CWE-20: Improper Input Validation

SuiteCRM versions before 7.14.6 and 8.7.1 contain a vulnerability in their malicious MLP (Module Loadable Package) prevention mechanism. Attackers can...

This UEFI firmware vulnerability in certain Intel processors allows privileged users to potentially disclose sensitive information or cause denial of ...

This vulnerability affects multiple Siemens industrial routers and allows authenticated remote attackers to execute arbitrary code by exploiting impro...

CVE-2021-22508 is an SQL injection vulnerability in OpenText Operations Bridge Reporter that allows authenticated administrators to execute arbitrary ...

This vulnerability allows a privileged user with local access to Intel Server D50DNP Family systems to escalate privileges through improper input vali...

This vulnerability in Intel BIOS Guard firmware allows a privileged user with local access to potentially escalate privileges through improper input v...

This vulnerability in mintplex-labs/anything-llm allows attackers to read and delete arbitrary files on the server by manipulating the 'logo_filename'...

This vulnerability in mintplex-labs/anything-llm allows attackers to disable Multi-User Mode via improper input validation, enabling them to create ne...

This vulnerability allows a local low-privileged attacker on affected Dell PowerEdge and Precision Rack servers to perform arbitrary writes to SMRAM (...

CVE-2023-42661 allows authenticated users to write arbitrary files to JFrog Artifactory servers by sending specially crafted requests with insufficien...

This CVE describes a missing bounds check vulnerability in MediaTek battery components that allows local privilege escalation. Attackers with system e...

This vulnerability allows a privileged user on a system with affected Intel Ethernet hardware to potentially escalate privileges through improper inpu...

This CVE describes a command injection vulnerability in Bosch IP cameras that allows authenticated administrators to execute arbitrary operating syste...

This CVE-2023-49081 vulnerability in aiohttp allows attackers who control the HTTP version of requests to modify HTTP requests (e.g., insert headers) ...

This CVE allows users with pod and persistent volume creation permissions on Windows nodes to escalate privileges to admin level on those nodes. Only ...

This vulnerability allows authenticated attackers to execute arbitrary SQL commands via JDBC injection in Azure HDInsight's Apache Ambari component. S...

This vulnerability allows administrative users of Aruba AirWave management systems to escalate their privileges to root on the underlying operating sy...

This vulnerability in Intel's Converged Security and Management Engine firmware allows privileged users to cause denial of service through improper in...

CVE-2023-28130 is a command injection vulnerability in Check Point Gaia Portal's hostnames page that allows authenticated local users to execute arbit...

CVE-2023-2454 is a PostgreSQL vulnerability where the schema_element function can bypass protective search_path changes, allowing authenticated attack...

This vulnerability in Intel BIOS firmware allows a privileged user with local access to potentially escalate privileges through improper input validat...

This CVE describes an improper input validation vulnerability in Schneider Electric products that allows authenticated attackers to execute malicious ...

The AnyMailing Joomla Plugin has a stored cross-site scripting (XSS) vulnerability in templates and emails that allows attackers to inject malicious s...

This vulnerability allows authenticated attackers with admin or report manager roles to execute arbitrary commands on Nozomi Networks Guardian and CMC...

CVE-2021-43861 is a cross-site scripting (XSS) vulnerability in Mermaid diagramming tool that allows malicious diagrams to execute arbitrary JavaScrip...

This vulnerability allows authenticated administrative users to send specially crafted configuration packets that execute arbitrary commands with syst...

This vulnerability allows attackers to compromise the Trusted Execution Environment (TEE) on Samsung mobile devices by exploiting missing input valida...

This vulnerability in containernetworking/cni allows attackers to execute arbitrary system binaries by using path traversal sequences (like '../') in ...

This vulnerability allows authenticated remote attackers with administrator credentials to execute arbitrary commands with root privileges on affected...

This vulnerability allows authenticated remote attackers with administrator credentials to execute arbitrary commands with root privileges on affected...

This vulnerability allows authenticated remote attackers with administrator credentials to execute arbitrary commands with root privileges on affected...

This vulnerability allows authenticated remote attackers to execute arbitrary commands with root privileges on affected Cisco Small Business routers. ...

This vulnerability allows authenticated remote attackers with administrator credentials to execute arbitrary commands with root privileges on affected...

This CVE allows authenticated remote attackers with administrator credentials to execute arbitrary commands with root privileges on affected Cisco Sma...

This SQL injection vulnerability in Mitel MiCollab's SAS portal allows attackers to access user credentials by sending malicious database queries. Org...

This is a command injection vulnerability in Huawei ManageOne management software that allows authenticated attackers with high privileges to execute ...

This CVE describes an OS command injection and memory corruption vulnerability in PAN-OS management web interface that allows authenticated administra...

This vulnerability allows attackers to bypass SAML authentication in Juniper Networks Mist Cloud UI by modifying valid SAML responses without invalida...

This vulnerability in the Linux kernel's HDLC_PPP module allows memory corruption and read overflow due to improper input validation in the ppp_cp_par...

This SQL injection vulnerability in Mitel MiCloud Management Portal allows remote attackers to execute arbitrary SQL commands and potentially access u...

This vulnerability allows authenticated administrators on certain Cisco Small Business RV Series Routers to execute arbitrary commands with root privi...

OpenSift versions 1.1.2-alpha and below have a server-side request forgery (SSRF) vulnerability where URL ingest functionality can be tricked into fet...

PolarLearn's vote API route accepts arbitrary string values for the 'direction' parameter due to missing runtime validation. Attackers can send unexpe...

CVE-2026-24410 is a vulnerability in iccDEV's ICC color management profile libraries where improper input validation in CIccProfileXml::ParseBasic() l...

CVE-2026-24411 is an undefined behavior vulnerability in iccDEV's CIccTagXmlSegmentedCurve::ToXml() function that allows attackers to perform denial o...

This vulnerability in iccDEV allows attackers to exploit undefined behavior and null pointer dereferences when processing user-controlled ICC color pr...

CVE-2026-24407 is an undefined behavior vulnerability in iccDEV's icSigCalcOp() function that allows attackers to manipulate ICC color profile data. S...

An integer overflow vulnerability in iccDEV's CIccProfile::CheckHeader() function allows attackers to trigger memory corruption or denial of service b...

A null pointer dereference vulnerability in iccDEV's CIccXmlArrayType() function allows attackers to cause denial of service, manipulate data, bypass ...

This vulnerability in Apache Solr allows attackers to bypass path restrictions and read unauthorized files from the filesystem when creating new cores...