CWE-20: Improper Input Validation

A vulnerability in Samsung Exynos processors' L2 layer incorrectly handles RLC AM PDUs, allowing attackers to cause denial of service. This affects Sa...

This vulnerability in Microsoft Exchange Server allows unauthorized attackers to perform spoofing attacks over the network due to improper input valid...

A vulnerability in cel-rust allows attackers to cause denial of service by sending specially crafted CEL expressions. This affects systems using cel-r...

This vulnerability in Authlib allows remote attackers to craft malicious JWT tokens with extremely large header or signature segments, causing excessi...

CVE-2025-61582 is a denial-of-service vulnerability in TS3 Manager web interface versions 2.2.1 and earlier. Unauthenticated attackers can crash the a...

CVE-2025-56404 is an information disclosure vulnerability in MariaDB MCP 0.1.0 where the SSE (Server-Sent Events) service lacks user validation, allow...

E3 Site Supervisor Control firmware versions below 2.31F01 contain an API endpoint with insufficient input validation, allowing attackers to send craf...

CVE-2025-57810 is a denial-of-service vulnerability in jsPDF library where user-controlled input to the addImage method can cause high CPU utilization...

An improper input validation vulnerability in Schneider Electric devices allows attackers to cause denial of service by sending specially crafted FTP ...

A buffer overflow vulnerability in the SetupUtility module allows attackers with local privileged access to execute arbitrary code. This affects syste...

This vulnerability in UsbCoreDxe allows attackers to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level, potentially bypassin...

Adobe Commerce has an improper input validation vulnerability (CWE-20) that allows unauthenticated attackers to cause denial-of-service by sending spe...

This vulnerability in Intel 700 Series Ethernet drivers allows authenticated users to escalate privileges through improper input validation. It affect...

This vulnerability allows attackers to cause a Denial of Service (DoS) condition in affected Qualcomm systems by sending specially crafted CCCH data w...

CVE-2025-27211 is an improper input validation vulnerability in EdgeMAX EdgeSwitch that allows command injection via adjacent network access. Attacker...

This vulnerability allows attackers to hijack user sessions in PHPGurukul e-Diary Management System by exploiting improper session invalidation during...

This vulnerability allows attackers to hijack user sessions in PHPGurukul Student Result Management System v2.0 by exploiting improper session invalid...

This vulnerability allows attackers to hijack user sessions in PHPGurukul Student Result Management System by exploiting improper session invalidation...

This vulnerability allows attackers to hijack user sessions in PHPGurukul Car Washing Management System v1.0 by exploiting improper session invalidati...

CVE-2025-54365 is a regular expression denial-of-service (ReDoS) vulnerability in fastapi-guard version 3.0.1 where the patch limiting string length f...

This HTTP response splitting vulnerability in Apache HTTP Server allows attackers to manipulate Content-Type headers to split HTTP responses, potentia...

A missing length check in Samsung Exynos 2400 and Modem 5400 chips allows attackers to cause denial of service via malformed PDCP packets. This affect...

MongoDB Server is vulnerable to denial of service when processing specific date values in JSON input during OIDC authentication. An attacker can crash...

OpenBao before version 2.3.0 allows unauthenticated attackers to cancel root rekey and recovery rekey operations, causing denial of service. This affe...

This vulnerability allows attackers to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level due to improper input validation in...

This vulnerability in Yandex Browser Lite for Android allows remote attackers to cause a denial of service (crash) by sending specially crafted conten...

This vulnerability allows a privileged user with local access to Intel Server D50DNP and M50FCP systems to potentially escalate privileges through imp...

This vulnerability allows a privileged user with local access to Intel Server D50DNP and M50FCP boards to potentially escalate privileges through impr...

A vulnerability in macOS AFP network share mounting allows attackers to cause system termination (kernel panic) by tricking users into connecting to m...

An improper input validation vulnerability in Apache Kvrocks allows attackers to crash the server by sending a negative offset value to the SETRANGE c...

NamelessMC versions 2.1.4 and earlier have a vulnerability in forum search functionality where the 's' parameter in GET requests lacks length validati...

CVE-2024-37917 is an improper input validation vulnerability in Pexip Infinity video conferencing software that allows remote attackers to cause a den...

A validation logic vulnerability in multiple Apple operating systems allows remote attackers to cause denial-of-service conditions. This affects users...

This vulnerability allows attackers to cause a kernel crash (denial of service) by launching DDoS attacks against TCP port 22 (SSH) on affected system...

The Uncode WordPress theme contains an arbitrary file read vulnerability that allows unauthenticated attackers to read any file on the server. This af...

This UEFI firmware vulnerability in certain Intel processors allows privileged local attackers to bypass security controls and gain higher system priv...

This vulnerability allows a privileged user (like an administrator) to potentially escalate privileges through improper input validation in UEFI firmw...

This vulnerability allows a privileged user to escalate privileges via local access due to improper input validation in the XmlCli feature of UEFI fir...

This UEFI firmware vulnerability in certain Intel processors allows a privileged attacker with local access to potentially escalate privileges by expl...

This vulnerability allows a privileged user with local access to potentially escalate privileges through improper input validation in Intel System Sec...

This vulnerability in NVIDIA Jetson AGX Orin and IGX Orin software allows attackers to escalate permissions through improper input validation. Success...

Microsoft Message Queuing (MSMQ) contains a vulnerability that allows attackers to cause a denial of service condition by sending specially crafted pa...

This vulnerability in Huawei wearables allows attackers to cause server out-of-memory conditions by sending specially crafted data that exceeds expect...

Huawei printers have an input validation vulnerability that allows attackers to send specially crafted input to cause service exceptions. This affects...

This vulnerability allows a high-privileged attacker with local access to execute arbitrary code on Dell systems due to improper input validation in a...

This vulnerability in RIOT OS allows attackers to trigger out-of-bounds memory reads by sending malformed DHCPv6 packets to IoT devices. The lack of h...

CVE-2022-2232 is an LDAP injection vulnerability in Keycloak that allows attackers to manipulate LDAP queries during username lookups. This can enable...

A vulnerability in Apache Traffic Server allows a specially crafted Host header to cause a denial-of-service crash. This affects Apache Traffic Server...

Apache Traffic Server has an improper input validation vulnerability (CWE-20) that could allow attackers to cause denial of service or potentially exe...

This CVE describes an improper input validation vulnerability in UEFI firmware on specific Intel server boards. A privileged user with local access co...