CWE-20: Improper Input Validation

This CVE describes a buffer overflow vulnerability in the kernel drop detection module caused by insufficient input validation. Successful exploitatio...

An authenticated attacker with sufficient privileges can create a malformed ACL selector in Redis that triggers a server panic when accessed, causing ...

An improper input validation vulnerability in certain ASUS router models allows attackers to send specially crafted input that crashes the device. Thi...

This vulnerability affects Intel FPGA products with firmware versions before 2.9.1. Improper input validation could allow attackers to cause denial of...

FreeRDP clients have an out-of-bounds read vulnerability in the RDPGFX channel that allows malicious RDP servers to read uninitialized heap memory. Th...

This vulnerability in TeamViewer DEX Client's Content Distribution Service allows attackers to redirect the service to send data to arbitrary internal...

This vulnerability affects multiple Siemens RUGGEDCOM industrial networking devices running firmware versions below V5.10.1. An authenticated remote a...

A low-privileged user without admin or power roles can craft a malicious payload in the label column field when adding a new device in the Splunk Secu...

Open Forms versions before 3.2.7 and 3.3.3 contain an input validation vulnerability where form fields marked as readonly or disabled on the client si...

This CSRF vulnerability in the Advanced Database Cleaner WordPress plugin allows unauthenticated attackers to trick administrators into changing plugi...

A reflected cross-site scripting (XSS) vulnerability in TS3 Manager versions 2.2.1 and earlier allows attackers to inject malicious scripts via server...

OpenAM contains a vulnerability where tampered SAML requests can cause the Identity Provider (IdP) to malfunction. This affects OpenAM Consortium Edit...

HCL BigFix SaaS Authentication Service contains a Cross-Site Scripting vulnerability in its image upload functionality. Attackers can upload malicious...

Frappe Learning versions 2.33.0 and below have an SVG upload vulnerability that allows attackers to upload malicious SVG files containing embedded Jav...

This vulnerability allows attackers to spoof the URL bar (Omnibox) content in Google Chrome by tricking users into visiting malicious websites. It aff...

This vulnerability in iTop 3.2.0 allows attackers to send specially crafted URLs that trigger PHP errors, causing the dashboard to crash for subsequen...

This vulnerability in Youkefu up to version 4.2.0 allows remote attackers to execute arbitrary code through insecure deserialization in the TemplateCo...

Dell ECS versions 3.8.1.4 and earlier contain an improper input validation vulnerability that allows low-privileged remote attackers to execute arbitr...

BlueCMS 1.6 contains an arbitrary file deletion vulnerability that allows attackers to delete files on the server via a crafted request to /publish.ph...

The Brizy Page Builder WordPress plugin has a CSRF vulnerability that allows attackers to trick administrators into submitting malicious forms. This a...

This vulnerability in Google Chrome's Safe Browsing feature allows attackers to bypass discretionary access controls by tricking users into performing...

This vulnerability in Intel PROSet/Wireless WiFi software allows unauthenticated attackers on the same network to potentially cause denial of service ...

An improper input validation vulnerability in Devolutions Server's Security Dashboard ignored-tasks API allows authenticated users to send crafted req...

Monitorr versions up to 1.7.6m contain an improper input validation vulnerability in the installer component. Attackers can remotely manipulate the 'd...

This vulnerability allows a privileged user with local access to potentially enable information disclosure through improper input validation in the UE...

An information disclosure vulnerability in GoldenDB database allows attackers to extract sensitive system information through error messages. Organiza...

Delta Electronics DVP15MC11T programmable logic controllers lack proper validation of Modbus/TCP packets, allowing specially crafted packets to cause ...

This vulnerability in Intel QuickAssist Technology software allows authenticated local users to escalate privileges through improper input validation....

This vulnerability in the qs library allows attackers to bypass array size limits when comma-separated parsing is enabled, creating arbitrarily large ...

This vulnerability allows attackers to bypass reverse proxy path filtering by using RFC-compliant matrix parameters in URLs. Keycloak deployments behi...

The AWS SDK for .NET vulnerability allows attackers with environment access to redirect AWS API calls to non-AWS hosts by setting invalid region value...

This vulnerability allows attackers to bypass array size limits in the qs parsing library, enabling denial-of-service attacks via memory exhaustion. A...

This vulnerability in NutzBoot's LiteRpc-Serializer component allows remote attackers to execute arbitrary code through deserialization attacks. It af...

This vulnerability in Vercel's AI SDK allows users to bypass filetype whitelists when uploading files, potentially enabling malicious file uploads. It...

This vulnerability involves memory corruption issues in Apple's operating systems that could allow a malicious HID (Human Interface Device) to cause u...

An improper input validation vulnerability in Intel oneAPI Math Kernel Library versions before 2025.2 allows local authenticated users to cause denial...

An improper input validation vulnerability in certain Intel Graphics Drivers and Intel LTS kernels allows unprivileged local users to cause denial of ...

This vulnerability in Dromara Sa-Token allows remote attackers to execute arbitrary code through insecure deserialization in the SaJdkSerializer compo...

An unprivileged process can terminate root processes on iOS and iPadOS devices due to improper input validation, causing denial-of-service. This affec...

CediPay versions before 1.2.3 contain an input validation bypass vulnerability in the transaction API. Attackers can exploit this to submit malformed ...

This vulnerability in Apache Tomcat Native and Apache Tomcat allows attackers to bypass certificate revocation checks when using OCSP responders. Impr...

This vulnerability allows attackers to bypass client certificate authentication in Apache Tomcat when multiple virtual hosts are configured with diffe...

This vulnerability in MediaWiki's API query revisions base component could allow attackers to access or manipulate revision data improperly. It affect...

This vulnerability in MediaWiki's XML API formatting component could allow attackers to execute unauthorized actions or access sensitive data. It affe...

This vulnerability in Wikimedia Foundation DiscussionTools allows attackers to execute unauthorized actions or access restricted functionality. It aff...

This CVE describes a sandbox escape vulnerability in pwn.college DOJO education platform where challenge authors could inject arbitrary JavaScript tha...

Sync Breeze Enterprise Server and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service vulnerability in their configuration restore funct...

A vulnerability in ManageIQ's API allows attackers to create malformed TimeProfile objects that cause subsequent UI and API requests to timeout, resul...

This vulnerability allows remote unauthenticated attackers to forge membership events on vulnerable Matrix homeservers, enabling them to forcibly remo...

CVE-2025-2296 is an improper input validation vulnerability in EDK2 BIOS/UEFI firmware that allows local attackers to manipulate control flow. This co...