allows JupyterHub users to launch any Docker image from public registries instead of being restricted to the confi...

This vulnerability in SolarWinds Platform allows a low-privileged authenticated user to execute arbitrary code with SYSTEM privileges due to incomplet...

This vulnerability allows authenticated users with User Management permissions (and LDAP administrators in some configurations) to inject arbitrary co...

CVE-2021-26631 is an improper input validation vulnerability in Mangboard commerce package that allows remote attackers to manipulate order amounts in...

This vulnerability in Intel Manageability Commander allows authenticated users on the same network to potentially escalate privileges through improper...

CVE-2020-7848 is a command injection vulnerability in EFM ipTIME C200 IP cameras that allows remote attackers to execute arbitrary operating system co...

This vulnerability allows an authenticated attacker on a Hyper-V guest virtual machine to execute arbitrary code on the host server by sending special...

Spinnaker versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery (SSRF) that allows attackers to fetch data ...

Local users on affected OpenWrt systems can read and write arbitrary kernel memory through the ltq-ptm driver ioctls, allowing kernel privilege escala...

This vulnerability in InsydeH2O UEFI firmware allows attackers to bypass input validation in the VariableRuntimeDxe driver's SecureBootHandler. Attack...

This vulnerability in Intel PROSet/Wireless WiFi Software allows a privileged user (local administrator) to cause denial of service by exploiting impr...

This vulnerability in Intel TDX module software allows a privileged user on a local system to potentially escalate privileges due to improper input va...

This CVE describes an improper input validation vulnerability in BIOS firmware for certain Intel NUC devices. It allows a privileged user with local a...

This vulnerability allows remote command injection through the network proxy configuration page in Zoom's on-premise components. An authenticated web ...

A vulnerability in Trellix HX Agent's fekern.sys driver allows local attackers to escalate privileges and access lsass.exe memory via BYOVD techniques...

A memory corruption vulnerability in iccDEV library versions before 2.3.1.2 allows arbitrary code execution when processing malicious ICC color profil...

This vulnerability allows local attackers to escalate privileges on affected Android devices without user interaction. It affects Google Pixel devices...

This vulnerability allows an unauthorized attacker to execute arbitrary code on SharePoint servers through improper input validation. Organizations us...

CVE-2026-21678 is a heap-buffer-overflow vulnerability in the IccTagXml() function of iccDEV, a library for ICC color management profiles. It allows a...

This vulnerability allows local privilege escalation on affected Android devices through a memory overwrite in the tracepoint IPC handler. Attackers c...

This vulnerability in Android's AssociationRequest.java allows persistent CDM (Content Decryption Module) associations after user disassociation due t...

This vulnerability allows applications in a work profile to improperly set the main user's default NFC payment setting due to insufficient input valid...

This vulnerability in Android's DisassociationProcessor allows malicious apps to continue reading notifications after disassociation from a companion ...

This CVE describes an Android vulnerability where improper input validation allows bypassing user profile boundaries via forwarded intents. This enabl...

This Windows Kernel vulnerability allows authenticated attackers to gain elevated system privileges through improper input validation. It affects Wind...

This CVE describes a memory corruption vulnerability in Qualcomm FE driver components that could allow attackers to execute arbitrary code or cause de...

This vulnerability allows attackers to bypass security checks in picklescan by disguising malicious pickle files with PyTorch-related extensions. When...

This vulnerability allows a malicious app to obtain screen recording permissions without user consent due to improper input validation in Android's Me...

This vulnerability allows an attacker to remove biometric unlock (like face recognition) across user profiles on Android devices without proper authen...

This vulnerability allows local privilege escalation on affected Android devices through an out-of-bounds write in the Wi-Fi driver. Attackers can gai...

A privilege escalation vulnerability in OpenMediaVault's changePassword method allows local authenticated users to gain root privileges. This affects ...

This vulnerability allows an authenticated local user to potentially escalate privileges through improper input validation in Intel 700 Series Etherne...

A buffer overflow vulnerability in Rockwell Automation Arena allows remote code execution when a user opens a malicious DOE file. This affects Arena S...

This vulnerability allows a local attacker with SSH access to escalate privileges to root by exploiting improper input validation in a vulnerable scri...

CVE-2025-47968 is a local privilege escalation vulnerability in Microsoft AutoUpdate (MAU) caused by improper input validation. An authenticated attac...

A local privilege escalation vulnerability in Ocuco Innovation Tracking.exe version 2.10.24.51 allows attackers to gain elevated system privileges by ...

This vulnerability allows an authorized attacker with local access to exploit improper input validation in the Windows Common Log File System Driver t...

This CVE describes a privilege escalation vulnerability in macOS where improper input sanitization allows an application to gain elevated privileges. ...

A macOS privilege escalation vulnerability allows malicious applications to gain elevated system privileges through improper input sanitization. This ...

This vulnerability involves memory corruption during the FRS UDS generation process in Qualcomm components, potentially allowing attackers to execute ...