CWE-20: Improper Input Validation

This vulnerability in Schneider Electric PowerLogic EGX devices allows attackers to send specially crafted HTTP packets that bypass input validation, ...

Multiple vulnerabilities in Cisco SD-WAN vManage Software allow unauthenticated remote attackers to execute arbitrary code or access sensitive informa...

CVE-2021-1505 is a critical vulnerability in Cisco SD-WAN vManage software that allows unauthenticated remote attackers to execute arbitrary code or a...

Multiple vulnerabilities in Cisco SD-WAN vManage Software allow unauthenticated remote attackers to execute arbitrary code or access sensitive informa...

This vulnerability allows unauthenticated attackers with network access to VMware View Planner Harness to upload and execute arbitrary files, leading ...

CVE-2020-28870 is a critical remote code execution vulnerability in InoERP 0.7.2 that allows unauthenticated attackers to execute arbitrary code on th...

CVE-2020-36199 is a command injection vulnerability in TinyCheck security monitoring software that allows attackers to execute arbitrary commands on a...

This vulnerability allows remote attackers to execute arbitrary code on affected HMI devices by exploiting improper input validation in the Ethernet D...

This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on Cisco Smart Software Manager Satellite systems through web...

Multiple vulnerabilities in Cisco Smart Software Manager Satellite web UI allow unauthenticated remote attackers to execute arbitrary commands on the ...

This critical vulnerability in Cisco Smart Software Manager Satellite allows unauthenticated remote attackers to execute arbitrary commands on the und...

CVE-2021-3028 is a command injection vulnerability in git-big-picture versions before 1.0.0 that allows remote code execution when processing branch n...

CVE-2020-0471 is a critical Bluetooth vulnerability in Android that allows a nearby attacker to inject packets into encrypted Bluetooth connections wi...

CVE-2016-9021 is an improper input validation vulnerability in Exponent CMS's storeController.php that allows attackers to execute arbitrary code. Thi...

CVE-2016-9023 is an improper input validation vulnerability in Exponent CMS's cron/find_help.php script that allows remote attackers to execute arbitr...

CVE-2016-9026 is an improper input validation vulnerability in Exponent CMS's fileController.php that allows attackers to execute arbitrary code on af...

CVE-2020-13942 is a critical remote code execution vulnerability in Apache Unomi that allows attackers to inject malicious OGNL or MVEL scripts throug...

This CVE describes a buffer over-read vulnerability in Bluetooth peripheral firmware across multiple Qualcomm Snapdragon platforms. Attackers can expl...

CVE-2018-19949 is a critical command injection vulnerability in QNAP QTS operating system that allows remote attackers to execute arbitrary commands o...

CVE-2019-17006 is a buffer overflow vulnerability in Network Security Services (NSS) cryptographic library due to missing length checks. This allows a...

This vulnerability allows unauthenticated remote code execution on Lenovo Cloud Networking Operating System (CNOS) devices when the optional REST API ...

CVE-2020-11805 is an incorrect UDP access control vulnerability in Pexip Reverse Proxy and TURN Server that allows unauthorized users to relay traffic...

CVE-2020-25787 is a critical vulnerability in Tiny Tiny RSS (tt-rss) that allows remote code execution due to improper URL validation. Attackers can e...

CVE-2020-0333 is an improper input validation vulnerability in Android's UrlQuerySanitizer component that allows remote code execution without user in...

This vulnerability in xmlquery library versions before 1.3.1 allows attackers to cause denial of service (SIGSEGV crash) by feeding non-XML content to...

CVE-2020-24074 is a critical buffer overflow vulnerability in the silk-v3-decoder program's decode function, which fails to properly validate input da...

This vulnerability in IBM Spectrum Protect Operations Center allows remote attackers to execute arbitrary code on affected systems due to improper inp...

CVE-2020-1025 is an authentication bypass vulnerability in Microsoft SharePoint Server and Skype for Business Server where improper OAuth token valida...

CVE-2025-12543 is a critical vulnerability in Undertow HTTP server core where improper Host header validation allows attackers to poison caches, perfo...

This vulnerability allows stored cross-site scripting (XSS) in 5ire's chatbot responses due to insufficient input sanitization. The XSS can escalate t...

SolarWinds Access Rights Manager (ARM) has a critical remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary c...

This vulnerability in Google Chrome allows an attacker who convinces a user to install a malicious application to potentially escape Chrome's sandbox ...

This vulnerability allows authenticated attackers with read-only administrator credentials to escalate privileges to read-write administrator access o...

This vulnerability allows authenticated remote attackers with read-only credentials to elevate privileges to administrator level on Cisco Expressway a...

This critical vulnerability in Genian NAC allows remote attackers to execute arbitrary code with SYSTEM privileges on all connected nodes through serv...

This vulnerability in Keycloak allows attackers to execute cross-site scripting (XSS) attacks that can lead to complete account takeover. The flaw exi...

CVE-2020-24374 is a DNS rebinding vulnerability in Freebox v5 routers that allows attackers to bypass same-origin policy restrictions and perform unau...

CVE-2020-24377 is a DNS rebinding vulnerability in Freebox Server web interfaces that allows attackers to bypass same-origin policy restrictions and i...

CVE-2022-24711 is an improper input validation vulnerability in CodeIgniter4 that allows attackers to execute CLI (Command Line Interface) routes via ...

This cross-site scripting vulnerability in Movary allows attackers to inject malicious scripts via the 'categoryUpdated' parameter. Users running Mova...

This cross-site scripting (XSS) vulnerability in Movary allows attackers to inject malicious scripts via the 'categoryDeleted' parameter. Users of Mov...

CVE-2026-23841 is a cross-site scripting (XSS) vulnerability in Movary web application versions prior to 0.70.0. Attackers can inject malicious script...

CVE-2025-58361 is a cross-site scripting (XSS) vulnerability in Promptcraft Forge Studio where insufficient URL validation allows attackers to inject ...

CVE-2025-29814 is an improper authorization vulnerability in Microsoft Partner Center that allows authenticated attackers to elevate privileges over a...

This vulnerability in Misskey allows attackers to create fake user profiles and forged notes that appear to originate from different instances or user...

JFrog Artifactory versions below specified security releases are vulnerable to cache poisoning due to improper input validation. This vulnerability al...

CVE-2023-28578 is a memory corruption vulnerability in Qualcomm Core Services that occurs when removing a single event listener. This allows attackers...

CVE-2024-22199 is a cross-site scripting (XSS) vulnerability in the gofiber/template package that allows attackers to execute malicious scripts in use...

Tutanota (Tuta Mail) email client versions before 3.118.12 fail to properly validate URL schemes when opening links from emails. This allows attackers...

This vulnerability in the tj-actions/branch-names GitHub Action allows attackers to execute arbitrary code by using specially crafted branch names. Th...