CWE-20: Improper Input Validation

This is a Win32k elevation of privilege vulnerability in Windows that allows an authenticated attacker to gain SYSTEM-level privileges on a compromise...

This vulnerability in Archive v3.3.7 allows attackers to spoof ZIP filenames, leading to inconsistent filename parsing. This can enable attackers to h...

This vulnerability in Android's Uri.java allows improper URI permission grants due to insufficient input validation. It enables local privilege escala...

This vulnerability in Intel Easy Streaming Wizard allows authenticated local users to escalate privileges through improper input validation. It affect...

This Android vulnerability allows local privilege escalation through improper input validation in CallRedirectionProcessor.java. An attacker could exp...

This vulnerability in Android's notification access settings allows local privilege escalation without user interaction. An attacker could exploit imp...

CVE-2023-29359 is a Windows Graphics Device Interface (GDI) vulnerability that allows local attackers to escalate privileges from a low-privileged use...

This vulnerability allows memory corruption in Qualcomm WLAN HOST drivers when processing WMI events from firmware. Attackers could potentially execut...

This vulnerability allows a malicious app to dynamically register a BroadcastReceiver using System App permissions due to improper input validation in...

Adobe Substance 3D Stager versions 2.0.1 and earlier contain an improper input validation vulnerability that allows arbitrary code execution when a us...

This CVE describes an improper input validation vulnerability in Adobe Acrobat Reader that could allow arbitrary code execution when a user opens a ma...

This vulnerability in Adobe Acrobat Reader allows attackers to execute arbitrary code on a victim's system when they open a malicious PDF file. It aff...

This vulnerability allows an attacker to gain SYSTEM-level privileges on Windows systems by exploiting a flaw in the Win32k driver. It affects Windows...

CVE-2023-24893 is a remote code execution vulnerability in Visual Studio Code that allows attackers to execute arbitrary code on a user's system by tr...

This vulnerability allows remote attackers to execute arbitrary code on affected systems by exploiting improper input validation in Microsoft's ODBC a...

This vulnerability allows attackers to execute arbitrary code on systems running IrfanView by tricking users into opening a malicious PDF file. The im...

Adobe Dimension versions 3.4.7 and earlier contain an improper input validation vulnerability that could allow arbitrary code execution when a user op...

Adobe Dimension versions 3.4.7 and earlier contain an improper input validation vulnerability that allows arbitrary code execution when a user opens a...

Adobe Dimension versions 3.4.7 and earlier contain an improper input validation vulnerability that allows arbitrary code execution when a user opens a...

CVE-2023-25865 is an improper input validation vulnerability in Adobe Substance 3D Stager that allows arbitrary code execution when a user opens a mal...

Adobe Substance 3D Stager has an improper input validation vulnerability that allows arbitrary code execution when a user opens a malicious file. This...

CVE-2023-25859 is an improper input validation vulnerability in Adobe Illustrator that allows arbitrary code execution when a user opens a malicious f...

This vulnerability in Windows Resilient File System (ReFS) allows an authenticated attacker to gain SYSTEM-level privileges on affected systems. It af...

CVE-2023-22239 is an improper input validation vulnerability in Adobe After Effects that allows arbitrary code execution when a user opens a malicious...

CVE-2023-22228 is an improper input validation vulnerability in Adobe Bridge that allows arbitrary code execution when a user opens a malicious file. ...

This CVE describes an Improper Input Validation vulnerability in Adobe Photoshop that allows arbitrary code execution when a user opens a malicious fi...

This vulnerability in Adobe FrameMaker allows arbitrary code execution when a user opens a malicious file. Attackers can exploit improper input valida...

This vulnerability allows authenticated users on SiPass integrated access control systems to execute arbitrary commands with root privileges through i...

This vulnerability allows a local authenticated malicious user to send malicious input to a named pipe in Dell Alienware Command Center, potentially l...

CVE-2022-34866 is an insufficient data verification vulnerability in Passage Drive that allows arbitrary command execution with LocalSystem privileges...

This vulnerability allows local attackers to launch activities with Galaxy Store privileges due to improper input validation in AppsPackageInstaller. ...

This vulnerability allows local attackers to launch activities with Galaxy Store privileges through improper input validation in BillingPackageInstall...

This vulnerability in the Android kernel's Mali GPU driver allows local attackers to execute arbitrary code without user interaction. It enables privi...

This vulnerability in Huawei's AMS module allows improper input validation that could lead to privilege escalation. Attackers could exploit this to ga...

This vulnerability allows a privileged user with local access to potentially escalate privileges through improper input validation in BIOS firmware on...

This vulnerability allows a privileged user with local access to potentially escalate privileges through improper input validation in the BIOS authent...

This vulnerability in AMD Secure Processor firmware allows insufficient address validation in system calls, potentially enabling arbitrary code execut...

Adobe Photoshop has an improper input validation vulnerability when parsing PCX files that could allow arbitrary code execution. Attackers can craft m...

CVE-2021-3624 is an integer overflow vulnerability in dcraw, a RAW image decoder. When processing a malicious X3F image file, this vulnerability can l...

This vulnerability in Android Settings allows an attacker to spoof app names due to improper input validation, potentially leading to local privilege ...

This vulnerability in Android Settings allows an attacker to misrepresent which app is requesting to add a Wi-Fi network due to improper input validat...

CVE-2021-44462 is a memory corruption vulnerability in Horner Automation Cscape EnvisionRV software versions v4.50.3.1 and prior. Attackers can exploi...

This vulnerability allows authenticated users with local access to Intel Quartus Prime Pro Edition to potentially escalate privileges through improper...

This vulnerability allows an authenticated attacker with local access to improperly validate input in Intel processor firmware, potentially enabling p...

CVE-2021-44422 is a heap-based buffer overflow vulnerability in Open Design Alliance Drawings SDK that allows remote code execution when processing ma...

This vulnerability in Android's Parcel serialization allows local privilege escalation without user interaction. An attacker could exploit improper in...

This vulnerability in AMD System Management Unit (SMU) allows a malicious user to manipulate mailbox entries, potentially leading to arbitrary code ex...

This vulnerability allows attackers to execute arbitrary code by exploiting insufficient validation of BIOS image length in AMD ASP Firmware. It affec...

This vulnerability in AMD's Platform Security Processor (PSP) allows attackers to manipulate privileged registers on the System Management Network, po...

This vulnerability in AMD processors allows attackers to bypass memory integrity protections when Secure Encrypted Virtualization (SEV) with Secure Ne...