CWE-20: Improper Input Validation

This vulnerability in Tesla Model S vehicles allows local attackers with low-privileged code execution to escape the sandbox via improper input valida...

This CVE describes a sandbox escape vulnerability in Apple operating systems where improper path validation allows malicious apps to break out of thei...

This vulnerability allows an authorized attacker with local access to a Windows system to exploit improper input validation in the Mobile Broadband co...

This vulnerability allows an authorized attacker with existing access to a Windows system to exploit improper input validation in the Desktop Window M...

CVE-2025-24062 is a local privilege escalation vulnerability in Windows Desktop Window Manager (DWM) Core Library due to improper input validation. An...

This vulnerability allows an authorized attacker with local access to a Windows system to elevate privileges through improper input validation in the ...

This vulnerability in LibreOffice allows attackers to craft malicious links using the 'vnd.libreoffice.command' URI scheme that can execute internal m...

This vulnerability allows a malicious guest virtual machine to trigger memory corruption in the host system by providing specially crafted buffer data...

This vulnerability allows a malicious guest virtual machine to cause memory corruption in the host system by manipulating type values in a controlled ...

This vulnerability allows memory corruption through improper input validation in clock device drivers on Qualcomm chipsets. Attackers could potentiall...

This vulnerability involves memory corruption during communication between primary and guest virtual machines in Qualcomm platforms, potentially allow...

This vulnerability in LibreOffice allows attackers to execute arbitrary Windows executables through malicious hyperlinks. When a user clicks on a spec...

This vulnerability in the Kernel Streaming WOW Thunk Service Driver allows attackers to escalate privileges from a lower-privileged account to SYSTEM ...

This vulnerability allows an authenticated attacker to elevate privileges within Windows Virtualization-Based Security (VBS) enclaves, potentially gai...

This vulnerability allows remote attackers to execute arbitrary code on Microsoft SharePoint Server by sending specially crafted requests. It affects ...

This vulnerability allows attackers to elevate privileges on Windows systems by exploiting the PrintWorkflowUserSvc service. It affects Windows system...

This vulnerability in Windows PrintWorkflowUserSvc allows attackers to elevate privileges from a standard user account to SYSTEM-level access. It affe...

Adobe Animate versions 23.0.8, 24.0.5 and earlier contain an improper input validation vulnerability that allows arbitrary code execution when a user ...

This vulnerability allows memory corruption in Qualcomm NPU (Neural Processing Unit) drivers when processing API calls with invalid input. Attackers c...

This vulnerability in NVIDIA vGPU software allows a guest OS user with kernel access to exploit improper input validation in the GPU kernel driver. Su...

This vulnerability allows remote attackers to execute arbitrary code on Windows systems running Routing and Remote Access Service (RRAS) by sending sp...

This vulnerability allows attackers to elevate privileges on Windows systems by exploiting a flaw in the Kernel Streaming Service Driver. Attackers wi...

This PowerShell vulnerability allows authenticated attackers to execute arbitrary code with elevated privileges on affected systems. It affects Window...

This vulnerability allows a local attacker on Windows systems to escalate privileges by exploiting insufficient data validation in Google Chrome's ins...

This SMM (System Management Mode) vulnerability allows privileged attackers to execute arbitrary code, manipulate stack memory, and leak information f...

Adobe Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier contain an improper input validation vulnerability that could allow arbitrary code e...

A local path hijacking vulnerability in Lenovo Driver Manager allows attackers to execute arbitrary code with elevated privileges by manipulating sear...

This vulnerability in Android's AutofillManagerServiceImpl allows a malicious app to hide an enabled Autofill service from the system settings through...

This vulnerability in the Kernel Streaming WOW Thunk Service Driver allows attackers to escalate privileges on affected Windows systems. An authentica...

This PowerShell elevation of privilege vulnerability allows authenticated attackers to execute arbitrary code with SYSTEM privileges on affected Windo...

This PowerShell elevation of privilege vulnerability allows authenticated attackers to execute arbitrary code with SYSTEM privileges on affected Windo...

CVE-2024-30087 is a Win32k elevation of privilege vulnerability in Windows that allows authenticated attackers to gain SYSTEM-level privileges on affe...

CVE-2022-1242 is a vulnerability in Apport, Ubuntu's crash reporting tool, that allows local attackers to trick Apport into connecting to arbitrary so...

This vulnerability allows remote attackers to execute arbitrary code on OpenText iManager 3.2.6.0200 systems by exploiting a custom file upload task. ...

This CVE describes an Improper Input Validation vulnerability in Adobe Acrobat Reader that could allow arbitrary code execution when a user opens a ma...

This vulnerability allows local attackers to bypass health data permissions on Android devices due to improper input validation. It enables local priv...

CVE-2024-21476 is a memory corruption vulnerability in Qualcomm components where improper validation of user-supplied channel IDs can lead to arbitrar...

This vulnerability in MediaTek's wlan service allows local attackers to write beyond allocated memory boundaries due to improper input validation. It ...

This vulnerability in Windows Composite Image File System (CimFS) allows attackers to gain elevated privileges on affected systems. It affects Windows...

This vulnerability in macOS allows attackers to execute arbitrary code by processing malicious input. It affects macOS systems before Sonoma 14.4. Use...

This vulnerability allows an app in the Android work profile to improperly enable notification listener services due to a logic error in NotificationA...

This vulnerability in Microsoft Defender for Endpoint allows attackers to elevate privileges on affected systems. It enables local authenticated attac...

This vulnerability in macOS allows arbitrary code execution when processing malicious files. Attackers can exploit improper input validation to execut...

Adobe After Effects has an improper input validation vulnerability that allows arbitrary code execution when a user opens a malicious file. This affec...

This vulnerability allows an authenticated attacker with local access to a Hyper-V guest virtual machine to execute arbitrary code with SYSTEM privile...

This is a Win32k elevation of privilege vulnerability in Windows that allows an authenticated attacker to gain SYSTEM-level privileges on a compromise...

This vulnerability in Archive v3.3.7 allows attackers to spoof ZIP filenames, leading to inconsistent filename parsing. This can enable attackers to h...

This vulnerability in Android's Uri.java allows improper URI permission grants due to insufficient input validation. It enables local privilege escala...

This vulnerability in Intel Easy Streaming Wizard allows authenticated local users to escalate privileges through improper input validation. It affect...

This Android vulnerability allows local privilege escalation through improper input validation in CallRedirectionProcessor.java. An attacker could exp...