The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,423 vulnerabilities with CWE-20
CVE-2026-49095
MEDIUM
Improper Input Validation in Kibana Fleet Leading to Privilege Escalation
CVSS 6.5
CVE-2026-30760
HIGH
SourceBans Material Admin < 1.1.6 - Arbitrary User Data Manipulation via XAJAX Call
CVSS 7.3
CVE-2026-45076
LOW
Synapse pagination denial of service
CVSS 2.7
CVE-2026-45137
HIGH
Anchor: Program<'info, System> is not properly validated
CVSS 8.2
CVE-2026-5509
HIGH
Arbitrary Command Injection via Browser Developer Console in TP-Link Archer BE450 and BE7200
CVSS 7.2
CVE-2026-42553
HIGH
Cinny: Access token disclosure via invalidated emoji pack avatar URL in service worker
CVE-2026-44325
HIGH
free5GC: NRF POST /oauth2/token structured-form parser type-confusion panic family (Reflect.Set on incompatible types)
CVSS 7.5
CVE-2026-44319
HIGH
free5GC: NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)
CVSS 7.5
CVE-2026-42459
HIGH
free5GC: Improper Input Validation and Generation of Error Message Containing Sensitive Information in github.com/free5gc/udm
CVSS 7.5
CVE-2026-48922
HIGH
Jenkins Credentials Binding Plugin < 720.v3f6decef43ea_ - Remote Code Execution
CVSS 7.5
CVE-2026-24195
HIGH
Nvidia Guest Driver - Improper Input Validation
CVSS 7.1
CVE-2026-45721
CRITICAL
Algernon: handler.lua discovery walks parent directories above the server root
CVSS 9.0
CVE-2026-43935
HIGH
e107: Host Header Injection in e107 password reset enables phishing
CVSS 8.1
CVE-2026-9521
HIGH
fraillt bitsery std_smart_ptr.h loadFromSharedState improper validation of specified type of input
CVSS 7.3
CVE-2026-9497
MEDIUM
changmingxie tcc-transaction Fastjson AutoType REST API Fastjson.parseObject deserialization
CVSS 6.3
CVE-2026-40411
CRITICAL
Azure Virtual Network Gateway Remote Code Execution Vulnerability
CVSS 9.9
CVE-2026-26147
HIGH
Azure Stack HCI Information Disclosure Vulnerability
CVSS 7.7
CVE-2026-3294
HIGH
Authentication Logic Vulnerability on Multiple TP-Link Range Extenders
CVSS 8.8
CVE-2026-34207
HIGH
TypeBot: SSRF Protection Bypass via DNS-Resolved Hostnames in Webhook / HTTP Request Validation
CVSS 7.6
CVE-2026-44417
HIGH
Apache CXF JMS Configuration - Remote Code Execution
CVSS 7.5
CVE-2026-34910
CRITICAL
Ubiquiti INC UniFi OS Server - Improper Input Validation
CVSS 10.0
CVE-2026-33000
CRITICAL
Ubiquiti INC UniFi OS Server < 5.0.8 - Improper Input Validation
CVSS 9.1
CVE-2026-9157
HIGH
Remote Code Execution in Gmission Web FAX
CVSS 8.4
CVE-2026-9124
MEDIUM
Google Chrome < 148.0.7778.179 - Cross-Origin Data Leak via Input Validation Bypass
CVSS 5.3
CVE-2026-39850
HIGH
Yii 2: Local file inclusion via view parameter name collision
CVSS 7.4
Details
Vulnerabilities
12,423
Exploit Likelihood
High