Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,467 vulnerabilities with CWE-20

CVE-2023-27488 MEDIUM

Envoy < 1.22.9 - Privilege Escalation via Non-UTF-8 HTTP Header in ext_authz Filter

CVE-2023-27487 HIGH

Envoy < 1.22.9 - Unauthenticated JWT Bypass via x-envoy-original-path Header

CVE-2023-1789 CRITICAL

firefly-iii <6.0.0 - Info Disclosure

CVE-2023-28733 HIGH

AnyMailing Joomla Plugin <8.3.0 - XSS

CVE-2023-28732 MEDIUM

AnyMailing Joomla Plugin <8.3.0 - Info Disclosure

CVE-2023-28731 CRITICAL

AcyMailing Joomla Plugin < 8.3.0 - Unauthenticated File Upload Code Execution

CVE-2023-24304 HIGH

IrfanView 4.60 - Remote Code Execution via Crafted PDF File

CVE-2023-25901 HIGH

Adobe Dimension < 3.4.7 - Arbitrary Code Execution via Malicious File

CVE-2023-25881 HIGH

Adobe Dimension < 3.4.7 - Arbitrary Code Execution via Malicious File

CVE-2023-25879 HIGH

Adobe Dimension < 3.4.7 - Remote Code Execution via Malicious File

CVE-2023-0775 MEDIUM

Silabs Gecko Software Development Kit - Denial of Service via Invalid Prepare Write Request

CVE-2023-25867 HIGH

Adobe Substance 3D Stager < 2.0.0 - Arbitrary Code Execution via Malicious File

CVE-2023-25865 HIGH

Adobe Substance 3D Stager < 2.0.0 - Arbitrary Code Execution via Malicious File

CVE-2023-25661 MEDIUM

TensorFlow < 2.11.1 - Denial of Service via Convolution3DTranspose Invalid Input

CVE-2023-20976 HIGH

Android 13 - Local Privilege Escalation via DefaultAutofillPicker Input Validation

CVE-2023-20960 HIGH

Android - Local Privilege Escalation via SettingsHomepageActivity Deep Link Intent

CVE-2023-28330 MEDIUM

moodle 3.9.0-3.9.19 and 4.1.0-4.1.1 - Authenticated Arbitrary File Read via Backup Feature

CVE-2023-1289 MEDIUM

ImageMagick < 7.1.1-0 - Denial of Service via Crafted SVG File

CVE-2023-20072 HIGH

Cisco IOS XE - Unauthenticated Denial of Service via Fragmented Tunnel Protocol Packets

CVE-2023-25859 HIGH

Adobe Illustrator < 26.5.2 and <= 27.2.0 - Arbitrary Code Execution via Malicious File

CVE-2023-27984 HIGH

Schneider Electric Custom Reports < 16.0.0.23040 - Remote Code Execution via Malicious Report File

CVE-2023-27586 CRITICAL

CairoSVG < 2.7.0 - Server-Side Request Forgery via External Host Requests

CVE-2023-1250 HIGH

OTRS 6.0.1-6.0.34 and 7.0.0-7.0.41 - Local Code Execution via ACL Comment Injection

CVE-2023-28113 MEDIUM

russh <0.36.2-0.37.1 - Info Disclosure

CVE-2023-21453 MEDIUM

Samsung Android - Improper Input Validation in SoftSim TA

Previous Page 109 of 499 Next

Details

Vulnerabilities 12,467

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy