CWE-20: Improper Input Validation

This vulnerability allows a high-privileged attacker with local access to execute arbitrary code on Dell systems due to improper input validation in a...

This vulnerability in RIOT OS allows attackers to trigger out-of-bounds memory reads by sending malformed DHCPv6 packets to IoT devices. The lack of h...

CVE-2022-2232 is an LDAP injection vulnerability in Keycloak that allows attackers to manipulate LDAP queries during username lookups. This can enable...

A vulnerability in Apache Traffic Server allows a specially crafted Host header to cause a denial-of-service crash. This affects Apache Traffic Server...

Apache Traffic Server has an improper input validation vulnerability (CWE-20) that could allow attackers to cause denial of service or potentially exe...

This CVE describes an improper input validation vulnerability in UEFI firmware on specific Intel server boards. A privileged user with local access co...

This CVE describes an improper input validation vulnerability in UEFI firmware for specific Intel server platforms. A privileged user with local acces...

An improper input validation vulnerability in Intel Neural Compressor software allows unauthenticated attackers on adjacent networks to potentially es...

This vulnerability allows attackers to bypass security features in Microsoft Word, potentially enabling them to execute malicious code or access restr...

This vulnerability in Undertow's FormAuthenticationMechanism allows attackers to cause denial of service by sending specially crafted requests that tr...

An unauthenticated remote attacker can send crafted MR PIM traffic to Cisco Enterprise Chat and Email (ECE) to trigger a denial of service in the Exte...

This vulnerability in Squid proxy allows trusted servers to cause denial of service against all clients using the proxy through resource management fl...

This vulnerability in Brave Android browsers displays domain names in the Brave Shields popup with right-side truncation instead of left-side truncati...

This vulnerability in the Mesop Python UI framework allows attackers to access unauthorized files on the server through insufficient input validation ...

This UEFI firmware vulnerability in certain Intel processors allows a privileged user to escalate privileges through improper input validation. Attack...

A denial-of-service vulnerability in Rockwell Automation products allows attackers to send specially crafted packets to the CIP Security Object, causi...

This vulnerability in FORT RPKI validator allows a malicious RPKI repository to crash the software by serving a signed object with an empty signedAttr...

This vulnerability in Intel NUC firmware allows a privileged user with local access to potentially escalate privileges through improper input validati...

This vulnerability allows remote attackers to execute arbitrary code on Windows systems running vulnerable versions of the Cato SDP client by sending ...

This vulnerability in .NET and Visual Studio allows attackers to cause a denial of service by sending specially crafted requests to affected systems. ...

This vulnerability in Discourse allows attackers to reduce availability through a denial-of-service attack by exploiting improper input validation in ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server's mod_rewrite module. Attackers can exploit unsafe Rewrite...

This vulnerability in dd-trace-cpp causes a crash when the library encounters malformed unicode while extracting trace context, due to an uncaught exc...

CVE-2024-5990 is an improper input validation vulnerability in Rockwell Automation ThinServer™ that allows unauthenticated attackers to send malicio...

A vulnerability in Poppler's Pdfinfo utility allows attackers to cause denial of service by crashing the application when using the -dests parameter w...

CVE-2024-37794 is an improper input validation vulnerability in CVC5 Solver v1.1.3 that allows attackers to cause a Denial of Service (DoS) via a craf...

Dell Client Platform BIOS contains an improper input validation vulnerability in an externally developed component. A high-privileged attacker with lo...

Dell Client Platform BIOS contains an improper input validation vulnerability in an externally developed component. A high-privileged attacker with lo...

This CVE describes a DNS rebinding vulnerability in Apache Allura's import functionality. Attackers can trick project administrators into importing ma...

This vulnerability in OneFlow v0.9.1 allows attackers to cause Denial of Service (DoS) by sending negative values to the dim parameter. The improper i...

This vulnerability allows attackers to bypass ReCAPTCHA protection on the login page of affected systems, potentially enabling brute-force attacks or ...

CVE-2024-3584 is a path traversal vulnerability in qdrant/qdrant version 1.9.0-dev that allows attackers to write arbitrary files to any location on t...

A vulnerability in 389-ds-base allows attackers to cause denial of service through specially crafted LDAP queries. This affects systems running vulner...

Dell BIOS contains an improper input validation vulnerability that allows a local authenticated malicious user with admin privileges to execute arbitr...

This vulnerability allows a privileged user to escalate privileges via local access due to improper input validation in the PprRequestLog module of UE...

A Local File Inclusion vulnerability in gaizhenbiao/chuanhuchatgpt version 20240310 allows attackers to read arbitrary files on the server by manipula...

An unauthenticated remote attacker can exploit improper input validation in Proofpoint Enterprise Protection's Encryption endpoint to create unauthori...

CVE-2024-3372 is an improper input validation vulnerability in MongoDB Server that allows pre-authentication attackers to send malformed metadata caus...

This vulnerability allows an attacker to cause a denial of service in DNSdist by sending a DNS zone transfer request (AXFR/IXFR) over DNS over HTTPS w...

This vulnerability in dnf5daemon-server allows local unprivileged users to achieve root privileges by manipulating configuration dictionaries passed t...

This vulnerability allows remote attackers to cause a denial-of-service condition on LG Simple Editor installations without requiring authentication. ...

This vulnerability in PowerDNS Recursor allows a malicious upstream DNS server to send crafted responses that cause a denial of service. Only systems ...

CVE-2024-31841 is an input validation vulnerability in Italtel Embrace 1.6.4 web server that allows remote unauthenticated attackers to read arbitrary...

This CVE describes an input verification vulnerability in the power module of Huawei devices running HarmonyOS. Successful exploitation could allow at...

This vulnerability allows a denial-of-service (DoS) attack on 5G NR (New Radio) devices by sending specially crafted SMS messages with non-standard co...

A denial-of-service vulnerability in Rockwell Automation PowerFlex 527 drives allows attackers to crash the web server through improper input validati...

A denial-of-service vulnerability in Rockwell Automation PowerFlex 527 drives allows attackers to crash the device by sending multiple data packets re...

This vulnerability in Apache Tomcat allows denial-of-service attacks via HTTP/2 requests. Attackers can send specially crafted HTTP/2 requests that ex...

This vulnerability in Qualcomm chipsets allows a denial-of-service attack when processing CAG (Closed Access Group) information elements from network ...

This vulnerability in IBM MQ and IBM MQ Appliance allows a remote unauthenticated attacker to cause a denial of service due to incorrect buffering log...