CWE-20: Improper Input Validation

A stack-based buffer overflow vulnerability in SiPass integrated server applications allows unauthenticated remote attackers to crash the server by se...

IBM Db2 databases running on Linux, UNIX, or Windows are vulnerable to denial of service attacks through specially crafted queries. Attackers can cras...

IBM Db2 databases running versions 10.5, 11.1, and 11.5 on Linux, UNIX, or Windows are vulnerable to denial of service attacks. Attackers can crash th...

This vulnerability allows attackers to exploit improper input validation in Qualcomm modem firmware when processing LTE security mode commands from ce...

This vulnerability in NVIDIA DGX A100/A800 systems allows attackers to exploit improper input validation in the SBIOS by providing configuration infor...

An improper input validation vulnerability in Juniper's Routing Protocol Daemon (rpd) allows unauthenticated attackers to cause BGP session flaps and ...

This vulnerability in Samsung Galaxy Store allows attackers to bypass scheme validation in InstantPlay Deeplink functionality, enabling them to execut...

A cross-site scripting (XSS) vulnerability in Samsung Galaxy Store's InstantPlay feature allows attackers to execute JavaScript that can trigger APK i...

CVE-2022-47391 is an improper input validation vulnerability in multiple CODESYS products that allows unauthorized remote attackers to read from inval...

This CVE describes an improper input validation vulnerability in Intel NUC Compute Element firmware that allows a privileged user to escalate privileg...

This CVE describes an improper input validation vulnerability in BIOS firmware for specific Intel NUC devices. A privileged user with local access cou...

This vulnerability in Intel NUC BIOS firmware allows a privileged user with local access to potentially escalate privileges through improper input val...

This AMD processor vulnerability allows insufficient input validation on the VM_HSAVE_PA register, potentially enabling attackers to compromise SEV-SN...

CVE-2023-29335 is a security feature bypass vulnerability in Microsoft Word that allows attackers to circumvent security protections and potentially e...

IBM DB2 databases on Linux, UNIX, and Windows can crash when compiling certain anonymous blocks, causing denial of service. This affects DB2 versions ...

This vulnerability in Drupal's form API allows attackers to bypass input validation on certain contributed or custom module forms. Attackers could inj...

This vulnerability in Laminas Diactoros allows attackers to cause denial of service or application errors by injecting newline characters in HTTP head...

CVE-2023-29780 is a denial-of-service vulnerability in Third Reality Smart Blind firmware that allows remote attackers to crash devices by sending mal...

This vulnerability in Microsoft Message Queuing (MSMQ) allows attackers to cause a denial of service by sending specially crafted packets to the servi...

This CVE describes an improper input validation vulnerability in Apache Airflow Spark Provider that could allow attackers to execute arbitrary code or...

This vulnerability in Generex UPS CS141 devices allows attackers to upload malicious firmware files containing incorrect configurations, disrupting no...

This vulnerability in Huawei's facial recognition module involves improper input validation (CWE-20), allowing attackers to disrupt facial recognition...

CVE-2022-47925 is an insufficient input validation vulnerability in the Secvisogram csaf-validator-service's JSON validation endpoint. Unauthenticated...

Dell BIOS contains an improper input validation vulnerability that allows local authenticated users with administrator privileges to execute arbitrary...

CVE-2023-27601 is a denial-of-service vulnerability in OpenSIPS where sending a malformed SDP body without proper line feed termination causes the ser...

CVE-2023-27597 is a segmentation fault vulnerability in OpenSIPS SIP server that causes denial of service when processing specially crafted SIP messag...

CVE-2023-27599 is a denial-of-service vulnerability in OpenSIPS SIP server where a malformed To header in a SIP message triggers an abort() call, caus...

This CVE describes an improper input validation vulnerability in Apache Airflow's Google Provider that could allow attackers to inject malicious param...

This vulnerability in Python's urllib.parse component allows attackers to bypass URL blocklisting mechanisms by using URLs that begin with blank chara...

This BIOS firmware vulnerability in certain Intel processors allows a privileged attacker with local access to potentially escalate privileges through...

This vulnerability allows attackers to cause a denial-of-service (DoS) condition in affected wireless LAN (WLAN) hosts by sending specially crafted in...

This vulnerability allows attackers to cause a denial-of-service (DoS) condition in affected Qualcomm WLAN Host systems by sending specially crafted f...

OpenZeppelin Contracts library versions 4.0.0 through 4.7.0 have a vulnerability where ERC165Checker.supportsInterface() may revert instead of returni...

A remote attacker can exploit improper input validation in SIMATIC eaSie Core Package to cause denial of service. This affects all versions before V22...

CVE-2022-31121 is a denial-of-service vulnerability in Hyperledger Fabric where a malicious consensus client can crash an orderer node by sending malf...

BigBlueButton web conferencing systems are vulnerable to regular expression denial of service (ReDoS) attacks through malicious User-Agent headers. At...

CVE-2020-26185 is a buffer over-read vulnerability in Dell BSAFE Micro Edition Suite that could allow attackers to read sensitive information from adj...

Dell BIOS contains an improper input validation vulnerability in System Management Mode (SMM). A local authenticated attacker can exploit this via Sys...

CVE-2022-22433 allows attackers to perform server-side request forgery (SSRF) attacks against IBM Robotic Process Automation. By exploiting improper i...

This vulnerability in YottaDB allows attackers to trigger a NULL pointer dereference by exploiting insufficient parameter validation in memory copy op...

This vulnerability in YottaDB allows attackers to crash applications by triggering a divide-by-zero error through improper input validation. It affect...

This vulnerability allows remote attackers to cause a denial of service by sending specially crafted HTTP requests to the cgiserver.cgi JSON command p...

This vulnerability allows remote attackers to cause a denial of service by sending specially crafted HTTP requests to the cgiserver.cgi JSON command p...

This vulnerability allows remote attackers to cause denial of service by sending specially crafted HTTP requests to the cgiserver.cgi JSON command par...

This vulnerability allows remote attackers to cause denial of service by sending specially crafted HTTP requests to the cgiserver.cgi JSON command par...

This vulnerability affects Siemens SCALANCE W1788 industrial wireless access points. An attacker can send specially crafted multicast LLC frames to ca...

This vulnerability affects multiple Siemens SCALANCE industrial network switches. An unauthenticated remote attacker can send specially crafted HTTP r...

This CVE describes an improper input validation vulnerability in multiple ABB industrial control system products. An attacker can send specially craft...

CVE-2021-44040 is an improper input validation vulnerability in Apache Traffic Server's request line parsing that allows attackers to send invalid req...

This vulnerability in Samba's DCE/RPC implementation allows attackers to bypass signature requirements by intercepting and modifying fragmented large ...