CWE-20: Improper Input Validation

A denial-of-service vulnerability in Rockwell Automation products allows attackers to send specially crafted packets to the CIP Security Object, causi...

This vulnerability in FORT RPKI validator allows a malicious RPKI repository to crash the software by serving a signed object with an empty signedAttr...

This vulnerability in Intel NUC firmware allows a privileged user with local access to potentially escalate privileges through improper input validati...

This vulnerability allows remote attackers to execute arbitrary code on Windows systems running vulnerable versions of the Cato SDP client by sending ...

This vulnerability in .NET and Visual Studio allows attackers to cause a denial of service by sending specially crafted requests to affected systems. ...

This vulnerability in Discourse allows attackers to reduce availability through a denial-of-service attack by exploiting improper input validation in ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server's mod_rewrite module. Attackers can exploit unsafe Rewrite...

This vulnerability in dd-trace-cpp causes a crash when the library encounters malformed unicode while extracting trace context, due to an uncaught exc...

CVE-2024-5990 is an improper input validation vulnerability in Rockwell Automation ThinServer™ that allows unauthenticated attackers to send malicio...

A vulnerability in Poppler's Pdfinfo utility allows attackers to cause denial of service by crashing the application when using the -dests parameter w...

CVE-2024-37794 is an improper input validation vulnerability in CVC5 Solver v1.1.3 that allows attackers to cause a Denial of Service (DoS) via a craf...

Dell Client Platform BIOS contains an improper input validation vulnerability in an externally developed component. A high-privileged attacker with lo...

Dell Client Platform BIOS contains an improper input validation vulnerability in an externally developed component. A high-privileged attacker with lo...

This CVE describes a DNS rebinding vulnerability in Apache Allura's import functionality. Attackers can trick project administrators into importing ma...

This vulnerability in OneFlow v0.9.1 allows attackers to cause Denial of Service (DoS) by sending negative values to the dim parameter. The improper i...

This vulnerability allows attackers to bypass ReCAPTCHA protection on the login page of affected systems, potentially enabling brute-force attacks or ...

CVE-2024-3584 is a path traversal vulnerability in qdrant/qdrant version 1.9.0-dev that allows attackers to write arbitrary files to any location on t...

A vulnerability in 389-ds-base allows attackers to cause denial of service through specially crafted LDAP queries. This affects systems running vulner...

Dell BIOS contains an improper input validation vulnerability that allows a local authenticated malicious user with admin privileges to execute arbitr...

This vulnerability allows a privileged user to escalate privileges via local access due to improper input validation in the PprRequestLog module of UE...

A Local File Inclusion vulnerability in gaizhenbiao/chuanhuchatgpt version 20240310 allows attackers to read arbitrary files on the server by manipula...

An unauthenticated remote attacker can exploit improper input validation in Proofpoint Enterprise Protection's Encryption endpoint to create unauthori...

CVE-2024-3372 is an improper input validation vulnerability in MongoDB Server that allows pre-authentication attackers to send malformed metadata caus...

This vulnerability allows an attacker to cause a denial of service in DNSdist by sending a DNS zone transfer request (AXFR/IXFR) over DNS over HTTPS w...

This vulnerability in dnf5daemon-server allows local unprivileged users to achieve root privileges by manipulating configuration dictionaries passed t...

This vulnerability allows remote attackers to cause a denial-of-service condition on LG Simple Editor installations without requiring authentication. ...

This vulnerability in PowerDNS Recursor allows a malicious upstream DNS server to send crafted responses that cause a denial of service. Only systems ...

CVE-2024-31841 is an input validation vulnerability in Italtel Embrace 1.6.4 web server that allows remote unauthenticated attackers to read arbitrary...

This CVE describes an input verification vulnerability in the power module of Huawei devices running HarmonyOS. Successful exploitation could allow at...

This vulnerability allows a denial-of-service (DoS) attack on 5G NR (New Radio) devices by sending specially crafted SMS messages with non-standard co...

A denial-of-service vulnerability in Rockwell Automation PowerFlex 527 drives allows attackers to crash the web server through improper input validati...

A denial-of-service vulnerability in Rockwell Automation PowerFlex 527 drives allows attackers to crash the device by sending multiple data packets re...

This vulnerability in Apache Tomcat allows denial-of-service attacks via HTTP/2 requests. Attackers can send specially crafted HTTP/2 requests that ex...

This vulnerability in Qualcomm chipsets allows a denial-of-service attack when processing CAG (Closed Access Group) information elements from network ...

This vulnerability in IBM MQ and IBM MQ Appliance allows a remote unauthenticated attacker to cause a denial of service due to incorrect buffering log...

This CVE describes an input validation vulnerability in the motor module of Huawei/HarmonyOS devices. Attackers can exploit this flaw to cause denial-...

This vulnerability in the Quick Reboot Android app allows unauthorized apps to send broadcast intents that trigger device power actions without user c...

This vulnerability in MediaTek modem firmware allows remote denial of service through improper input validation. Attackers can send specially crafted ...

CVE-2023-4550 is an improper input validation vulnerability in OpenText AppBuilder that allows unauthenticated or authenticated users to read arbitrar...

SvelteKit 2 applications crash when receiving GET or TRACE requests with a body, requiring manual restart. This affects SvelteKit 2 apps in preview or...

This vulnerability in Splunk Enterprise for Windows allows unsafe deserialization of untrusted data from separate disk partitions due to improper path...

This vulnerability allows a privileged user with local access to Intel NUC 8 Compute Element devices to potentially escalate privileges through improp...

This vulnerability in Intel NUC BIOS firmware allows a privileged user with local access to potentially escalate privileges through improper input val...

This vulnerability allows a privileged user with local access to potentially escalate privileges on affected Intel NUC systems due to improper input v...

This vulnerability in Intel NUC BIOS firmware allows a privileged user with local access to potentially escalate privileges through improper input val...

This vulnerability in NVIDIA DGX A100 SBIOS allows attackers to trigger SMI callouts that could execute arbitrary code at the System Management Mode (...

A denial-of-service vulnerability in go-git versions before v5.11 allows attackers to crash go-git clients by sending specially crafted responses from...

This CVE describes a denial of service vulnerability in the .NET Framework where improper input validation allows attackers to crash applications. It ...

This vulnerability in Froxlor server administration software allows attackers to bypass mandatory field validation during user registration by submitt...

This vulnerability in MediaTek modem EMM (Evolved Packet System Mobility Management) allows remote attackers to cause a system crash via improper inpu...