CWE-20: Improper Input Validation

This vulnerability involves undefined behavior in the CIccTagSpectralViewingConditions() function of the iccDEV library, which could lead to crashes, ...

This vulnerability involves undefined behavior in the CIccTagLut16::Read() function of the iccDEV library, which could lead to memory corruption when ...

This vulnerability involves undefined behavior in the CIccTagLutAtoB::Validate() function of the iccDEV library, which could lead to crashes, memory c...

CVE-2026-21687 is an undefined behavior vulnerability in the CIccTagCurve constructor of the iccDEV library that processes ICC color profiles. This co...

CVE-2026-21681 is an undefined behavior runtime error in iccDEV library versions before 2.3.1.2 that could lead to crashes or potentially arbitrary co...

MDaemon Mail Server 23.5.2 has an email spoofing vulnerability where attackers can use invisible Unicode thin spaces in the From: header to display a ...

This CVE describes an improper input validation vulnerability in Android that allows local denial-of-service attacks without user interaction. It coul...

A vulnerability in open5gs upf component allows remote attackers to cause denial of service by sending specially crafted PFCP SessionEstablishmentRequ...

A malicious Matrix server can craft events that cause Synapse homeservers to stop federating with other servers when received. This denial-of-service ...

This vulnerability allows attackers to bypass security features on Microsoft Surface devices, potentially gaining unauthorized access or privileges. I...

This CVE describes a privilege escalation vulnerability in Okta Privileged Access server agent (SFTD) when the sudo command bundles feature is enabled...

This vulnerability allows attackers to bypass security features in Windows Hyper-V, potentially enabling unauthorized access or privilege escalation w...

This vulnerability involves a cryptographic issue in RSA key parsing in COBR format, potentially allowing attackers to bypass cryptographic protection...

This vulnerability allows authenticated Windows users with local access to escalate privileges through improper input validation in Zoom Apps installe...

This vulnerability allows an untrusted hypervisor to inject virtual interrupts 0 and 14 at any time, triggering SIGFPE signal handlers in userspace ap...

A vulnerability in eProsima FastDDS versions 2.14.0 and earlier allows local attackers to cause denial of service and potentially leak sensitive infor...

This SMTP smuggling vulnerability in Apache James allows attackers to manipulate email line delimiters to forge SMTP envelopes, potentially bypassing ...

This vulnerability in SailPoint IdentityIQ allows authenticated users to request access to entitlements with leading or trailing whitespace in their v...

This CVE describes an input validation vulnerability in Progress MOVEit Transfer that allows authenticated users to manipulate HTTPS transaction param...

This vulnerability in Intel Unison software allows authenticated users with network access to potentially escalate privileges through improper input v...

This vulnerability in Intel(R) SUR software allows authenticated users with local access to potentially escalate privileges through improper input val...

This AMD firmware vulnerability allows attackers with local access to overwrite bootloader memory by exploiting improper address validation in SVC_LOA...

This vulnerability in Qualcomm's TrustZone memory transfer interface allows improper input validation that could lead to information disclosure. It af...

CVE-2021-3583 is a template injection vulnerability in Ansible that allows attackers to execute arbitrary commands through specially crafted facts in ...

This vulnerability in Samsung's CallBGProvider component allows local attackers to bypass access controls and read arbitrary files with elevated privi...

CVE-2021-25356 is an improper caller check vulnerability in Samsung's Managed Provisioning service that allows unprivileged applications to install ar...

This vulnerability in Adobe Acrobat Reader DC allows attackers to trigger DNS queries when users open PDF files from their local filesystem, enabling ...

This CVE describes a buffer over-read vulnerability in the ADSP parse function of Qualcomm Snapdragon chipsets. It allows attackers to read beyond all...

CVE-2020-12487 is a command injection vulnerability in Vivo ABE service that allows attackers to execute arbitrary commands with root privileges. This...

This vulnerability allows authenticated Redis users to trigger a stack buffer overflow via specially crafted Lua scripts, potentially leading to remot...

MongoDB Compass versions before 1.42.2 have insufficient sandbox protection in the ejson shell parser used for connection handling, allowing potential...

This CVE describes a local privilege escalation vulnerability in ZScaler's ZScalerService process on macOS. An attacker with local access can exploit ...

This vulnerability in HelpU remote control solution allows authenticated remote attackers to execute arbitrary commands on affected systems due to ins...

CVE-2020-15170 is an access control vulnerability in Apollo AdminService that allows unauthenticated attackers to directly access administrative APIs....

A buffer overflow vulnerability in Cisco ASA and FTD firewall OSPF protocol allows adjacent attackers to cause device reloads and denial-of-service. A...

CVE-2025-15545 is a command injection vulnerability in TP-Link RE605X v3 backup restore function that allows attackers to execute arbitrary commands w...

A command injection vulnerability in TeamViewer DEX (formerly 1E DEX) allows authenticated attackers with actioner privilege to execute arbitrary comm...

This vulnerability allows attackers with physical access to Blurams Flare Camera devices to execute arbitrary commands with root privileges by placing...

A command injection vulnerability in TeamViewer DEX (formerly 1E DEX) allows authenticated attackers with Actioner privileges to execute arbitrary com...

A command injection vulnerability in TeamViewer DEX (formerly 1E DEX) allows authenticated attackers with Actioner privileges to execute arbitrary com...

A command injection vulnerability in TeamViewer DEX (formerly 1E DEX) allows authenticated attackers with Actioner privileges to execute arbitrary com...

A command injection vulnerability in TeamViewer DEX (formerly 1E DEX) allows authenticated attackers with Actioner privileges to execute arbitrary com...

This vulnerability allows a physical attacker with USB access to execute arbitrary code in the bootloader of Samsung Exynos devices due to improper in...

This vulnerability allows a physical attacker with USB access to execute arbitrary code in the bootloader of Samsung devices with Exynos chipsets. It ...

This CVE describes an Improper Input Validation vulnerability in Adobe ColdFusion that allows high-privileged attackers to bypass security protections...

This vulnerability in the Windows Mobile Broadband Driver allows an authenticated attacker to execute arbitrary code with SYSTEM privileges by exploit...

This CVE describes a command injection vulnerability in ZTE MF258 Pro mobile hotspot devices. An authenticated attacker can exploit insufficient param...

This vulnerability in the Windows Mobile Broadband Driver allows an attacker to execute arbitrary code remotely on affected systems. Attackers could e...

This vulnerability in the Windows Mobile Broadband Driver allows attackers to execute arbitrary code remotely on affected systems. It affects Windows ...

Ericsson RAN Compute and Site Controller 6610 has an input validation vulnerability in its Control System that allows authenticated attackers with sys...