CWE-20: Improper Input Validation

This CVE describes an Improper Input Validation vulnerability in Adobe Commerce that allows authenticated admin attackers to read arbitrary files from...

This vulnerability in Qualcomm Core services allows information disclosure when processing Diag commands. Attackers could potentially access sensitive...

A critical input validation flaw in TOBY-L2 cellular modules allows attackers with physical serial access to execute arbitrary operating system comman...

This vulnerability allows attackers to elevate privileges on systems running affected .NET, .NET Framework, and Visual Studio versions. An authenticat...

This CVE allows attackers to inject malicious annotations into Ingress nginx configurations, leading to arbitrary command execution on the host system...

CVE-2023-32721 is a stored cross-site scripting (XSS) vulnerability in Zabbix's web application that allows attackers to inject malicious scripts into...

CVE-2021-25745 is a vulnerability in ingress-nginx where users with permissions to create or update Ingress objects can exploit the path field to obta...

This CVE describes an improper boundary check vulnerability in Samsung's UWB (Ultra-Wideband) firmware that allows attackers to write arbitrary memory...

CVE-2021-29462 is a DNS rebinding vulnerability in the Portable SDK for UPnP Devices (libupnp) that allows attackers to bypass same-origin policy rest...

This vulnerability in the sopel-channelmgnt plugin allows attackers to bypass restrictions and kick the bot from IRC channels when kicking multiple us...

This vulnerability in Koa.js allows attackers to inject malicious hostnames via specially crafted HTTP Host headers containing '@' symbols. Applicatio...

A protocol compliance vulnerability in free5GC's UPF component allows remote attackers to send malformed PFCP Association Setup Requests that violate ...

Adminer v5.4.1 and earlier has a version check endpoint that lacks origin validation, allowing attackers to send malformed POST data. This causes a PH...

A vulnerability in fast-xml-parser versions 4.3.6 through 5.3.3 allows attackers to cause denial of service by sending XML with out-of-range numeric e...

This vulnerability in Undertow allows remote attackers to cause denial-of-service by sending HTTP requests with large parameter names, triggering OutO...

An input validation vulnerability in OneFlow's oneflow.index_add component allows attackers to trigger a Denial of Service (DoS) by sending specially ...

An input validation vulnerability in OneFlow's flow.arange() function allows attackers to trigger a Denial of Service (DoS) by sending specially craft...

A vulnerability in ollama's GGUF decoder allows remote attackers to trigger a denial of service by sending specially crafted input. This affects all s...

A vulnerability in ollama v0.12.10 allows remote attackers to cause denial of service by sending specially crafted GGUF files. The readGGUFV1String fu...

An input validation vulnerability in Pithikos websocket-server v0.6.4 allows remote attackers to trigger unexpected server behavior or potentially lea...

Quicly, an IETF QUIC protocol implementation, contains assertion failures that allow remote attackers to trigger denial-of-service crashes. Systems us...

A remote, unauthenticated attacker can exploit a null pointer dereference vulnerability in the TP-Link TL-WR841N v14 web portal's referer header check...

This vulnerability in RustCrypto's elliptic-curves library allows attackers to cause denial-of-service by sending specially crafted SM2 encrypted mess...

A denial-of-service vulnerability exists in RustCrypto's SM2 public-key encryption implementation where untrusted ciphertext can trigger bounds-check ...

OpenAirInterface CN5G AMF versions up to v2.0.1 contain a logical error in JSON request processing that allows unauthenticated remote attackers to sen...

CVE-2025-15358 is a denial of service vulnerability in Delta Electronics DVP-12SE11T programmable logic controllers. Attackers can send specially craf...

A vulnerability in BinUtils' cp-demangle.c allows attackers to cause denial of service through crafted PE files. This affects systems using BinUtils f...

A vulnerability in BinUtils' cp-demangle.c allows attackers to cause denial of service through crafted PE files. This affects systems using BinUtils f...

A vulnerability in free5GC's LocalNode.Sess function allows attackers to send crafted PFCP Session Modification Requests with malicious Local SEID hea...

This vulnerability in Homarr allows privilege escalation and unauthorized access to other users' groups through crafted LDAP search queries due to ins...

A mail header parsing vulnerability in Apple operating systems allows attackers to cause persistent denial-of-service conditions. This affects users o...

This vulnerability in Microsoft Exchange Server allows authenticated attackers to elevate their privileges through improper input validation. Attacker...

This vulnerability in NETGEAR Nighthawk routers allows attackers on the WAN side to execute commands by manipulating DNS responses during speedtests. ...

An improper input validation vulnerability in Infinera MTC-9 allows remote unauthenticated attackers to send crafted XML payloads that crash the servi...

This vulnerability in Undertow allows remote attackers to cause denial of service by sending specially crafted large form data with application/x-www-...

This vulnerability in Ceph's RGW (RADOS Gateway) allows attackers to cause a denial-of-service by sending a specific S3 API request with an empty stri...

An improper input validation vulnerability in NETGEAR R6260 and R6850 routers allows unauthenticated attackers on the local network who can perform ma...

CVE-2025-59595 is a denial of service vulnerability in Secure Access versions before 14.12 where an attacker can send a specially crafted packet to cr...

This CVE describes a denial-of-service vulnerability in macOS that was addressed through improved input validation. Remote attackers could potentially...

CVE-2025-60938 is a remote code execution vulnerability in Emoncms 11.7.3 that allows authenticated users to execute arbitrary commands on the target ...

A vulnerability in Samsung Exynos processors' L2 layer incorrectly handles RLC AM PDUs, allowing attackers to cause denial of service. This affects Sa...

This vulnerability in Microsoft Exchange Server allows unauthorized attackers to perform spoofing attacks over the network due to improper input valid...

A vulnerability in cel-rust allows attackers to cause denial of service by sending specially crafted CEL expressions. This affects systems using cel-r...

This vulnerability in Authlib allows remote attackers to craft malicious JWT tokens with extremely large header or signature segments, causing excessi...

CVE-2025-61582 is a denial-of-service vulnerability in TS3 Manager web interface versions 2.2.1 and earlier. Unauthenticated attackers can crash the a...

CVE-2025-56404 is an information disclosure vulnerability in MariaDB MCP 0.1.0 where the SSE (Server-Sent Events) service lacks user validation, allow...

E3 Site Supervisor Control firmware versions below 2.31F01 contain an API endpoint with insufficient input validation, allowing attackers to send craf...

CVE-2025-57810 is a denial-of-service vulnerability in jsPDF library where user-controlled input to the addImage method can cause high CPU utilization...

An improper input validation vulnerability in Schneider Electric devices allows attackers to cause denial of service by sending specially crafted FTP ...

A buffer overflow vulnerability in the SetupUtility module allows attackers with local privileged access to execute arbitrary code. This affects syste...