CWE-20: Improper Input Validation

This vulnerability allows authenticated attackers in Apache Superset to create MariaDB connections with local_infile enabled, potentially reading arbi...

This vulnerability allows remote attackers to execute arbitrary code on Windows systems through the Mobile Broadband Driver. Attackers could exploit t...

This vulnerability in the Windows Mobile Broadband Driver allows an attacker to execute arbitrary code remotely by sending specially crafted packets t...

This Android vulnerability in the telecommunication service allows local privilege escalation through improper input validation in call redirection ha...

This vulnerability allows users to modify their account username locally through browser developer tools by editing local storage values. It affects a...

A buffer overflow vulnerability in the kernel gyroscope module allows attackers to crash or destabilize affected systems by sending malformed data. Th...

A buffer overflow vulnerability in the kernel acceleration module allows attackers to cause denial of service by sending specially crafted data. This ...

This vulnerability allows authenticated local attackers with privilege level 15 access on Cisco IOS XE devices to elevate their privileges to root on ...

This vulnerability allows authenticated local administrators on Cisco SD-WAN vManage Software to escalate their privileges to root level. Attackers ne...

This vulnerability in Samsung Exynos 1380 and 1480 processors allows attackers to perform heap overwrite attacks by sending specially crafted data to ...

This vulnerability in Ollama v0.1.33 allows attackers to delete arbitrary files by sending a specially crafted packet to the /api/pull endpoint. It af...

This vulnerability in AMD Versal Adaptive SoC devices allows attackers to bypass memory isolation protections through the PLM firmware, potentially ac...

This vulnerability allows an authenticated administrator in the web portal to manipulate the Diagnostics module to achieve remote code execution on th...

A buffer overflow vulnerability in net-tools versions up to 2.10 allows unauthenticated local users to execute arbitrary code or crash the system by e...

This vulnerability allows memory corruption while processing frame packets in Qualcomm components, potentially enabling attackers to execute arbitrary...

SuiteCRM has an input validation vulnerability in the ParserLabel::addLabels() function that allows attackers to write arbitrary data to custom langua...

The LaunchAnywhere vulnerability in Huawei's account module allows attackers to bypass security restrictions and launch arbitrary applications. This a...

A vulnerability in Valkey-Bloom module allows a specially crafted RESTORE command to trigger an assertion failure, causing the Valkey server to shut d...

This vulnerability in n8n's HTTP Request node allows authenticated attackers to bypass credential domain validation and send requests with credentials...

CVE-2026-25723 is an input validation vulnerability in Claude Code that allows attackers to bypass file write restrictions using piped sed operations ...

This vulnerability allows an attacker to cause a denial of service by sending specially crafted truncated 802.15.4 packets to affected systems. The tr...

This vulnerability allows attackers on the same network to manipulate log files in TeamViewer DEX Client's Content Distribution Service by sending cra...

This vulnerability allows an attacker on the same network to send crafted UDP Sync commands to TeamViewer DEX Client's Content Distribution Service, e...

This vulnerability allows an authorized attacker to perform tampering attacks against Windows LDAP services over a network. Attackers can manipulate L...

A type confusion vulnerability in iccDEV's CIccProfileXml::ParseBasic() function allows attackers to potentially execute arbitrary code or cause denia...

This CVE describes a denial-of-service vulnerability in macOS where visiting a malicious website could cause application crashes. The issue was caused...

This vulnerability in LibreChat allows authenticated users to modify prompt groups in unintended ways by sending malformed JSON requests to the PATCH ...

A vulnerability in TeamViewer DEX Client's Content Distribution Service (NomadBranch.exe) allows attackers to crash the service via specially crafted ...

A vulnerability in SINEC Security Monitor allows authenticated low-privileged attackers to cause denial of service in the report generation functional...

This vulnerability allows remote authenticated users to send specially crafted XML payloads to the Netconf service in Infinera MTC-9 appliances, causi...

An improper input validation vulnerability in the BitstreamWriter::write_bits() function of Tempus Ex hello-video-codec v0.1.0 allows attackers to cau...

A vulnerability in wolfSSL's TLS 1.3 CKS extension parsing allows remote attackers to cause denial-of-service by sending crafted ClientHello messages ...

This vulnerability in OneFlow v0.9.0 allows attackers to trigger a segmentation fault through improper input validation during broadcasting and type c...

This CVE describes an information disclosure vulnerability in Qualcomm hypervisor logs that could expose sensitive system information. The vulnerabili...

DNN CMS versions before 10.1.0 allow attackers to load arbitrary themes via query parameters, potentially exposing vulnerabilities in unused themes. T...

CVE-2025-58364 is a remote denial-of-service vulnerability in OpenPrinting CUPS affecting versions 2.4.12 and earlier. It allows attackers on the loca...

Adobe Experience Manager versions 6.5.23.0 and earlier contain an improper input validation vulnerability that allows low-privileged attackers to bypa...

This vulnerability allows an authorized attacker to cause a denial of service in Windows LSASS through improper input validation. It affects Windows s...

An authorized MongoDB user can cause a denial of service by sending specially crafted $group queries with certain accumulator functions. This vulnerab...

IBM QRadar SOAR Plugin App versions 1.0.0 through 5.6.0 contain a directory traversal vulnerability that allows remote attackers to read arbitrary fil...

This vulnerability in QCMS 6.0.5 allows authenticated users to perform directory traversal attacks by manipulating the 'Name' parameter in the backend...

HAX CMS NodeJS versions 11.0.8 and below crash when authenticated attackers send API requests missing required URL parameters to listFiles and saveFil...

This vulnerability in Siemens SIMATIC CN 4100 allows attackers to store arbitrary files in the device's SFTP folder, potentially causing denial of ser...

This vulnerability in ModSecurity causes a segmentation fault when processing XML requests containing empty tags, leading to denial of service. It aff...

This vulnerability in the Bluetooth stack of MIB3 infotainment systems allows attackers to disconnect arbitrary Bluetooth channels by sending malforme...

This vulnerability allows attackers within Bluetooth range to crash Harman Becker MGU21 infotainment systems by sending malformed Bluetooth frames. No...

This vulnerability in Intel Graphics Drivers allows authenticated local users to cause denial of service through improper input validation. It affects...

A vulnerability in Siemens BACnet ATEC 550 series devices allows attackers on the same BACnet network to send specially crafted MSTP messages that cau...

A vulnerability in Siemens MS/TP Point Pickup Module allows attackers on the same BACnet network to send specially crafted MSTP messages, causing a de...

This vulnerability allows malicious web content to cause unexpected process crashes in Apple's Safari browser and operating systems. It affects users ...