CWE-20: Improper Input Validation

This vulnerability allows attackers to create malicious OOXML files (like Excel, Word, or PowerPoint documents) with duplicate zip entries that can ca...

This vulnerability allows local attackers to execute arbitrary code through unsafe deserialization in the thu-pacman chitu package. Attackers can expl...

The Post Grid and Gutenberg Blocks – ComboBlocks WordPress plugin has an input validation vulnerability that allows unauthenticated attackers to cre...

This vulnerability involves improper input validation in UEFI firmware for certain Intel processors, allowing a privileged user with local access to p...

This vulnerability in Misskey allows attackers to manipulate 'origin' links in notes and user profiles to point to arbitrary HTTPS URLs, even on diffe...

Synapse versions before 1.120.1 fail to properly validate invites received over federation, allowing a malicious server to send specially crafted invi...

This vulnerability allows untrusted users to inject Contao insert tags into canonical URL tags, which are then processed and rendered on the front-end...

A segmentation fault vulnerability in Samsung's Escargot JavaScript engine allows remote attackers to cause denial of service through specially crafte...

This vulnerability in O-RAN Near-RT RIC's appmgr allows attackers to register unintended RMR message types during xApp registration, potentially disru...

This Windows Kernel vulnerability allows local attackers to read sensitive kernel memory due to improper input validation. It affects Windows systems ...

TinyEnv versions 1.0.9-1.0.10 fail to properly strip inline comments from .env file values, causing environment variables to contain unintended charac...

This vulnerability in Android's BroadcastController allows malicious apps to intercept system broadcasts intended only for the Android framework due t...

Emerson ValveLink products contain an input validation vulnerability (CWE-20) that could allow attackers to send malformed data to the system. This af...

A deserialization vulnerability in JeecgBoot 3.9.1 allows remote attackers to execute arbitrary code by manipulating the importDocumentFromZip functio...

This vulnerability in Dromara Sa-Token allows remote attackers to execute arbitrary code through insecure deserialization in the SaSerializerTemplateF...

This vulnerability allows remote attackers to execute arbitrary code through insecure deserialization in tiny-rdm's pickle decoding functionality. Att...

This vulnerability in Antabot White-Jotter 0.22 allows remote attackers to execute arbitrary code through deserialization of untrusted data in the Coo...

This vulnerability in Cisco SD-WAN vManage Software allows authenticated remote attackers to bypass authorization checks and access restricted configu...

This CVE describes an input validation vulnerability in Huawei's HDC module where parameters are not properly verified. Attackers could exploit this t...

Agentgateway versions before 0.12.0 fail to sanitize input path, query, and header values when converting MCP tools/call requests to OpenAPI requests....

Adobe Experience Manager versions 6.5.23.0 and earlier contain an improper input validation vulnerability that allows high-privileged attackers to byp...

An insufficient input validation vulnerability in Absolute Secure Access warehouse component allows attackers with system administrator permissions to...

An improper input validation vulnerability in ZTE GoldenDB allows attackers to manipulate input data, potentially leading to unauthorized data modific...

This SQL injection vulnerability in Cisco SD-WAN vManage allows authenticated attackers to execute malicious SQL queries against the database. It affe...

This vulnerability allows attackers with system administrator permissions to impair the availability of certain elements of the Secure Access administ...

This CVE describes an improper input validation vulnerability in BlueSpice's CognitiveProcessDesigner extension that allows cross-site scripting (XSS)...

A directory traversal vulnerability in ingress-nginx's Admission Controller allows attackers to manipulate filenames to access files outside intended ...

Concrete CMS versions 9.0.0 through 9.3.9 contain a stored cross-site scripting (XSS) vulnerability in the 'Add Folder' functionality. A rogue adminis...

This vulnerability allows high-privilege WordPress users (like administrators) to inject malicious scripts into Text Block options in the Email Subscr...

This PHP vulnerability allows attackers to perform HTTP request smuggling when using streams with proxy configurations and the 'request_fulluri' optio...

This vulnerability in Cisco Finesse's web management interface allows an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS...

This vulnerability in PluXml's Media Management Module allows remote attackers to execute arbitrary code through deserialization of manipulated file a...

This CVE describes a stack-based buffer overflow vulnerability in Redis's redis-check-aof tool, affecting versions 7.0.0 to 8.0.1. It allows an attack...

A deserialization vulnerability in elunez eladmin's file upload function allows remote attackers to manipulate server arguments. This affects eladmin ...

This vulnerability in b1gMail allows remote attackers to perform deserialization attacks via the query/q parameter in the admin users.php file. It aff...

A remote deserialization vulnerability exists in westboy CicadasCMS 1.0's Template Management component at /system. Attackers can exploit this to exec...

This vulnerability in RuoYi up to version 4.8.0 allows remote attackers to execute arbitrary code through deserialization in the getBeanName function ...

This vulnerability in Docker's RUN --mount instruction allows attackers to bypass input validation and mount arbitrary host directories into container...

An improper input validation vulnerability in Intel PROSet/Wireless WiFi software for Linux allows unauthenticated attackers on the same network to po...

This vulnerability in Cisco Data Center Network Manager (DCNM) allows authenticated remote attackers to perform path traversal attacks via a specific ...

This vulnerability allows a network-adjacent attacker with administrative access to send specially crafted HTTP requests to the TP-Link Archer BE230 r...

This vulnerability involves improper input validation (CWE-20) that could allow attackers to submit malicious data to affected systems. The specific i...

This vulnerability in Intel CIP software allows unprivileged software combined with a privileged user to potentially disclose information via improper...

This CVE describes an improper input validation vulnerability in Intel VTune Profiler that allows authenticated local users to escalate privileges. At...

This CVE describes a buffer overflow vulnerability in the kernel drop detection module caused by insufficient input validation. Successful exploitatio...

An authenticated attacker with sufficient privileges can create a malformed ACL selector in Redis that triggers a server panic when accessed, causing ...

An improper input validation vulnerability in certain ASUS router models allows attackers to send specially crafted input that crashes the device. Thi...

This vulnerability affects Intel FPGA products with firmware versions before 2.9.1. Improper input validation could allow attackers to cause denial of...

FreeRDP clients have an out-of-bounds read vulnerability in the RDPGFX channel that allows malicious RDP servers to read uninitialized heap memory. Th...

This vulnerability in TeamViewer DEX Client's Content Distribution Service allows attackers to redirect the service to send data to arbitrary internal...