CWE-20: Improper Input Validation

This vulnerability in the tj-actions/branch-names GitHub Action allows attackers to execute arbitrary code by using specially crafted branch names. Th...

This vulnerability allows memory corruption in Qualcomm's Core system during syscall for Sectools Fuse comparison feature. Attackers could potentially...

This vulnerability in Qualcomm Snapdragon hypervisors allows improper memory region validation, potentially enabling attackers to map incorrect memory...

This vulnerability in the Alfresco Reset Password add-on allows attackers to gain administrative access by exploiting untrusted input validation flaws...

CVE-2026-25722 is a directory traversal vulnerability in Claude Code that allows attackers to bypass write protection in sensitive directories like .c...

This vulnerability in Print Shop Pro WebDesk allows remote attackers to purchase items with negative quantities, creating financial discrepancies by m...

This vulnerability allows any authenticated admin user in Titra time tracking software to execute arbitrary code on the server by manipulating timeEnt...

This vulnerability in Weblate allows remote attackers to overwrite Git configuration settings, potentially altering Git behavior and enabling further ...

This CVE describes an Improper Input Validation vulnerability in Adobe ColdFusion that allows attackers to bypass security measures and gain unauthori...

CVE-2025-61235 is an authentication bypass vulnerability in Dataphone A920 devices where specially crafted packets with arbitrary data are accepted wi...

Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in its Test Script feature that allow authenticated administrative users ...

CVE-2025-54236 is an improper input validation vulnerability in Adobe Commerce (Magento) that allows unauthenticated attackers to achieve session take...

CVE-2025-9287 is an improper input validation vulnerability in the cipher-base npm package that allows attackers to manipulate input data during crypt...

This vulnerability in MSoft MFlash allows authenticated administrators to execute arbitrary code on the server due to insufficient parameter validatio...

This vulnerability in SIMATIC RTLS Locating Manager allows authenticated remote attackers with high application privileges to execute arbitrary code w...

This CVE describes an input validation vulnerability in Apple operating systems that allows maliciously crafted files to cause unexpected app terminat...

This CVE describes an improper input validation vulnerability in Adobe ColdFusion that allows authenticated high-privileged attackers to execute arbit...

This vulnerability allows authenticated remote administrators on SiPass integrated access control systems to escalate privileges by injecting arbitrar...

This vulnerability in Vendure's asset server plugin allows attackers to perform directory traversal attacks, enabling them to read arbitrary files on ...

This vulnerability in SINEC NMS allows authenticated attackers to execute arbitrary operating system commands with elevated privileges by exploiting i...

CVE-2024-32755 is an input validation vulnerability in Johnson Controls Metasys web interface that allows attackers to submit unexpected characters, p...

This CVE describes an Improper Input Validation vulnerability in Adobe Commerce that allows authenticated users with admin privileges to execute arbit...

CVE-2024-22120 is a SQL injection vulnerability in Zabbix server's audit logging functionality. Attackers can inject malicious SQL through the unsanit...

CVE-2024-25641 is an arbitrary file write vulnerability in Cacti's Package Import feature that allows authenticated users with 'Import Templates' perm...

A command injection vulnerability in GitHub Enterprise Server allows attackers with editor role access to the Management Console to execute arbitrary ...

A command injection vulnerability in GitHub Enterprise Server allows attackers with editor role access to the Management Console to gain admin SSH acc...

A command injection vulnerability in GitHub Enterprise Server allows authenticated users with editor role in the Management Console to execute arbitra...

A command injection vulnerability in GitHub Enterprise Server allows attackers with editor role access to the Management Console to execute arbitrary ...

This vulnerability allows attackers to bypass security features in .NET, .NET Framework, and Visual Studio, potentially enabling unauthorized access o...

TestingPlatform versions before 2.1.1 have improper input validation that allows attackers to pass arbitrary nmap options and CIDR blocks. This enable...

CVE-2023-5832 is an improper input validation vulnerability in the Anything-LLM software that allows attackers to execute arbitrary code or cause deni...

This vulnerability in Hydra (Cardano's layer-2 scalability solution) allows attackers to steal funds that users are trying to commit to Hydra heads an...

CVE-2022-24093 is an improper input validation vulnerability in Adobe Commerce (formerly Magento) that allows authenticated attackers to execute arbit...

This vulnerability in wolfSSL's TLS 1.3 implementation allows an attacker to compromise TLS session encryption when a client connects to a malicious s...

This vulnerability in AMD's Secure Processor bootloader allows attackers with compromised Uapp or ABL components to force the bootloader to leak sensi...

This vulnerability in AMD Secure Processor bootloader allows attackers with malicious user applications or ABL to send malformed syscalls, potentially...

This CVE describes a PHP code injection vulnerability in Checkmk's watolib auth.php and hosttags.php components. Attackers can inject and execute arbi...

This vulnerability allows authenticated admin users on PHOENIX CONTACT RAD-ISM-900-EN devices to execute arbitrary code with root privileges via the t...

This vulnerability in Keylime allows an attacker to bypass TPM-based hardware attestation by using mismatched attestation key (AK) and endorsement key...

CVE-2021-41945 is an improper input validation vulnerability in the httpx Python library that allows attackers to manipulate URL parsing to bypass sec...

This vulnerability in ovn-kubernetes allows administrators or privileged attackers to create egress network policies that bypass existing ingress poli...

This vulnerability in GeoWebCache allows arbitrary code execution via an unchecked JNDI lookup in the disk quota mechanism. Attackers with admin-level...

This directory traversal vulnerability in SteelCentral AppInternals Dynamic Sampling Agent allows attackers to read or delete arbitrary files on the s...

CVE-2021-37116 is a design weakness vulnerability in PCManager that allows attackers to change subscriber PINs without proper authorization. This affe...

CVE-2021-36025 is an improper input validation vulnerability in Adobe Magento Commerce that allows authenticated attackers with admin privileges to up...

This vulnerability allows attackers to cause a buffer over-read while processing invalid DL ROHC packets for decompression in Qualcomm Snapdragon chip...

This vulnerability in certain Huawei smartphones allows attackers to trigger memory access errors and denial of service through improper input validat...

This vulnerability allows attackers to rename arbitrary files on affected QNAP devices due to improper pathname restrictions. It affects QNAP devices ...

This vulnerability allows remote attackers to create empty databases in Odoo Community and Enterprise versions 11.0 and earlier. Attackers can then co...

This CVE describes a memory corruption vulnerability in Apple's kernel that allows remote attackers to cause system crashes or corrupt kernel memory. ...