CWE-20: Improper Input Validation

This vulnerability in Intel Graphics Drivers allows authenticated local users to cause denial of service through improper input validation. It affects...

A vulnerability in Siemens BACnet ATEC 550 series devices allows attackers on the same BACnet network to send specially crafted MSTP messages that cau...

A vulnerability in Siemens MS/TP Point Pickup Module allows attackers on the same BACnet network to send specially crafted MSTP messages, causing a de...

This vulnerability allows malicious web content to cause unexpected process crashes in Apple's Safari browser and operating systems. It affects users ...

An improper input validation vulnerability in Wikimedia's GrowthExperiments MediaWiki extension allows attackers to cause HTTP denial-of-service (DoS)...

This vulnerability in IBM Maximo Application Suite allows authenticated users to perform unauthorized actions due to improper input validation. It aff...

This vulnerability in Google Chrome extensions allows attackers to escalate privileges by tricking users into visiting a malicious webpage. It affects...

This CVE affects Kubernetes clusters using the deprecated in-tree gitRepo volume feature to clone git repositories from other pods on the same node. T...

The wpForo Forum WordPress plugin has an arbitrary file read vulnerability that allows authenticated attackers with subscriber-level access or higher ...

The Uncode WordPress theme has a vulnerability that allows authenticated attackers with Subscriber-level access or higher to read arbitrary files on t...

An improper input validation vulnerability in Schneider Electric products allows attackers to cause denial-of-service by sending malicious ICMPv6 pack...

This vulnerability in Intel Graphics Drivers allows authenticated local users to cause denial of service through improper input validation. It affects...

This vulnerability allows attackers to send specific API requests to BIG-IP Next Central Manager that cause its Kubernetes service to crash, resulting...

This vulnerability in Misskey allows attackers to create fake user profiles that appear to belong to different federated instances, enabling impersona...

This vulnerability in PwnDoc allows authenticated users to crash the backend server by triggering an unhandled promise rejection during audit operatio...

An improper input validation vulnerability in Zoom Apps before version 6.2.0 allows unauthenticated attackers to cause denial of service via network a...

An improper input validation vulnerability in Intel OpenVINO Model Server allows unauthenticated attackers on adjacent networks to cause denial of ser...

This vulnerability in Intel Wireless Bluetooth drivers for Windows allows an unauthenticated attacker within Bluetooth range to potentially cause deni...

This CVE describes an Improper Input Validation vulnerability in Schneider Electric controllers that allows a Man-in-the-Middle attacker to send craft...

This vulnerability in the Windows Mobile Broadband Driver allows an attacker to cause a denial of service (system crash/BSOD) by sending specially cra...

This vulnerability in the Windows Mobile Broadband Driver allows attackers to cause a denial of service (system crash/BSOD) by sending specially craft...

An input validation vulnerability in Rockwell Automation Sequence Manager allows attackers to send malformed packets causing denial-of-service. The de...

CVE-2024-38234 is a Windows networking vulnerability that allows attackers to cause denial of service by sending specially crafted network packets to ...

Ericsson Packet Core Controller (PCC) has an input validation vulnerability in its Access and Mobility Management Function (AMF) that allows attackers...

CVE-2024-7507 is a denial-of-service vulnerability in Rockwell Automation controllers where receiving a malformed PCCC message causes the controller t...

CVE-2024-23669 is an improper authorization vulnerability in Fortinet FortiWebManager that allows attackers to execute unauthorized code or commands v...

This vulnerability in Microsoft Power BI Client JavaScript SDK allows attackers to disclose sensitive information from affected systems. It affects or...

This vulnerability in Silicon Labs Gecko SDK Bluetooth LE stack allows an attacker to send a malformed 'prepare write request' command that causes mem...

This vulnerability in TensorFlow allows an attacker with input privileges to provide malicious data to the Convolution3DTranspose function, causing a ...

CVE-2023-28330 is an insufficient input sanitization vulnerability in backup functionality that allows authenticated users with teacher, manager, or a...

A denial of service vulnerability in Microsoft Hyper-V allows an attacker with privileged access on a guest virtual machine to crash the host server b...

This vulnerability in Philips IntelliVue patient monitors allows attackers to cause denial-of-service through system restarts by sending malformed inp...

The elink Embed Content WordPress plugin up to version 1.1.0 allows authenticated attackers with Contributor-level access or higher to inject maliciou...

This vulnerability allows authenticated remote attackers to bypass authorization checks in Cisco SD-WAN vManage's web management interface, potentiall...

This CVE describes a remote deserialization vulnerability in bolo-solo's SnakeYAML component that allows attackers to execute arbitrary code by manipu...

CVE-2026-21690 is a type confusion vulnerability in iccDEV's CIccTagXmlTagData::ToXml() function that could allow memory corruption when processing ma...

This vulnerability in Milvus allows remote attackers to execute arbitrary code through deserialization attacks via the HTTP endpoint. The vulnerabilit...

CVE-2025-15375 is a remote code execution vulnerability in EyouCMS versions up to 1.7.7, caused by insecure deserialization in the arcpagelist handler...

This vulnerability allows remote attackers to execute arbitrary code through deserialization attacks in aizuda snail-job's API component. It affects m...

This vulnerability in Micro Registration Utility (µURU) allows attackers to inject malicious characters into the Dial() application by crafting speci...

CVE-2025-53939 is an improper input validation vulnerability in Kiteworks private data network that allows attackers to elevate another user's permiss...

This vulnerability allows remote attackers to execute arbitrary code through insecure deserialization in the shiyi-blog application's job handler comp...

This CVE describes a remote deserialization vulnerability in ILIAS learning management systems. Attackers can exploit the Base64 Decoding Handler's un...

This vulnerability allows remote attackers to execute arbitrary code through deserialization attacks in the ZeroMQ component of GuanxingLu vlarl. It a...

This CVE describes a remote code execution vulnerability in giantspatula SewKinect's /calculate endpoint due to unsafe deserialization via pickle.load...

This vulnerability allows remote attackers to execute arbitrary code through insecure deserialization in LazyAGI LazyLLM's lazyllm_call function. Atta...

A remote code execution vulnerability exists in geyang ml-logger's ping handler due to unsafe deserialization of user-controlled data. Attackers can e...

This vulnerability in jeecgboot JimuReport allows remote attackers to execute arbitrary code through deserialization attacks via the DB2 JDBC Handler ...

This vulnerability allows remote attackers to exploit a deserialization flaw in jeecgboot JimuReport's MySQL JDBC handler. Attackers can execute arbit...

This vulnerability in h2oai h2o-3 allows remote attackers to execute arbitrary code through deserialization attacks via the H2 JDBC Driver's connectio...