CWE-20: Improper Input Validation

This vulnerability allows unauthenticated remote attackers to bypass the antivirus scanner on Cisco Secure Web Appliance by sending crafted HTTP range...

Umbraco.Forms has a vulnerability where character limits for form fields are only enforced client-side, not server-side. This allows attackers to bypa...

Dell BIOS contains an improper input validation vulnerability in an externally developed component that allows a high-privileged attacker with local a...

This vulnerability in UEFI firmware for certain Intel Server Board S2600BP products allows a privileged user with local access to trigger denial of se...

This vulnerability allows a privileged attacker on a Hyper-V guest virtual machine to crash the host server by sending specially crafted network packe...

A denial-of-service vulnerability in Microsoft Hyper-V Network Switch allows a privileged attacker on a guest virtual machine to crash the host server...

This vulnerability in NVIDIA DGX Spark GB10's OSROOT firmware allows attackers to trigger invalid memory reads, potentially causing denial of service....

This vulnerability allows an unauthenticated attacker on the same network to cause denial of service by sending specially crafted packets to affected ...

An improper input validation vulnerability in Intel PROSet/Wireless WiFi Software for Windows allows an authenticated attacker with local access and s...

A deserialization vulnerability in ChurchCRM's setup.php file allows remote attackers to potentially execute arbitrary code by manipulating DB_PASSWOR...

This vulnerability in BoyunCMS allows remote attackers to execute arbitrary code through deserialization of untrusted data in the installation handler...

The Cato Networks Windows SDP Client allows low-privileged users to install local root certificates, potentially enabling man-in-the-middle attacks or...

This CVE describes an unauthenticated file upload vulnerability in OpenText iManager 3.2.6.0200. Attackers can upload arbitrary files without authenti...

This vulnerability allows remote attackers to execute arbitrary code through insecure deserialization in funadmin's AuthCloudService.php. Attackers ca...

This CVE describes an environment variable handling vulnerability in Apple operating systems that could allow malicious apps to access sensitive user ...

This vulnerability in Microsoft Office Excel allows an attacker to exploit improper input validation to access sensitive information from the local sy...

A vulnerability in CPUID CPU-Z's kernel driver allows attackers to read sensitive kernel memory through unvalidated IOCTL requests. This affects all u...

CVE-2026-21501 is a stack overflow vulnerability in iccDEV's calculator parser that could allow attackers to execute arbitrary code or cause denial of...

CVE-2026-21502 is a NULL pointer dereference vulnerability in iccDEV's XML tag parser that can cause application crashes or denial of service. This af...

CVE-2026-21505 is an undefined behavior vulnerability in iccDEV color management libraries caused by an invalid enum value. This could potentially lea...

This CVE describes a null pointer dereference vulnerability in iccDEV's CIccProfileXml::ParseBasic() function that can cause denial of service. Attack...

A division by zero vulnerability exists in iccDEV's TIFF Image Reader component, which could cause application crashes or denial of service when proce...

CVE-2026-21496 is a NULL pointer dereference vulnerability in iccDEV's signature parser that can cause denial of service. This affects applications us...

A NULL pointer dereference vulnerability in iccDEV's unknown tag parser allows attackers to cause denial of service by crashing applications using the...

A NULL pointer dereference vulnerability exists in iccDEV's XML calculator parser before version 2.3.1.2. This vulnerability could cause application c...

CVE-2026-21499 is a NULL pointer dereference vulnerability in iccDEV's XML parser that can cause application crashes or denial of service. This affect...

CVE-2026-21500 is a stack overflow vulnerability in iccDEV's XML calculator macro expansion that could allow attackers to execute arbitrary code or ca...

This CVE describes an input validation vulnerability in macOS that allows an app to cause denial-of-service conditions. The issue affects macOS Tahoe,...

This vulnerability in Android's graphics subsystem allows local information disclosure without requiring user interaction or elevated privileges. It a...

This CVE describes an improper input validation vulnerability in Android that allows local attackers to cause permanent denial of service and potentia...

A stored cross-site scripting (XSS) vulnerability in Directus allows authenticated users with file upload and edit permissions to inject malicious Jav...

This CVE describes a Gatekeeper bypass vulnerability in macOS that allows malicious applications to circumvent security checks. The vulnerability affe...

This vulnerability in Xcode allows an attacker to cause a denial-of-service by providing an overly large path value, which crashes the process. It aff...

This CVE describes an input validation vulnerability in macOS that could allow malicious applications to access sensitive user data. The vulnerability...

This CVE describes an improper input validation vulnerability in Android's AppOpsService that allows local attackers to add excessive app operations, ...

This vulnerability in Android's AppOpsService allows local attackers to cause permanent denial of service through improper input validation in the col...

This vulnerability in Intel Tiber Edge Platform's Edge Orchestrator allows authenticated users to potentially escalate privileges through adjacent net...

A critical deserialization vulnerability in Xorbits Inference allows attackers to execute arbitrary code by manipulating the load function in the cosy...

Adobe InDesign has an improper input validation vulnerability that allows attackers to cause denial-of-service by crashing the application. Users must...

This vulnerability in Windows Virtual Trusted Platform Module allows attackers to cause a denial of service by sending specially crafted requests. It ...

This vulnerability allows attackers to bypass access permission checks in the camera driver module, potentially causing denial of service. It affects ...

This CVE describes an access permission verification vulnerability in Huawei's WMS module that could allow unauthorized access to sensitive informatio...

A local attacker with CLI access can crash the 802.1X authentication daemon on vulnerable Juniper Junos OS devices by running a specific operational c...

A local privilege escalation vulnerability in Juniper Junos OS Evolved allows low-privileged users to crash the Packet Forwarding Engine by running a ...

This CVE describes an environment variable validation vulnerability in Apple operating systems that could allow malicious applications to access sensi...

CVE-2026-26952 is a stored HTML injection vulnerability in Pi-hole Admin Interface versions 6.4 and below. Authenticated administrators can inject mal...

Group-Office versions 6.8.148 and below, and 25.0.1 through 25.0.79 have a stored XSS vulnerability where unsanitized filenames are stored in the data...

This vulnerability allows remote attackers to bypass Chrome's dangerous file type protections on Windows systems. Attackers can trick users into downl...

A type confusion vulnerability in iccDEV's CIccTag::IsTypeCompressed() function allows attackers to potentially execute arbitrary code or cause denial...

This CVE describes an XML validation vulnerability in unspecified products that could allow cross-site scripting (XSS) attacks. Attackers could inject...