Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1286

CWE-1286

Improper Validation of Syntactic Correctness of Input

Parent: CWE-20 - Improper Input Validation

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

79 vulnerabilities with CWE-1286

CVE-2026-50131 HIGH

Fedify validatePublicUrl - Special-Use IPv4 Server-Side Request Forgery Bypass

CVE-2026-24092 HIGH

Qualcomm Snapdragon Display - Fastboot Display Mode Memory Corruption

CVE-2026-24091 HIGH

Qualcomm Snapdragon Display - Fastboot Input Validation Memory Corruption

CVE-2026-24089 HIGH

Qualcomm Snapdragon Kernel - Fastboot Invalid Input Memory Corruption

CVE-2026-24087 HIGH

Qualcomm Snapdragon Kernel - Fastboot OEM Command Memory Corruption

CVE-2026-10099 MEDIUM

XX-Net V5.16.6 WebSocket Frame Parsing Data Corruption via simple_http_server.py

CVE-2026-7307 HIGH

Keycloak: keycloak: denial of service via specially crafted saml input

CVE-2026-0983 HIGH

M-Files Server Before 26.5.16015.0 - Authenticated Denial of Service

CVE-2026-6442 HIGH

Improper Command Detection Logic Allows RCE in Cortex Code Command-Line Interface

CVE-2026-40198 HIGH

Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass

CVE-2026-33778 HIGH

Junos OS: SRX Series, MX Series: When a specifically malformed first ISAKMP packet is received kmd/iked crashes

CVE-2026-34835 MEDIUM

Rack: `Rack::Request` accepts invalid Host characters, enabling host allowlist bypass.

CVE-2026-20114 MEDIUM

Cisco IOS XE Software <16.11.1 - Privilege Escalation

CVE-2026-3632 LOW

Libsoup: libsoup: http smuggling and server-side request forgery via malformed hostnames

CVE-2026-21527 MEDIUM

Microsoft Exchange Server - Info Disclosure

CVE-2026-25513 HIGH

FacturaScripts < 2025.81 - Authenticated SQL Injection via REST API Sort Parameter

CVE-2026-0663 MEDIUM

M-Files Server < 26.1.15632.3 - Authenticated Denial of Service via API Endpoint

CVE-2026-21917 HIGH

Juniper Junos OS SRX Series - Unauthenticated Denial of Service via Malformed SSL Packet

CVE-2025-8873 HIGH

Arista EOS Dataplane Denial of Service via Malformed IPsec Packet

CVE-2025-13995 MEDIUM

IBM QRadar SIEM Information Disclosure

CVE-2025-59785 HIGH

2N Access Commander <3.4.2 - Auth Bypass

CVE-2025-13327 MEDIUM

uv - Code Injection

CVE-2025-67492 MEDIUM

Weblate < 5.15 - Unauthenticated Repository Update Trigger via Webhook Payload

CVE-2025-13033 HIGH

Nodemailer <=7.0.7 - Quoted Recipient Address Email Misdirection

CVE-2025-41719 HIGH

Webserver <unknown> - Memory Corruption

Page 1 of 4 Next

Details

Vulnerabilities 79

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy