CWE-20: Improper Input Validation

This vulnerability in AMD Graphics Driver's Platform Security Processor (PSP) trusted applications allows local attackers to bypass security restricti...

This vulnerability allows attackers to execute arbitrary code or cause denial of service through a buffer overflow in Qualcomm's factory calibration a...

This vulnerability allows an attacker to write arbitrary files outside the intended project directory by exploiting improper input validation in PC Wo...

This vulnerability allows arbitrary code execution by processing a maliciously crafted image. It affects macOS, iOS, and iPadOS systems with insuffici...

CVE-2021-36048 is an improper input validation vulnerability in Adobe XMP Toolkit SDK that could allow arbitrary code execution when a user opens a ma...

This vulnerability allows arbitrary code execution when processing malicious archive files on Apple devices. Attackers can exploit this by tricking us...

This vulnerability in TensorFlow's QuantizeV2 operation allows attackers to trigger undefined behavior by accessing invalid memory locations. Attacker...

This vulnerability allows authenticated local users to escalate privileges on Linux systems using Intel Ethernet Controllers X722 and 800 series with ...

This vulnerability allows attackers to trick users into activating malicious device admin apps on Android devices through improper input validation in...

A local privilege escalation vulnerability in Linux kernel versions before 5.9-rc1 allows attackers with local access to crash systems or gain root pr...

This vulnerability allows local attackers to inject malicious bytecode into Android apps during compilation, potentially leading to privilege escalati...

This vulnerability in AMD Graphics Driver for Windows 10 allows attackers to exploit insufficient pointer validation to escalate privileges or cause d...

This Android vulnerability allows local privilege escalation through unauthorized file access when a user interacts with a malicious app. It affects A...

This vulnerability allows local privilege escalation on Android 11 devices by bypassing background process restrictions. Attackers can gain elevated p...

CVE-2021-25414 is a vulnerability in Samsung Contacts that allows local attackers to copy or overwrite arbitrary files due to improper intent sanitiza...

This CVE describes an intent redirection vulnerability in Samsung Health that allows attackers to execute privileged actions without proper authorizat...

This vulnerability allows trusted applications in Qualcomm's TrustZone to overwrite protected memory regions of other applications. It affects multipl...

This CVE-2021-3490 is a Linux kernel vulnerability in eBPF's ALU32 bounds tracking for bitwise operations (AND, OR, XOR). It allows local attackers to...

This vulnerability in OpenJPEG's encoder allows attackers to pass specially crafted x,y offset input during encoding, potentially leading to memory co...

CVE-2021-31198 is a remote code execution vulnerability in Microsoft Exchange Server that allows attackers to execute arbitrary code on affected serve...

The NVIDIA vGPU driver vulnerability (CVE-2021-1084) allows attackers to exploit improper input validation in the guest kernel mode driver and Virtual...

This vulnerability in NVIDIA vGPU software allows attackers to exploit improper input validation in the Virtual GPU Manager to potentially disclose se...

This vulnerability allows authenticated local attackers on Cisco Firepower Threat Defense devices running in multi-instance mode to execute arbitrary ...

CVE-2021-22678 is a memory corruption vulnerability in Cscape software that allows attackers to execute arbitrary code by tricking users into opening ...

CVE-2021-26415 is an elevation of privilege vulnerability in Windows Installer that allows authenticated attackers to execute arbitrary code with SYST...

This vulnerability allows a local attacker to escalate privileges on systems running vulnerable versions of Adobe Creative Cloud Desktop Application. ...

This CVE describes an out-of-bounds access vulnerability in the Linux kernel's eBPF code verifier. A local attacker can exploit this flaw to crash the...

This vulnerability allows attackers to perform out-of-bounds memory access in the Trusted Application (TA) component of Qualcomm Snapdragon chipsets d...

This vulnerability in Intel EPID SDK allows authenticated local users to escalate privileges through improper input validation. It affects systems usi...

This vulnerability in Intel Graphics Drivers allows a privileged user to escalate privileges via local access due to insufficient input validation. It...

This vulnerability allows authenticated users with local access to Intel server hardware to potentially escalate privileges through insufficient input...

Dell EMC PowerScale OneFS versions 8.1.0 through 9.1.0 contain an improper input validation vulnerability that allows authenticated users with the ISI...

This vulnerability in Max Secure Max Spyware Detector allows local users to send malicious input via IOCtl 0x2200019 to the MaxProc64.sys driver, caus...

CVE-2021-1260 allows authenticated attackers to execute arbitrary commands with root privileges on Cisco SD-WAN devices through command injection vuln...

CVE-2021-1262 allows authenticated attackers to execute arbitrary commands with root privileges on Cisco SD-WAN devices through command injection vuln...

CVE-2020-27844 is an out-of-bounds write vulnerability in OpenJPEG's t2.c file that allows attackers to compromise confidentiality, integrity, and ava...

CVE-2020-27828 is an arbitrary out-of-bounds write vulnerability in the jpc encoder component of the Jasper image processing library. Attackers can ex...

This vulnerability allows remote code execution via specially crafted files processed by Windows Camera Codec Pack. Attackers can execute arbitrary co...

This vulnerability in Tenda AC6 routers allows attackers to cause denial of service through buffer overflow in the formSetCfm function. Attackers can ...

Adobe Experience Manager versions 6.5.23.0 and earlier have an improper input validation vulnerability that allows low-privileged attackers to bypass ...

This CVE describes a Denial of Service vulnerability in Kyverno policy engine versions 1.14.1 and below. Attackers with permissions to create or updat...

This vulnerability in Intel AMT and Standard Manageability firmware allows authenticated users to cause denial of service through improper input valid...

This CVE describes an input verification vulnerability in Huawei's ExternalStorageProvider module that could allow attackers to access sensitive infor...

A denial-of-service vulnerability in kube-controller-manager occurs when applying a Horizontal Pod Autoscaler (HPA) configuration YAML file that lacks...

CVE-2024-43373 is an arbitrary file write vulnerability in the webcrack JavaScript reverse engineering tool on Windows systems. Attackers can exploit ...

This vulnerability allows authenticated Windows users with local access to potentially escalate privileges through improper input validation in Intel ...

This CVE describes a command injection vulnerability in the tj-actions/verify-changed-files GitHub Action. Attackers can inject malicious commands thr...

This vulnerability allows authenticated users of Foundry Issues to submit malformed data that causes a denial of service, disrupting frontend function...

CVE-2022-3767 is a vulnerability in GitLab's DAST analyzer where missing validation allows custom request headers to be sent with every request regard...

This vulnerability allows a malicious Android application (APK) to load a specially crafted model into the Qualcomm CDSP (Compute DSP), potentially co...