CWE-20: Improper Input Validation

This vulnerability allows attackers on the same network to send specially crafted MMS protocol packets that cause a denial-of-service condition, forci...

A vulnerability in mx-chain-go (MultiversX blockchain implementation) allows invalid cross-shard transactions with incorrect usernames to cause the me...

CVE-2022-4904 is a stack buffer overflow vulnerability in the c-ares DNS library's ares_set_sortlist function. Attackers can trigger denial of service...

This vulnerability allows remote unauthenticated attackers to cause a denial-of-service condition in affected Mitsubishi Electric MELSEC iQ-F series P...

An unauthenticated remote attacker can cause a denial of service (DoS) by sending a crafted HTTPS request to Cisco ASA or FTD devices with web service...

CVE-2021-33012 allows remote, unauthenticated attackers to send specially crafted commands that cause Rockwell Automation MicroLogix 1100 PLCs to faul...

An improper input validation vulnerability in Salesforce Tableau Server allows attackers to perform absolute path traversal through the tabdoc API's c...

This vulnerability in Apache CloudStack allows attackers who can register templates to deploy malicious instances on KVM-based environments, potential...

Apache CloudStack has a vulnerability where users can upload malicious KVM-compatible templates or volumes that bypass validation checks. This allows ...

This vulnerability allows local attackers to execute privileged activities on Samsung devices due to improper input validation in the Duo component. I...

This vulnerability allows local attackers to bypass input validation in Samsung's RegisteredMSISDN component, enabling them to execute privileged acti...

This vulnerability allows local attackers to bypass input validation in SCEPProfile on Samsung devices, enabling them to execute privileged activities...

This vulnerability allows local attackers to bypass security restrictions and execute privileged activities on Samsung devices due to improper input v...

This vulnerability allows attackers to launch unauthorized activities on Samsung devices due to improper input validation in the UwbDataTxStatusEvent ...

This vulnerability in Samsung's CACertificateInfo component allows attackers to bypass certificate validation, potentially enabling malicious activiti...

This vulnerability in Samsung's KfaOptions component allows attackers to launch unauthorized activities due to improper input validation. It affects S...

This vulnerability in Samsung's RemoteViews component allows attackers to launch unauthorized activities on affected devices due to improper input val...

This vulnerability in Samsung's SemSuspendDialogInfo component allows attackers to bypass validation checks and launch unauthorized activities on affe...

This vulnerability in Samsung's MediaMonitorEvent component allows attackers to launch unauthorized activities due to improper input validation. It af...

This vulnerability in Samsung's SemBlurInfo component allows attackers to launch unauthorized activities on affected devices due to improper input val...

CVE-2021-35223 is a remote code execution vulnerability in SolarWinds Serv-U File Server where user-supplied parameters in audit command execution can...

This CVE describes an improper input validation vulnerability in Adobe ColdFusion that allows high-privileged attackers to execute arbitrary code with...

This macOS vulnerability allows applications to escape their sandbox restrictions due to improper input validation. It affects macOS Ventura, Sequoia,...

This CVE describes a permission verification bypass vulnerability in Huawei's notification module that allows attackers to bypass intended access cont...

This CVE-2024-56134 is an OS command injection vulnerability in Progress LoadMaster that allows authenticated users to execute arbitrary operating sys...

This CVE-2024-56135 is an authenticated OS command injection vulnerability in Progress LoadMaster that allows authenticated users to execute arbitrary...

An authenticated user can execute arbitrary operating system commands on Progress LoadMaster due to improper input validation. This affects LoadMaster...

This CVE-2024-56132 is an OS command injection vulnerability in Progress LoadMaster that allows authenticated users to execute arbitrary commands on t...

This CVE-2024-56133 is an authenticated OS command injection vulnerability in Progress LoadMaster load balancers. It allows authenticated users to exe...

This vulnerability allows memory corruption in Qualcomm camera drivers when taking snapshots with specific offset variables. Attackers could potential...

This vulnerability in Samsung Exynos processors allows attackers to execute arbitrary code by exploiting improper validation of native handles. It aff...

CVE-2023-28291 is a remote code execution vulnerability in Microsoft's Raw Image Extension that allows attackers to execute arbitrary code by tricking...

This vulnerability allows an unauthenticated attacker with local access to a system to escalate privileges by exploiting improper input validation in ...

This vulnerability in Qualcomm Snapdragon chipsets allows potential out-of-bounds memory access due to insufficient validation of page offsets before ...

This vulnerability allows attackers to trigger integer and heap overflows by sending specially crafted beacon template update commands to affected Qua...

CVE-2020-11237 is a memory corruption vulnerability in Qualcomm Snapdragon chipsets where lack of validation of histogram definition data before acces...

This vulnerability in NVIDIA DGX H100 BMC's web UI allows improper input validation, potentially enabling attackers to execute arbitrary code, escalat...

CVE-2023-3466 is a reflected cross-site scripting (XSS) vulnerability in Citrix ADC and Citrix Gateway that allows attackers to inject malicious scrip...

This vulnerability in Bosch IP cameras allows attackers to inject arbitrary HTTP headers through specially crafted URLs due to improper input validati...

The Jenkins Git Parameter Plugin vulnerability allows attackers with Item/Build permission to inject arbitrary values into Git parameters by bypassing...

This vulnerability allows authenticated local administrators on SiPass integrated access control systems to escalate privileges by injecting arbitrary...

This UEFI firmware vulnerability in certain Intel processors allows privileged users to escalate privileges through improper input validation. Attacke...

This vulnerability allows locally authenticated attackers to exploit a System Management Mode (SMM) callout in AMD's CPM Display Feature driver to ove...

This vulnerability in spatie/browsershot allows attackers to bypass file URI scheme validation by omitting slashes in file paths, potentially enabling...

This vulnerability in Intel CIP software allows a privileged user with local access to potentially escalate privileges through improper input validati...

This vulnerability allows a privileged user with local access to Intel Server Board S2600ST systems to potentially escalate privileges through imprope...

This vulnerability allows authenticated users on Azure Stack Hub to elevate their privileges beyond their assigned permissions. It affects organizatio...

This vulnerability allows a privileged user with local access to exploit improper input validation in Intel Server Board S2600ST Family firmware kerne...

Apache Traffic Server versions 8.0.0-8.1.10 and 9.0.0-9.2.4 have a vulnerability where specially crafted Accept-Encoding headers can bypass cache look...

Spring Cloud Function framework versions 4.0.0-4.0.7 and 4.1.0-4.1.1 are vulnerable to denial-of-service attacks when using the Web module. Attackers ...