CWE-20: Improper Input Validation

This vulnerability in Apache bRPC allows attackers to execute arbitrary code by manipulating the ServerOptions pid_file parameter. Attackers who can i...

This vulnerability allows attackers to bypass file upload validation in Django by submitting multiple files in a single form field. Only the last file...

A vulnerability in ONOS 2.5.1 allows network operators to create intents with large port numbers that cause system inconsistencies. When exploited, th...

CVE-2022-33211 is a critical memory corruption vulnerability in Qualcomm modem firmware caused by improper size calculation when serializing CoAP mess...

This vulnerability allows remote attackers to execute arbitrary code on systems running Microsoft Message Queuing (MSMQ) by sending specially crafted ...

This CVE describes an input validation vulnerability in Lexmark device embedded web servers that allows remote code execution. Attackers can exploit t...

This CVE describes an input validation vulnerability in certain Lexmark devices that could allow remote attackers to execute arbitrary code or cause d...

CVE-2023-1789 is an improper input validation vulnerability in Firefly III personal finance software that allows attackers to execute arbitrary code o...

This vulnerability allows unauthenticated attackers to execute arbitrary PHP code on Joomla websites using the AnyMailing plugin. Attackers can upload...

CVE-2023-23397 is a critical elevation of privilege vulnerability in Microsoft Outlook that allows attackers to steal NTLM hashes without user interac...

CVE-2021-35370 is a critical vulnerability in Peacexie Imcat v5.4 that allows attackers to execute arbitrary code due to incomplete input filtering. T...

This CVE-2023-25693 is an improper input validation vulnerability in Apache Airflow's Sqoop Provider that allows attackers to execute arbitrary code b...

This vulnerability allows attackers to include local PHP files on the server through improper input validation in Group Arge Energy and Control System...

CVE-2022-25729 is a critical memory corruption vulnerability in Qualcomm modem firmware caused by improper length checking during memory copy operatio...

CVE-2013-4144 is an object injection vulnerability in the SWFUpload plugin for WordPress that allows attackers to execute arbitrary code. This affects...

CVE-2022-33752 is a critical remote code execution vulnerability in CA Automic Automation agents due to insufficient input validation. Attackers can e...

CVE-2022-33754 is a critical remote code execution vulnerability in CA Automic Automation agents due to insufficient input validation. Attackers can e...

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to remote code execution when using JMS Source with JNDI LDAP data source URI. Attackers cont...

This vulnerability allows remote unauthenticated attackers to send specially crafted packets to Mitsubishi Electric PLCs, potentially causing denial o...

CVE-2021-33315 is a critical integer underflow vulnerability in TRENDnet TI-PG1284i switches that allows remote attackers to trigger buffer overflow o...

CVE-2022-29499 is a critical remote code execution vulnerability in Mitel MiVoice Connect's Service Appliance component due to improper input validati...

CVE-2022-28711 is a memory corruption vulnerability in the cgi.c unescape functionality of ArduPilot APWeb, allowing an attacker to send a specially-c...

CVE-2021-32974 is a critical remote code execution vulnerability in Moxa NPort IAW5000A-I/O series devices. Improper input validation in the built-in ...

This vulnerability allows attackers to bypass JSON validation in Apache APISIX by submitting requests with duplicate keys in JSON payloads. The valida...

CVE-2021-42786 allows remote attackers to execute arbitrary code on SteelCentral AppInternals Dynamic Sampling Agent (DSA) systems by sending maliciou...

CVE-2022-24720 is a critical command injection vulnerability in the image_processing Ruby gem that allows attackers to execute arbitrary shell command...

CVE-2022-24086 is a critical improper input validation vulnerability in Adobe Commerce (formerly Magento) that allows unauthenticated attackers to exe...

CVE-2022-23992 is a critical vulnerability in Broadcom XCOM Data Transport 11.6 that allows remote attackers to execute arbitrary commands with elevat...

This is the Log4Shell vulnerability (CVE-2021-44228) affecting UniFi Network software. It allows remote code execution via JNDI injection in Log4j, en...

This vulnerability in Apache Solr's DataImportHandler allows attackers to make SMB network calls from the Solr host to other systems by providing Wind...

CVE-2021-41844 is a critical vulnerability in Crocoblock JetEngine WordPress plugin where improper input validation allows attackers to inject malicio...

This CVE-2021-37084 is an improper input validation vulnerability in Huawei smartphones that allows attackers to invoke other functions of the Smart A...

This vulnerability allows remote attackers to execute arbitrary code on Moodle servers by exploiting improper input validation during backup file rest...

CVE-2011-4124 is a privilege escalation vulnerability in Calibre's Linux mount helper that allows local attackers to execute arbitrary commands with r...

CVE-2020-18683 is an input validation vulnerability in Floodlight SDN controller's StaticFlowEntryPusherResource.java that allows attackers to execute...

CVE-2020-18685 is an input validation vulnerability in Floodlight SDN controller that allows attackers to bypass security checks and potentially execu...

This vulnerability allows authenticated administrators of Zoom's on-premise web portal to execute arbitrary commands on the underlying system by sendi...

This vulnerability in the TSSServiSign component allows remote attackers to write arbitrary data to the Windows registry without proper permissions du...

This vulnerability in Expression Engine allows attackers to manipulate file paths through untrusted input, potentially leading to arbitrary file inclu...

This critical vulnerability in Dream Security's PKI Security Solution allows remote attackers to execute arbitrary commands on affected systems by sen...

CVE-2021-22444 is an input validation vulnerability in Huawei smartphones that allows attackers to inject and execute arbitrary code. This affects Hua...

CVE-2021-33527 is a critical input validation vulnerability in MB connect line mbDIALUP software that allows remote attackers to execute arbitrary cod...

This vulnerability in FreeRDP's Windows client allows remote code execution through improper input validation in clipboard file content requests. Atta...

CVE-2021-33592 is a critical remote code execution vulnerability in NAVER Toolbar that allows attackers to bypass code signing checks and execute arbi...

CVE-2021-1965 is a critical buffer overflow vulnerability in Qualcomm Snapdragon chipsets affecting multiple product lines. Attackers can exploit this...

This vulnerability allows attackers to execute arbitrary code on Tizen devices by exploiting improper input validation in the bootloader during wirele...

CVE-2021-25436 is an improper input validation vulnerability in Tizen's FOTA (Firmware Over-The-Air) service that allows arbitrary code execution via ...

This vulnerability allows remote attackers to execute arbitrary Java Server Pages (JSP) code on Eclipse BIRT servers by injecting malicious code throu...

This vulnerability in Siemens SINAMICS medium voltage products allows unauthenticated attackers to cause denial-of-service, execute limited configurat...

This vulnerability allows attackers to send specially crafted HTTP packets to PowerLogic EGX100 and EGX300 devices, potentially causing denial of serv...