Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,423 vulnerabilities with CWE-20

CVE-2026-20240 MEDIUM

Denial of Service through coldToFrozen.sh Script in Splunk Enterprise

CVE-2026-5946 HIGH

BIND 9.11.0-9.16.50, 9.18.0-9.18.48, 9.20.0-9.20.22, 9.21.0-9.21.21 - DoS via Non-IN DNS Message Handling

CVE-2026-8959 CRITICAL

Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component

CVE-2026-31378 MEDIUM

Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution

CVE-2026-28751 LOW

OpenHarmony filemanagement_storage_service <=v6.0 - Local Denial of Service

CVE-2026-27891 HIGH

Remote Code Execution (RCE) via Zip Slip in Plugin Upload Mechanism

CVE-2026-45495 HIGH

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2026-45492 MEDIUM

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2026-20685 MEDIUM

Apple Private Cloud Compute Server Software < 5E290.3 - Improper Input Validation

CVE-2026-8759 HIGH

xiandafu beetl SpELFunction SpELFunction.java expression language injection

CVE-2026-8751 HIGH

h2oai h2o-3 JAR Model.java importBinaryModel deserialization

CVE-2026-8735 MEDIUM

Oinone Pamirs appConfigQuery PamirsParserConfig.java JsonUtils.parseMap deserialization

CVE-2026-45317 MEDIUM

Open WebUI: Cross-Site Request Forgery (CSRF) via Image URL Manipulation

CVE-2026-42327 HIGH

rust-openssl: undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs

CVE-2026-8579 LOW

Google Chrome < 148.0.7778.168 - Out of Bounds Memory Write in Skia via Crafted Print File

CVE-2026-8538 MEDIUM

Google Chrome < 148.0.7778.168 - Denial of Service via GPU Input Validation

CVE-2026-8536 LOW

Google Chrome < 148.0.7778.168 - Site Isolation Bypass via ReadingMode Input Validation

CVE-2026-8528 MEDIUM

Google Chrome < 148.0.7778.168 - Site Isolation Bypass via Crafted HTML Page

CVE-2026-8527 HIGH

Google Chrome < 148.0.7778.168 - Remote Code Execution via Downloads Input Validation

CVE-2026-8516 MEDIUM

Google Chrome < 148.0.7778.168 - Information Disclosure via DataTransfer Input Validation

CVE-2026-26062 MEDIUM

Fleet server may terminate unexpectedly when handling certain gRPC requests

CVE-2026-44522 HIGH

Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leading to Remote Code Execution

CVE-2026-20224 HIGH

Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability

CVE-2026-44482 CRITICAL

soundcloud-rpc: Remote Code Execution via XSS in Track Title

CVE-2026-44425 MEDIUM

ShellHub: Crash-DoS via field injection in filter and sort-by parameters

Previous Page 11 of 497 Next

Details

Vulnerabilities 12,423

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy