CWE-20: Improper Input Validation

This vulnerability allows attackers to inject malicious configuration into ingress-nginx via the auth-url annotation, leading to arbitrary code execut...

This vulnerability in ingress-nginx allows attackers to inject arbitrary nginx configuration via the 'mirror-target' and 'mirror-host' annotations, po...

CVE-2025-1097 is a critical vulnerability in ingress-nginx where the auth-tls-match-cn annotation can be exploited to inject malicious configuration i...

This vulnerability in AMI APTIOV BIOS allows a local attacker to exploit improper input validation, potentially leading to arbitrary memory overwrites...

This vulnerability allows memory corruption when configuring a hypervisor-based input virtual device, potentially enabling arbitrary code execution or...

This vulnerability in AMD's NPU driver allows attackers to execute arbitrary code by exploiting improper input validation. It affects systems with vul...

This vulnerability in AMD's NPU driver allows attackers to execute arbitrary code by exploiting improper input validation. It affects systems with AMD...

This vulnerability allows remote attackers to execute arbitrary code on Windows systems running Routing and Remote Access Service (RRAS) by sending sp...

This vulnerability allows remote attackers to execute arbitrary code on Windows systems running Routing and Remote Access Service (RRAS) by sending sp...

This vulnerability allows remote attackers to execute arbitrary code on Windows systems running Routing and Remote Access Service (RRAS) by sending sp...

This vulnerability in Google Chrome's updater allows remote attackers to escalate privileges by tricking users into opening malicious files. It affect...

This vulnerability allows attackers to spoof the Windows Remote Desktop Licensing Service, potentially enabling them to intercept or manipulate licens...

This CVE describes an elevation of privilege vulnerability in Microsoft SQL Server where an authenticated attacker could execute arbitrary code with e...

CVE-2024-38811 is a code execution vulnerability in VMware Fusion where attackers with standard user privileges can exploit an insecure environment va...

This vulnerability allows attackers with permission to create Ingress objects to bypass annotation validation and execute arbitrary commands, potentia...

This vulnerability in TCBServiSign Windows software allows unauthenticated remote attackers to execute arbitrary commands on affected systems. Attacke...

This vulnerability in Google Chrome DevTools allows remote attackers to execute arbitrary code by tricking users into performing specific UI gestures ...

SeaCMS 12.9 contains a remote code execution vulnerability in admin_weixin.php where unvalidated user input is directly written to weixin.php. Authent...

SeaCMS 12.9 has a remote code execution vulnerability in admin_config_mark.php that allows authenticated attackers to inject arbitrary code into inc_p...

This vulnerability allows remote code execution on systems running vulnerable versions of Microsoft Outlook. An attacker could exploit this by sending...

CVE-2024-30040 is a security feature bypass vulnerability in the Windows MSHTML platform that could allow an attacker to circumvent security protectio...

CVE-2024-2746 is an incomplete fix for CVE-2024-1929 in dnf5's D-Bus daemon that allows local unprivileged users to pass arbitrary configuration param...

Dell Repository Manager versions before 3.4.5 contain a path traversal vulnerability in the API module. A local attacker with low privileges can explo...

This vulnerability in Microsoft's Django Backend for SQL Server allows remote attackers to execute arbitrary code on affected systems. It affects appl...

CVE-2024-21625 is a remote code execution vulnerability in SideQuest desktop application where malicious deep links (sidequest://) can execute arbitra...

This vulnerability allows authenticated users in Apache DolphinScheduler to execute arbitrary JavaScript code on the server without sandbox restrictio...

Apache OpenOffice documents can contain malicious links that execute internal macros with arbitrary arguments without user approval. This allows arbit...

CVE-2023-47107 is a host header injection vulnerability in PILOS that allows attackers to manipulate password reset URLs to point to malicious servers...

This vulnerability in Apache UIMA Java SDK allows arbitrary code execution through deserialization of untrusted data. Attackers can exploit it by send...

This vulnerability allows users with pod creation permissions on Windows nodes running kubernetes-csi-proxy to escalate privileges to admin/root level...

This vulnerability allows authenticated users who can create pods on Windows nodes in Kubernetes clusters to escalate privileges to administrator leve...

This vulnerability allows attackers to bypass path sanitization in ingress-nginx by using the log_format directive, potentially enabling path traversa...

CVE-2023-39357 is a SQL injection vulnerability in Cacti's sql_save function that allows authenticated users to execute arbitrary SQL commands. This c...

This vulnerability in Tenda AC23 routers allows authenticated attackers to execute arbitrary code via stack overflow in IPv6 and WAN parameter functio...

CVE-2023-40801 is a stack overflow vulnerability in Tenda AC23 routers caused by improper input validation in the sub_451784 function. Attackers can e...

This vulnerability in Google Chrome allows attackers to bypass file access restrictions through malicious XML input in crafted HTML pages. It affects ...

The Directorist WordPress plugin up to version 7.5.4 contains an authentication bypass vulnerability that allows authenticated attackers with subscrib...

This vulnerability in AMD's ABL (AGESA Boot Loader) allows a privileged attacker to corrupt ASP (AMD Secure Processor) memory through insufficient inp...

This vulnerability allows a privileged attacker to bypass syscall input validation in AMD's ASP Bootloader, enabling arbitrary DMA copies that can lea...

Lenovo Smart Clock Essential with Alexa Built In devices have a default password vulnerability that allows attackers on the same local network to gain...

CVE-2022-47192 allows remote attackers to upload a modified backup file containing a manipulated 'users.json' to Generex UPS CS141 web servers. This e...

This vulnerability allows remote attackers on the same network to execute arbitrary code on Comfast CF-WR6110N routers via HTTP POST requests due to i...

This vulnerability allows remote attackers to execute arbitrary shell commands on Bosch Ethernet switch PRA-ES8P2S devices through command injection i...

CVE-2022-1727 is an improper input validation vulnerability in draw.io diagramming software that allows attackers to execute arbitrary code by trickin...

This vulnerability allows remote attackers to execute arbitrary code on InHand Networks InRouter302 devices by exploiting improper input validation in...

This path traversal vulnerability in Splunk Enterprise allows attackers to inject arbitrary content into web pages or bypass SPL command safeguards. I...

This vulnerability allows authenticated attackers with OpenVPN configuration privileges to execute arbitrary commands on pfSense firewalls due to impr...

This vulnerability in Intel PROSet/Wireless WiFi UEFI firmware allows an unauthenticated attacker on the same network to potentially escalate privileg...

This vulnerability in Intel PROSet/Wireless and Killer Wi-Fi software allows an unauthenticated attacker on the same network to potentially escalate p...

This vulnerability in EcoStruxure Power Monitoring Expert allows unauthenticated attackers to exploit improper input validation. Attackers can view da...