CWE-20: Improper Input Validation

A remote deserialization vulnerability exists in jeecgboot JimuReport up to version 2.1.1, specifically in the Data Large Screen Template component's ...

This critical vulnerability in ChanCMS allows remote attackers to execute arbitrary code through deserialization of untrusted data in the getArticle f...

This vulnerability allows remote attackers to execute arbitrary code through deserialization of untrusted data in phpwcms's Feedimport module. Attacke...

CVE-2025-3590 is a critical remote deserialization vulnerability in Adianti Framework up to version 8.0. Attackers can exploit this to execute arbitra...

This critical vulnerability in Yii2 PHP framework allows remote attackers to execute arbitrary code through insecure deserialization in the phpunit mo...

A critical deserialization vulnerability in aizuda snail-job 1.4.0 allows remote attackers to execute arbitrary code by manipulating the nodeExpressio...

Apache Traffic Server has an improper input validation vulnerability that could allow attackers to cause denial of service or potentially execute arbi...

This critical vulnerability in XunRuiCMS allows remote attackers to execute arbitrary code through deserialization of the 'thumb' parameter in the Api...

This critical vulnerability in tarzan-cms allows remote attackers to execute arbitrary code through insecure deserialization in the theme upload funct...

This vulnerability allows remote attackers to execute arbitrary code through insecure deserialization in the rememberMeManager function of mysiteforme...

A critical deserialization vulnerability in horilla up to version 1.2.1 allows remote attackers to execute arbitrary code by manipulating specific fun...

BandiView 7.05 contains an incorrect access control vulnerability in the sub_0x232bd8 function that allows attackers to cause denial of service. This ...

An input validation vulnerability in OneFlow's tensor creation functions allows attackers to trigger a Denial of Service (DoS) by providing specially ...

A data verification vulnerability in the HiView module could allow attackers to disrupt system availability by sending malformed data. This affects Hu...

This CVE describes an Improper Input Validation vulnerability in Adobe ColdFusion that allows attackers to write arbitrary files to the file system wi...

This CVE describes an input validation vulnerability in Huawei's home screen module that could allow attackers to disrupt device functionality. Succes...

An improper input validation vulnerability in Windows Hyper-V allows local attackers to cause denial of service conditions. This affects systems runni...

A denial-of-service vulnerability in Huawei's installation module allows attackers to disrupt system availability by exploiting improper input validat...

Multiple cross-site scripting vulnerabilities in the Admin UI of EZCast Pro II allow attackers to inject and execute arbitrary JavaScript code in othe...

This CVE describes a permission verification bypass vulnerability in the media library module that allows unauthorized access to protected media conte...

This vulnerability in iccDEV allows attackers to trigger undefined behavior by exploiting a null pointer passed to memcpy() in CIccTagSparseMatrixArra...

A stored cross-site scripting (XSS) vulnerability in Simple Machines Forum v2.1.6 allows attackers to inject malicious scripts into the Forum Name par...

A reflected cross-site scripting vulnerability in RiteCMS v3.1.0 allows attackers to inject malicious scripts via crafted URLs. When users click malic...

A DOM-based XSS vulnerability in Onlook web application 0.2.32 allows attackers to inject malicious scripts through the text editor feature. When user...

This vulnerability in BLU-IC2 and BLU-IC4 web interfaces allows attackers to submit malicious input due to insufficient validation. It affects all ver...

This vulnerability allows attackers to inject malicious scripts into application manifests, which could lead to stored cross-site scripting (XSS) atta...

This CVE describes an improper input validation vulnerability in OpenHarmony that allows a local attacker to cause a denial of service (DoS) condition...

This vulnerability allows an unauthenticated attacker on the same network segment to potentially cause denial of service by sending specially crafted ...

This vulnerability in Intel VTune Profiler allows authenticated users with local access to potentially cause denial of service through improper input ...

An improper input validation vulnerability in Palo Alto Networks PAN-OS software allows attackers with physical file system access to elevate privileg...

This CVE describes a permission verification vulnerability in Huawei's system sharing pop-up module. Successful exploitation could allow attackers to ...

This vulnerability in Intel TDX module software allows a privileged user with local access to potentially escalate privileges due to improper input va...

The Jenkins DingTalk Plugin 2.7.3 and earlier disables SSL/TLS certificate validation for DingTalk webhook connections, allowing man-in-the-middle att...

This CVE describes a vulnerability in Kubernetes Windows worker nodes where improper input validation (CWE-20) could allow an attacker to disrupt node...

This Windows Kerberos vulnerability allows attackers to cause a denial of service by sending specially crafted requests to affected systems. It affect...

This vulnerability in Zitadel identity infrastructure software allows attackers to bypass URL validation restrictions and send requests to localhost (...

This vulnerability in Intel Media SDK allows authenticated local users to trigger a denial of service condition through improper input validation. It ...

The Quick Contact Form WordPress plugin contains an open mail relay vulnerability that allows unauthenticated attackers to send emails with arbitrary ...

This CVE describes an improper input validation vulnerability in AMI APTIOV BIOS firmware. An attacker with local access can exploit this to potential...

This vulnerability allows unauthenticated remote attackers to bypass the antivirus scanner on Cisco Secure Web Appliance by sending crafted HTTP range...

Umbraco.Forms has a vulnerability where character limits for form fields are only enforced client-side, not server-side. This allows attackers to bypa...

Dell BIOS contains an improper input validation vulnerability in an externally developed component that allows a high-privileged attacker with local a...

This vulnerability in UEFI firmware for certain Intel Server Board S2600BP products allows a privileged user with local access to trigger denial of se...

This vulnerability allows a privileged attacker on a Hyper-V guest virtual machine to crash the host server by sending specially crafted network packe...

A denial-of-service vulnerability in Microsoft Hyper-V Network Switch allows a privileged attacker on a guest virtual machine to crash the host server...

This vulnerability in NVIDIA DGX Spark GB10's OSROOT firmware allows attackers to trigger invalid memory reads, potentially causing denial of service....

This vulnerability allows an unauthenticated attacker on the same network to cause denial of service by sending specially crafted packets to affected ...

An improper input validation vulnerability in Intel PROSet/Wireless WiFi Software for Windows allows an authenticated attacker with local access and s...

A deserialization vulnerability in ChurchCRM's setup.php file allows remote attackers to potentially execute arbitrary code by manipulating DB_PASSWOR...

This vulnerability in BoyunCMS allows remote attackers to execute arbitrary code through deserialization of untrusted data in the installation handler...