CWE-20: Improper Input Validation

CVE-2025-2376 is a critical deserialization vulnerability in viames Pair Framework's PHP Object Handler component. Attackers can remotely exploit the ...

This critical vulnerability in Aridius XYZ for OpenCart allows remote attackers to execute arbitrary code through deserialization attacks in the News ...

A critical deserialization vulnerability in AquilaCMS allows remote attackers to execute arbitrary code by manipulating the PostBody.populate paramete...

This CVE describes a remote code execution vulnerability in Rockwell Automation products where users can save projects to a public directory, allowing...

This PowerShell Elevation of Privilege Vulnerability allows authenticated attackers to execute arbitrary code with SYSTEM privileges on affected Windo...

CVE-2024-38355 is a denial-of-service vulnerability in Socket.IO where specially crafted packets can trigger uncaught exceptions, causing the Node.js ...

This vulnerability in GLPI Agent on Windows allows local users to cause denial of service by modifying the GLPI server URL or disabling the service. I...

This vulnerability allows local third-party apps on affected Nokia Android devices to execute arbitrary AT commands with radio user privileges via AT ...

This vulnerability allows attackers to cause a denial-of-service (DoS) condition by sending specially crafted ASN.1 OER messages containing unknown ex...

A local attacker can execute arbitrary code by providing a crafted configuration file to the sanei_configure_attach() function in Sane 1.2.1. This vul...

CVE-2024-27613 is an input validation vulnerability in Numbas editor versions before 7.3 that allows improper handling of themes and extensions. This ...

This vulnerability in follow-redirects package allows attackers to manipulate URL parsing errors to redirect traffic to malicious sites. It affects ap...

This vulnerability in Intel QuickAssist Technology (QAT) firmware allows attackers with adjacent network access to potentially escalate privileges or ...

This vulnerability in NVIDIA DGX H100 BMC's IPMI interface allows attackers to execute arbitrary code, cause denial of service, escalate privileges, o...

CVE-2023-36762 is a remote code execution vulnerability in Microsoft Word that allows attackers to execute arbitrary code on a victim's system by tric...

CVE-2023-34239 is a vulnerability in the Gradio Python library that allows attackers to access arbitrary files on the server and proxy requests to una...

CVE-2023-32695 is a denial-of-service vulnerability in socket.io-parser where a specially crafted Socket.IO packet triggers an uncaught exception, cra...

This CVE describes a command injection vulnerability in Snowflake JDBC drivers that allows remote code execution. An attacker can trick users into con...

This path traversal vulnerability in Siemens TIA Portal allows attackers to create or overwrite arbitrary files when users open malicious PC system co...

This vulnerability allows authenticated Splunk users to bypass SPL safeguards for risky commands by crafting a saved search job that uses the 'pivot' ...

This Android vulnerability allows a malicious app with user execution privileges to disable notifications for any user on the device through improper ...

CVE-2021-29242 is an improper input validation vulnerability in CODESYS Control Runtime systems that allows attackers to send crafted packets to manip...

This vulnerability allows authenticated low-privileged users on Cisco IOS XE SD-WAN devices to execute arbitrary commands as root through command inje...

This vulnerability allows attackers to inject malicious JavaScript code into the Secomea GateManager web interface through improper input validation. ...

CVE-2020-27337 is an improper input validation vulnerability in Treck's IPv6 stack that allows unauthenticated remote attackers to trigger an out-of-b...

A local privilege escalation vulnerability in Cisco AnyConnect Secure Mobility Client allows authenticated local attackers to execute arbitrary script...

A command injection vulnerability in n8n's community package installation functionality allows authenticated administrators to execute arbitrary syste...

An authenticated attacker with valid credentials can exploit improper input handling in the web management interface of Aruba mobility conductors runn...

This vulnerability allows remote attackers to execute arbitrary commands on affected camera systems due to improper input validation in video analytic...

This Cross-site scripting (XSS) vulnerability in Open Source Point of Sale v3.4.1 allows remote attackers to inject malicious scripts via the phone_nu...

This Cross-site scripting (XSS) vulnerability in Open Source Point of Sale v3.4.1 allows remote attackers to inject malicious scripts via the 'name' p...

A command injection vulnerability in TeamViewer DEX (formerly 1E DEX) allows authenticated attackers with Actioner privileges to execute arbitrary com...

A command injection vulnerability in TeamViewer DEX (formerly 1E DEX) allows authenticated attackers with Actioner privileges to execute arbitrary com...

A command injection vulnerability in TeamViewer DEX (formerly 1E DEX) allows authenticated attackers with Actioner privileges to execute arbitrary com...

A command injection vulnerability in TeamViewer DEX (formerly 1E DEX) allows authenticated attackers with Actioner privileges to execute arbitrary com...

This vulnerability allows authenticated administrators on NETGEAR Nighthawk R7000P routers to execute arbitrary operating system commands through comm...

This vulnerability allows authenticated users with IDE role permissions in SecOps SOAR servers to achieve remote code execution by uploading malicious...

This CVE describes a remote code execution vulnerability in Thermo Fisher Torrent Suite's Django application where attackers can execute arbitrary com...

MotionEye v0.43.1b4 and earlier contains an OS command injection vulnerability where authenticated admin users can inject malicious commands through c...

This CVE describes a CSS injection vulnerability in Misskey's URL preview functionality. Attackers can inject arbitrary CSS to create fake error messa...

This vulnerability in Siemens SCALANCE industrial wireless devices allows authenticated remote attackers to execute arbitrary shell commands by exploi...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on affected Siemens industrial routers by exploiting improper inp...

SuiteCRM versions before 7.14.6 and 8.7.1 contain a vulnerability in their malicious MLP (Module Loadable Package) prevention mechanism. Attackers can...

This UEFI firmware vulnerability in certain Intel processors allows privileged users to potentially disclose sensitive information or cause denial of ...

This vulnerability affects multiple Siemens industrial routers and allows authenticated remote attackers to execute arbitrary code by exploiting impro...

CVE-2021-22508 is an SQL injection vulnerability in OpenText Operations Bridge Reporter that allows authenticated administrators to execute arbitrary ...

This vulnerability allows a privileged user with local access to Intel Server D50DNP Family systems to escalate privileges through improper input vali...

This vulnerability in Intel BIOS Guard firmware allows a privileged user with local access to potentially escalate privileges through improper input v...

This vulnerability in mintplex-labs/anything-llm allows attackers to read and delete arbitrary files on the server by manipulating the 'logo_filename'...

This vulnerability in mintplex-labs/anything-llm allows attackers to disable Multi-User Mode via improper input validation, enabling them to create ne...