CWE-20: Improper Input Validation

CVE-2025-53075 is a path traversal vulnerability in Samsung's rLottie animation library that allows attackers to read arbitrary files on the system. T...

CVE-2025-31477 is a critical vulnerability in Tauri's shell plugin that allows remote code execution. The open endpoint fails to properly validate all...

This CVE describes a critical input validation vulnerability in macOS that could allow attackers to execute arbitrary code or cause system crashes. It...

Infoblox NIOS has an improper input validation vulnerability that could allow attackers to execute arbitrary code or cause denial of service. This aff...

This vulnerability allows an existing PrivX user (account A) to impersonate another existing PrivX user (account B) by exploiting insufficient signatu...

CVE-2025-22137 is a critical file overwrite vulnerability in Pingvin Share that allows attackers to overwrite arbitrary files on the server via HTTP P...

An unauthenticated attacker can send specially crafted Modbus packets to Schneider Electric controllers, causing denial of service and potentially com...

CVE-2024-49368 is a critical command injection vulnerability in Nginx UI that allows attackers to execute arbitrary commands on the server. This affec...

This vulnerability in Livewire allows attackers to bypass file upload validation by uploading PHP files disguised as images. If the server stores uplo...

This vulnerability allows memory corruption when log files are redirected to arbitrary file locations with arbitrary names. It affects systems using Q...

CVE-2024-46946 is a critical remote code execution vulnerability in LangChain Experimental's LLMSymbolicMathChain component. Attackers can execute arb...

This vulnerability allows remote attackers to execute arbitrary code on Vypor Attack API System v1.0 servers by manipulating the user GET parameter. A...

This vulnerability allows remote attackers to execute arbitrary commands on servers running Pi Camera version 1.0 by sending malicious input to the 'p...

This CVE describes a command injection vulnerability in Hillstone Networks Web Application Firewall that allows attackers to execute arbitrary command...

The req package for Go before version 3.43.4 may send unintended HTTP requests when provided with malformed URLs due to a 'garbage in, garbage out' de...

This vulnerability allows unauthenticated attackers to potentially access live video streams from Ezviz Internet PT Camera CS-CV246 D15655150 by craft...

Neat VNC before version 0.8.1 fails to properly validate the security type during connection establishment, allowing attackers to bypass authenticatio...

This vulnerability allows remote code execution in streamlit-geospatial applications by exploiting unsafe eval() usage with user-controlled input. Att...

CVE-2024-41119 is a critical remote code execution vulnerability in streamlit-geospatial where user-controlled input is passed to the eval() function ...

This vulnerability in streamlit-geospatial allows remote code execution via unsafe eval() usage with user-controlled input. Attackers can execute arbi...

This vulnerability in streamlit-geospatial allows remote code execution through unsafe use of the eval() function with user-controlled input. Attacker...

A SQL injection vulnerability in Fortra FileCatalyst Workflow allows attackers to modify application data, potentially creating administrative users o...

CVE-2024-5988 is a critical remote code execution vulnerability in Rockwell Automation ThinManager ThinServer. Unauthenticated attackers can send mali...

CVE-2024-5171 is an integer overflow vulnerability in libaom's image allocation functions that can lead to heap buffer overflow when processing large ...

This vulnerability in Moodle's MFA system allows attackers to bypass multi-factor authentication by manipulating the referrer URL. It affects Moodle i...

This SQL injection vulnerability in Rockwell Automation FactoryTalk View SE Datalog function allows attackers to execute malicious SQL statements if d...

An unauthenticated SQL injection vulnerability in Delta Electronics DIAEnergie allows remote attackers to execute arbitrary SQL commands via specially...

This vulnerability allows memory corruption when redirecting log files to arbitrary locations with arbitrary filenames in Qualcomm components. It affe...

CVE-2024-25995 allows unauthenticated remote attackers to execute arbitrary code with root privileges or cause denial of service by exploiting imprope...

CVE-2024-20017 is a critical vulnerability in MediaTek Wi-Fi chipsets that allows remote code execution without authentication or user interaction. An...

Dell Networking Switches running vulnerable Enterprise SONiC versions contain an improper input validation vulnerability that allows remote unauthenti...

CVE-2024-21413 is a critical remote code execution vulnerability in Microsoft Outlook that allows attackers to execute arbitrary code by tricking user...

CVE-2023-48425 is a critical vulnerability in U-Boot bootloader that allows persistent code execution by bypassing secure boot protections. This affec...

Dell SmartFabric Storage Software versions 1.3 and lower contain an improper input validation vulnerability that allows remote unauthenticated attacke...

CVE-2023-36619 allows unauthenticated remote attackers to execute administrative scripts on Atos Unify OpenScape Session Border Controller systems. Th...

CVE-2023-22515 is a critical vulnerability in Atlassian Confluence Data Center and Server that allows unauthenticated attackers to create administrato...

This vulnerability in Apache Axis 1.x allows attackers to pass untrusted input to ServiceFactory.getService, which can trigger dangerous lookup mechan...

CVE-2023-41746 is a critical remote command execution vulnerability in Acronis Cloud Manager for Windows due to improper input validation. Attackers c...

This vulnerability allows remote attackers to execute arbitrary commands on affected Acronis Cloud Manager installations due to improper input validat...

CVE-2023-2917 is a critical path traversal vulnerability in Rockwell Automation ThinManager Thinserver that allows unauthenticated remote attackers to...

This vulnerability allows out-of-bounds read/write operations in the Wi-Fi module, potentially enabling privilege escalation attacks. Successful explo...

CVE-2023-39532 is a critical vulnerability in SES (Secure ECMAScript) that allows guest programs running in Compartments to bypass confinement and acc...

This vulnerability allows remote attackers to execute arbitrary code on Windows systems running Routing and Remote Access Service (RRAS) without authe...

This vulnerability allows remote attackers to execute arbitrary code on Windows systems running the Routing and Remote Access Service (RRAS) without a...

This vulnerability allows remote attackers to execute arbitrary code on systems running Microsoft Message Queuing (MSMQ) by sending specially crafted ...

This vulnerability allows attackers to bypass security checks and achieve remote code execution (RCE) in Apache Airflow Hive Provider by exploiting im...

CVE-2023-28324 is an improper input validation vulnerability in Ivanti Endpoint Manager that could allow attackers to escalate privileges or execute a...

CVE-2023-34152 is a critical remote code execution vulnerability in ImageMagick's OpenBlob function when compiled with --enable-pipes configuration. A...

CVE-2023-32321 is a critical vulnerability in CKAN data management systems that allows authenticated users to write arbitrary files and achieve remote...

This vulnerability in Apache Sling Commons JSON allows attackers to cause denial of service or potentially execute arbitrary code by sending specially...