CWE-20: Improper Input Validation

This vulnerability allows authenticated attackers with OpenVPN configuration privileges to execute arbitrary commands on pfSense firewalls due to impr...

This vulnerability in Intel PROSet/Wireless WiFi UEFI firmware allows an unauthenticated attacker on the same network to potentially escalate privileg...

This vulnerability in Intel PROSet/Wireless and Killer Wi-Fi software allows an unauthenticated attacker on the same network to potentially escalate p...

This vulnerability in EcoStruxure Power Monitoring Expert allows unauthenticated attackers to exploit improper input validation. Attackers can view da...

This vulnerability allows remote code execution through improper input validation in Schneider Electric's EcoStruxure Power Monitoring Expert software...

IBM Security Guardium Insights 3.0 contains an improper input validation vulnerability that allows authenticated users to perform unauthorized actions...

CVE-2021-21408 is a vulnerability in Smarty PHP template engine that allows template authors to execute restricted static PHP methods, potentially lea...

This vulnerability in Google Chrome allowed malicious extensions to bypass navigation restrictions, enabling attackers to redirect users to malicious ...

CVE-2021-38182 is an input validation vulnerability in Kyma that allows authenticated users to escalate privileges by manipulating headers. This can l...

This vulnerability allows an unauthenticated attacker on the same network to exploit improper input validation in Intel PROSet/Wireless WiFi firmware ...

CVE-2021-43406 is an input validation vulnerability in FusionPBX where the fax_post_size parameter accepts risky characters instead of being constrain...

CVE-2017-5123 is a Linux kernel vulnerability in the waitid system call that allows insufficient data validation, enabling local privilege escalation....

CVE-2021-31372 is an improper input validation vulnerability in Juniper Networks Junos OS J-Web interface that allows locally authenticated attackers ...

CVE-2021-39230 is a kernel vulnerability in Butter system utility that allows attackers to exploit improper input validation (CWE-20) to potentially e...

This vulnerability in Kubernetes allows authenticated users to create containers with subpath volume mounts that can escape the intended volume bounda...

CVE-2020-7865 is an improper input validation vulnerability in ExECM CoreB2B solution that allows unauthenticated attackers to download and execute ar...

This vulnerability allows remote attackers to execute arbitrary commands on systems running vulnerable versions of XPLATFORM's ActiveX component. Atta...

CVE-2021-0278 is an improper input validation vulnerability in Juniper Networks Junos OS J-Web interface that allows locally authenticated users to es...

CVE-2021-25682 is a vulnerability in Apport's get_pid_info() function that improperly parses /proc/pid/status files, potentially allowing local privil...

CVE-2021-25684 is a vulnerability in Ubuntu's Apport crash reporting system where improper handling of FIFO (named pipe) files could allow local attac...

This vulnerability allows an unauthenticated attacker with adjacent network access to exploit improper input validation in the BMC firmware of Intel S...

This vulnerability allows arbitrary JavaScript code execution when processing malicious URLs due to improper input validation. It affects Apple iOS, i...

CVE-2020-7839 is a command injection vulnerability in MaEPSBroker versions 2.5.0.31 and earlier. Attackers can execute arbitrary commands on affected ...

This vulnerability allows authenticated remote attackers to bypass authorization in Cisco SD-WAN vManage Software's web interface, enabling unauthoriz...

This vulnerability allows authenticated attackers to execute arbitrary commands with root privileges on affected Cisco SD-WAN devices. Attackers could...

CVE-2021-1302 allows authenticated remote attackers to bypass authorization in Cisco SD-WAN vManage's web interface, enabling unauthorized configurati...

This vulnerability allows an attacker to crash the Routing Protocol Daemon (RPD) service on Juniper Junos OS devices by sending a malformed RSVP packe...

This vulnerability allows authenticated attackers to delete arbitrary files on systems running vulnerable versions of Eaton Intelligent Power Manager ...

CVE-2025-27378 is a SQL injection vulnerability in AES software where an inactive configuration prevents proper SQL parsing. Attackers can exploit thi...

Adobe Dreamweaver versions 21.6 and earlier contain an improper input validation vulnerability that allows arbitrary code execution when a user opens ...

CVE-2026-21271 is an Improper Input Validation vulnerability in Adobe Dreamweaver Desktop versions 21.6 and earlier that allows arbitrary code executi...

Adobe Dreamweaver versions 21.6 and earlier contain an improper input validation vulnerability that allows arbitrary file system writes when a user op...

A buffer overflow vulnerability in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 version 1.6.9 allows unauthenticated attackers to send ...

An out-of-bounds array access vulnerability in Cisco's TWAMP server implementation allows unauthenticated remote attackers to cause device reloads (Do...

This vulnerability allows a local attacker to bypass Windows Security Zone Mapping through improper input validation. Attackers could potentially elev...

An unauthenticated remote attacker can cause denial of service on affected Cisco routers by sending crafted IPv4 multicast packets to line cards with ...

This vulnerability in Cisco IOS XR Software allows unauthenticated remote attackers to cause line card resets by sending crafted IPv4 packets to inter...

CVE-2025-1026 is a local file inclusion vulnerability in spatie/browsershot PHP package versions before 5.0.5. Attackers can bypass URL validation in ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in newer Lexmark devices' Web Services feature. It allows attackers to make the ...

This vulnerability in the spatie/browsershot PHP package allows attackers to bypass URL validation and read arbitrary local files using the view-sourc...

This vulnerability in Huawei products involves insufficient input validation that could allow attackers to cause service disruption. It affects Huawei...

CVE-2024-47175 is a vulnerability in CUPS libppd where the ppdCreatePPDFromIPP2 function fails to sanitize IPP attributes when creating PPD buffers. T...

A malformed fragmented packet can cause a major nonrecoverable fault in Rockwell Automation industrial controllers, rendering them unavailable and req...

An unauthenticated remote attacker can send specially crafted IPv4 packets to Cisco Access Points, causing them to crash and reload, resulting in deni...

This vulnerability in the Cargo extension for MediaWiki involves improper handling of backticks in the smartSplit function, potentially allowing attac...

This vulnerability in Zephyr OS allows IP packets with source or destination addresses of 127.0.0.1 (localhost) to be processed when arriving on exter...

This CVE describes a sandbox escape vulnerability in Apple operating systems that allows malicious applications to break out of their security sandbox...

This vulnerability allows unauthenticated attackers to send specially crafted network packets to Intel Ethernet Adapters and Controller I225 Manageabi...

This vulnerability allows downstream clients to bypass external authentication in Envoy proxy by forcing invalid gRPC requests to the ext_authz servic...

CVE-2024-1019 is a WAF bypass vulnerability in ModSecurity v3 that allows attackers to hide malicious payloads in URL paths by using percent-encoded c...