CWE-20: Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely.
Yearly Trend
Top Affected Vendors
All Improper Input Validation CVEs (1,716)
This vulnerability in Apache Tomcat Native and Apache Tomcat allows attackers to bypass certificate revocation checks when using OCSP responders. Impr...
Feb 17, 2026This vulnerability allows attackers to bypass client certificate authentication in Apache Tomcat when multiple virtual hosts are configured with diffe...
Feb 17, 2026This vulnerability in MediaWiki's API query revisions base component could allow attackers to access or manipulate revision data improperly. It affect...
Feb 3, 2026This vulnerability in MediaWiki's XML API formatting component could allow attackers to execute unauthorized actions or access sensitive data. It affe...
Feb 3, 2026This vulnerability in Wikimedia Foundation DiscussionTools allows attackers to execute unauthorized actions or access restricted functionality. It aff...
Feb 3, 2026This CVE describes a sandbox escape vulnerability in pwn.college DOJO education platform where challenge authors could inject arbitrary JavaScript tha...
Jan 29, 2026Sync Breeze Enterprise Server and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service vulnerability in their configuration restore funct...
Jan 28, 2026A vulnerability in ManageIQ's API allows attackers to create malformed TimeProfile objects that cause subsequent UI and API requests to timeout, resul...
Jan 21, 2026This vulnerability allows remote unauthenticated attackers to forge membership events on vulnerable Matrix homeservers, enabling them to forcibly remo...
Dec 23, 2025CVE-2025-2296 is an improper input validation vulnerability in EDK2 BIOS/UEFI firmware that allows local attackers to manipulate control flow. This co...
Dec 9, 2025A Looker vulnerability allows users with Developer roles to execute malicious commands by manipulating LookML when creating IBM DB2 database connectio...
Nov 24, 2025A Looker user with Developer role can exploit a Denodo driver vulnerability by manipulating LookML to execute malicious commands. This affects both Lo...
Nov 24, 2025An improper input validation vulnerability in TP-Link TL-WR940N V6 routers' UPnP modules allows unauthenticated attackers on the same network to perfo...
Nov 20, 2025This SQL injection vulnerability in BEIMS Contractor Web allows unauthenticated attackers to execute arbitrary SQL commands through the contractor.asp...
Nov 17, 2025CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client that allows attackers on adjacent networks to crash client systems...
Nov 4, 2025This CVE describes an arbitrary code execution vulnerability in QOS.CH logback-core versions up to 1.5.18. Attackers can exploit conditional configura...
Oct 1, 2025About Improper Input Validation (CWE-20)
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely.
Our database tracks 1,716 CVEs classified as CWE-20, with 348 rated critical and 1,043 rated high severity. The average CVSS score for Improper Input Validation vulnerabilities is 7.8.
External reference: View CWE-20 on MITRE CWE →
Monitor Improper Input Validation Vulnerabilities
Get alerted when new Improper Input Validation CVEs affect your infrastructure.
Start Monitoring Free