CWE-20: Improper Input Validation

This vulnerability allows unauthenticated remote attackers to bypass email content filters on Cisco Email Security Appliances by sending specially cra...

This vulnerability in Laravel allows attackers to bypass mass assignment protection by manipulating table names in database queries, potentially savin...

An unauthenticated remote attacker can send a specially crafted type 8 message to Trading Technologies Messaging service on TCP port 10200, causing th...

This vulnerability in LG mobile devices allows attackers to cause a service crash through incorrect input validation. It affects LG devices running An...

This vulnerability in LG mobile devices with specific Android versions allows application crashes due to incorrect input validation at the application...

IBM Spectrum Protect 7.1 and 8.1 contains an input validation vulnerability that allows attackers to cause denial of service by sending specially craf...

HashiCorp vault-ssh-helper versions up to 0.1.6 incorrectly accept Vault-issued SSH OTPs for an entire subnet rather than a specific IP address, allow...

This vulnerability in Nim's standard library httpClient allows malicious servers to provide negative Content-Length values, which the client fails to ...

This vulnerability allows attackers to modify project configuration files in Schneider Electric's Easergy Builder software due to improper input valid...

This vulnerability allows unauthenticated remote attackers to cause denial-of-service on C-MORE HMI EA9 touch screen panels by sending specially craft...

This vulnerability in Huawei SIP modules allows remote attackers to cause denial of service by sending specially crafted SIP messages. Successful expl...

CVE-2020-15503 is an integer overflow vulnerability in LibRaw's thumbnail processing code that allows attackers to cause heap-based buffer overflows b...

This CVE-2019-11253 vulnerability in Kubernetes allows authorized users to send malicious YAML or JSON payloads to the API server, causing excessive C...

This vulnerability in EVerest EV charging software allows attackers to cause denial of service by triggering assertion failures that crash individual ...

An unauthenticated adjacent attacker can send a malformed DHCP packet to crash the Juniper DHCP daemon (jdhcpd) when dhcp-security is enabled, causing...

An unauthenticated adjacent attacker can crash the ppp_ma process on Cisco ASR 9000 routers running IOS XR with BNG and PPPoE termination, causing den...

This vulnerability in Cisco IOS XR Software allows an unauthenticated attacker on the same network segment to send specially crafted Ethernet frames t...

This vulnerability in Hitron Systems DVR HVR-16781 allows attackers to perform network attacks when default admin credentials are used. The improper i...

This vulnerability in Hitron Systems DVR devices allows attackers to perform network attacks when default admin credentials are used. It affects Hitro...

This vulnerability in Hitron Systems DVR HVR-4781 allows attackers to perform network attacks when the device uses default admin credentials. The impr...

This vulnerability involves weak configuration in Automotive systems when a Virtual Machine (VM) processes listener requests from the Trusted Executio...

CVE-2023-36873 is a spoofing vulnerability in the .NET Framework that allows attackers to manipulate data or impersonate legitimate sources. This affe...

This vulnerability allows local attackers to execute arbitrary code on OTRS systems by injecting malicious code into ACL module comments or names duri...

This vulnerability in Intel SUR software allows unauthenticated attackers to potentially escalate privileges via network access due to improper input ...

An improper input validation vulnerability in Juniper's DHCP daemon (jdhcpd) allows adjacent unauthenticated attackers to crash the service by sending...

OctoRPKI has a path traversal vulnerability where malicious repositories can write files outside the designated cache directory using '..' sequences i...

This vulnerability allows an unauthenticated attacker on the same network segment to send specially crafted UDLD packets to Cisco networking devices, ...

This vulnerability allows an attacker to cause a denial of service (DoS) by sending a specially crafted DHCP packet to Juniper Junos OS devices runnin...

This vulnerability in mbsync allows a malicious or compromised IMAP server to use specially crafted mailbox names containing '..' path components to a...

A vulnerability in Cisco Firepower Threat Defense (FTD) Software allows an unauthenticated adjacent attacker to cause denial of service by sending mal...

This vulnerability allows an unauthenticated attacker on the same network segment to send specially crafted CAPWAP packets to Cisco Catalyst 9800 Seri...

This vulnerability allows an unauthenticated attacker on the same network segment to send specially crafted CAPWAP packets to Cisco Catalyst 9800 Seri...

This vulnerability in Cisco IOS XE Software allows an unauthenticated attacker on the same network segment to cause a denial of service by sending spe...

This vulnerability allows an unauthenticated attacker on the same network segment to send specially crafted PROFINET packets to Cisco IOS/IOS XE devic...

This vulnerability allows an unauthenticated attacker on the same network to send a crafted 802.1x packet during wireless client authentication, causi...

This CVE describes a remote code execution vulnerability in yuan1994 tpadmin's WebUploader component through insecure deserialization in preview.php. ...

OnboardLite versions before commit 1d32081a66f21bcf41df1ecb672490b13f6e429f contain a stored cross-site scripting (XSS) vulnerability that allows atta...

This vulnerability allows a malicious companion application to retain elevated privileges after being disassociated from a device, enabling local priv...

This vulnerability in pmTicket Project-Management-Software allows remote attackers to execute arbitrary code through deserialization of manipulated us...

CVE-2025-10164 is a remote code execution vulnerability in lmsys sglang 0.4.6 caused by unsafe deserialization in the update_weights_from_tensor funct...

This vulnerability in Android's NotificationChannel component allows local privilege escalation through improper input validation. Attackers can explo...

This critical vulnerability in Aidigu software allows remote attackers to execute arbitrary code through PHP object deserialization in the checkUserCo...

This vulnerability in ESAPI esapi-java-legacy allows SQL injection attacks through the Encoder.encodeForSQL interface due to improper neutralization o...

This critical vulnerability in slackero phpwcms allows remote attackers to execute arbitrary code through deserialization attacks via manipulated imag...

This Spring Security vulnerability allows unauthorized access to /null endpoints when EndpointRequest.to() references disabled or unexposed actuator e...

This CVE describes an insufficient validation vulnerability in PHP's header handling that could allow attackers to manipulate HTTP headers. When user-...

This vulnerability in the Active Products Tables for WooCommerce WordPress plugin allows unauthenticated attackers to call arbitrary WordPress filters...

CVE-2025-2376 is a critical deserialization vulnerability in viames Pair Framework's PHP Object Handler component. Attackers can remotely exploit the ...

This critical vulnerability in Aridius XYZ for OpenCart allows remote attackers to execute arbitrary code through deserialization attacks in the News ...

A critical deserialization vulnerability in AquilaCMS allows remote attackers to execute arbitrary code by manipulating the PostBody.populate paramete...