CWE-20: Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely.
Yearly Trend
Top Affected Vendors
All Improper Input Validation CVEs (1,497)
CVE-2019-11857 is an input validation vulnerability in AceManager of Sierra Wireless ALEOS that allows attackers to access sensitive system informatio...
Aug 21, 2020Coolify versions before v4.0.0-beta.420.6 contain a stored XSS vulnerability where authenticated users can inject malicious JavaScript into project na...
Aug 27, 2025This vulnerability allows command injection in the mintupload package for Linux Mint through shell metacharacters in service names. An authenticated u...
May 19, 2024An improper input validation vulnerability in JFrog Artifactory allows low-privileged users to escalate privileges to administrative access. This affe...
May 1, 2024This CVE describes an Improper Input Validation vulnerability in Adobe Commerce that allows attackers to execute arbitrary code on the underlying file...
Apr 10, 2024This vulnerability is a heap overflow in the AV1 video codec library (libaom) that occurs when increasing video frame resolution during multi-threaded...
Dec 27, 2023This vulnerability allows memory corruption in Qualcomm's Diag handler when processing commands to configure event listeners. Attackers could potentia...
Nov 7, 2023This vulnerability allows remote attackers to execute arbitrary commands on MariaDB Galera cluster nodes through command injection in the wsrep_sst_me...
May 27, 2021CVE-2021-21388 is a command injection vulnerability in the systeminformation npm library that allows attackers to execute arbitrary commands on affect...
Apr 29, 2021This CVE allows attackers to inject malicious configuration into ingress-nginx via the auth-proxy-set-headers annotation, potentially leading to arbit...
Feb 6, 2026FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensit...
Feb 4, 2026FacturaScripts contains a critical SQL injection vulnerability in its REST API that allows authenticated API users to execute arbitrary SQL queries th...
Feb 4, 2026This vulnerability in ingress-nginx allows attackers to inject malicious configuration via the auth-method annotation, leading to arbitrary code execu...
Feb 3, 2026This CVE describes a configuration injection vulnerability in ingress-nginx where attackers can inject malicious nginx configuration through the `rule...
Feb 3, 2026This Cross-Site Request Forgery vulnerability in the EZCast Pro II admin interface allows attackers to trick authenticated administrators into executi...
Jan 27, 2026A heap buffer overflow vulnerability in iccDEV's CIccTagXmlSegmentedCurve::ToXml() function allows attackers to execute arbitrary code or cause denial...
Jan 24, 2026CVE-2026-24406 is a heap buffer overflow vulnerability in iccDEV's CIccTagNamedColor2::SetSize() function that allows attackers to execute arbitrary c...
Jan 24, 2026A heap buffer overflow vulnerability in iccDEV's CIccMpeCalculator::Read() function allows attackers to execute arbitrary code or cause denial of serv...
Jan 24, 2026A heap-buffer-overflow vulnerability in iccDEV's CIccCLUT::Init() function allows attackers to execute arbitrary code or cause denial of service by pr...
Jan 8, 2026A heap-buffer-overflow vulnerability in iccDEV's SIccCalcOp::Describe() function allows attackers to execute arbitrary code or cause denial of service...
Jan 7, 2026A type confusion vulnerability in iccDEV's SIccCalcOp::ArgsPushed() function allows attackers to potentially execute arbitrary code or cause denial of...
Jan 7, 2026A type confusion vulnerability in iccDEV's ToXmlCurve() function allows attackers to potentially execute arbitrary code or cause denial of service by ...
Jan 7, 2026CVE-2026-21693 is a type confusion vulnerability in iccDEV's CIccSegmentedCurveXml::ToXml() function that could allow memory corruption when processin...
Jan 7, 2026A heap-buffer-overflow vulnerability in iccDEV's CIccProfileXml::ParseBasic() function allows attackers to execute arbitrary code or cause denial of s...
Jan 7, 2026A type confusion vulnerability in iccDEV's CIccEvalCompare::EvaluateProfile() function allows attackers to execute arbitrary code or cause denial of s...
Jan 7, 2026CVE-2026-21682 is a heap buffer overflow vulnerability in iccDEV's CIccXmlArrayType::ParseText() function that allows attackers to execute arbitrary c...
Jan 7, 2026CVE-2026-21679 is a heap buffer overflow vulnerability in iccDEV's CIccLocalizedUnicode::GetText() function that could allow attackers to execute arbi...
Jan 7, 2026An improper input validation vulnerability in Eaton xComfort ECI's web interface allows attackers with network access to execute privileged commands. ...
Dec 23, 2025This vulnerability in FreshRSS allows unprivileged users to perform path traversal via the language configuration parameter, enabling them to access i...
Dec 16, 2025This vulnerability allows attackers to bypass file integrity validation in TeamViewer DEX Client's Content Distribution Service by providing a valid h...
Dec 11, 2025This vulnerability allows attackers to reset passwords for any user account in OrangeHRM, including administrative accounts, by exploiting a flaw in t...
Nov 29, 2025A memory corruption vulnerability in vLLM's Completions API endpoint allows attackers to send malicious prompt embeddings that bypass bounds checks an...
Nov 21, 2025This SQL injection vulnerability in Digi On-Prem Manager's API allows authenticated attackers to execute arbitrary SQL commands. Organizations using D...
Nov 17, 2025This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of the Visual Studio Code CoPilot Chat Ext...
Nov 11, 2025This CVE describes an improper input validation vulnerability in Intel QuickAssist Technology (QAT) that allows authenticated local users to escalate ...
Nov 11, 2025An improper input validation vulnerability in Intel CIP software allows authenticated attackers to escalate privileges via network access without user...
Nov 11, 2025This vulnerability allows attackers with direct network access to the NETGEAR DGN2200v4 router to potentially execute arbitrary code on the device due...
Nov 11, 2025This vulnerability allows remote attackers to execute arbitrary code on affected Chrome browsers through insufficient input validation in Devtools. Us...
Nov 8, 2025An authenticated user in Apache DolphinScheduler can exploit improper input validation in alert script functionality to execute arbitrary shell comman...
Sep 3, 2025Coolify versions before v4.0.0-beta.420.7 contain a command injection vulnerability in the Git Repository field during project creation. Authenticated...
Aug 27, 2025CVE-2025-8876 is an OS command injection vulnerability in N-able N-central management software caused by improper input validation. Attackers can exec...
Aug 14, 2025An improper input validation vulnerability in Intel 800 Series Ethernet kernel-mode drivers allows authenticated local users to potentially escalate p...
Aug 12, 2025SuiteCRM versions 7.14.6 and 8.8.0 contain an insecure deserialization vulnerability where user input is passed directly to PHP's unserialize() functi...
Aug 7, 2025This vulnerability in Google Chrome's ANGLE and GPU components allows insufficient input validation, enabling a remote attacker to potentially escape ...
Jul 15, 2025A path traversal vulnerability in Google Web Designer allows attackers to achieve remote code execution by tricking users into opening malicious ad te...
Jun 12, 2025Ericsson RAN Compute and Site Controller 6610 contains an improper input validation vulnerability that could allow attackers to execute arbitrary code...
May 22, 2025This vulnerability allows an authorized attacker to exploit improper input validation in Windows Kerberos to elevate privileges over a network. Attack...
Apr 8, 2025This vulnerability allows attackers to escalate privileges in Google Chrome on Android through a crafted HTML page. It affects users running Chrome on...
Apr 2, 2025This vulnerability in Frappe framework allows authenticated system users to create documents in a specific way that leads to remote code execution. It...
Mar 25, 2025This vulnerability allows attackers to inject malicious configuration into ingress-nginx via the auth-url annotation, leading to arbitrary code execut...
Mar 25, 2025About Improper Input Validation (CWE-20)
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely.
Our database tracks 1,497 CVEs classified as CWE-20, with 258 rated critical and 913 rated high severity. The average CVSS score for Improper Input Validation vulnerabilities is 7.7.
External reference: View CWE-20 on MITRE CWE →
Monitor Improper Input Validation Vulnerabilities
Get alerted when new Improper Input Validation CVEs affect your infrastructure.
Start Monitoring Free