Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,467 vulnerabilities with CWE-20

CVE-2023-36888 MEDIUM

Microsoft Edge Chromium < 114.0.1823.82 - Tampering

CVE-2023-3434 MEDIUM

Jami 20222284 - Denial of Service via Hyperlink Interpretation

CVE-2023-3433 MEDIUM

Jami - Local Denial of Service via Nickname Field Special Character Injection

CVE-2023-30559 MEDIUM

BD Alaris 8015 PCU Firmware < 12.1.3 - Unauthenticated Firmware Update Package Tampering

CVE-2023-29457 MEDIUM

Zabbix Frontend 4.0.0-4.0.44 - Reflected Cross-Site Scripting via Action Form Fields

CVE-2023-29456 MEDIUM

Zabbix Frontend 4.0.0-4.0.45 - Improper Input Validation in URL Validation Scheme

CVE-2023-29455 MEDIUM

Zabbix Frontend 4.0.0-4.0.44 - Reflected Cross-Site Scripting

CVE-2023-29454 MEDIUM

Zabbix Frontend 4.0.0-4.0.44 - Stored Cross-Site Scripting

CVE-2023-29452 MEDIUM

Zabbix 6.0.0-6.0.16 - Stored Cross-Site Scripting in Geomap Attribution Text

CVE-2023-29451 MEDIUM

Zabbix - Denial of Service via JSON Parser Buffer Overrun

CVE-2023-37415 HIGH

Apache Airflow Apache Hive Provider < 6.1.2 - OS Command Injection via Proxy User Option

CVE-2023-21251 HIGH

Android - Local Privilege Escalation via ConfirmDialog Input Validation Bypass

CVE-2023-37948 LOW

Jenkins Oracle Cloud Infrastructure Compute Plugin < 1.0.17 - Man-in-the-Middle via Unvalidated SSH Host Keys

CVE-2023-22888 MEDIUM

Apache Airflow < 2.6.3 - Authenticated Denial of Service via run_id Parameter

CVE-2023-36872 MEDIUM

VP9 Video Extensions - Info Disclosure

CVE-2023-35367 CRITICAL

Windows Routing and Remote Access Service - Remote Code Execution

CVE-2023-35366 CRITICAL

Windows RRAS - Remote Code Execution via Improper Input Validation

CVE-2023-35365 CRITICAL

Windows Routing and Remote Access Service - Remote Code Execution

CVE-2023-35336 MEDIUM

Windows 10 1507-22H2, Windows 11 21H2-22H2, Windows Server 2012-2022 - Security Feature Bypass in MSHTML Platform

CVE-2023-35306 MEDIUM

Windows 10 1507-22H2 and Windows 11 21H2-22H2 - Information Disclosure via PostScript and PCL6 Printer Driver

CVE-2023-35303 HIGH

Windows 10 1507-22H2 and Windows 11 21H2-22H2 - Remote Code Execution in USB Audio Class System Driver

CVE-2023-32057 CRITICAL

Microsoft Windows MSMQ - Remote Code Execution via Improper Input Validation

CVE-2023-32037 MEDIUM

Windows Layer-2 Bridge - Info Disclosure

CVE-2023-22835 HIGH

Palantir Foundry Issues < 2.510.0 and Foundry Frontend < 6.228.0 - Denial of Service via Malformed Issue Data

CVE-2023-30449 HIGH

IBM Db2 10.5, 11.1, 11.5 - Denial of Service via Crafted Query

Previous Page 100 of 499 Next

Details

Vulnerabilities 12,467

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy