Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,467 vulnerabilities with CWE-20

CVE-2023-25691 CRITICAL

Apache Airflow Google Provider < 8.10.0 - Improper Input Validation

CVE-2023-0869 MEDIUM

OpenNMS Horizon < 31.0.4 and Meridian < 2023.1.0 - Cross-Site Scripting in Outage List Page

CVE-2023-0868 MEDIUM

OpenNMS Horizon < 31.0.4 and Meridian < 2023.1.0 - Reflected Cross-Site Scripting in Graph Results

CVE-2023-0867 MEDIUM

OpenNMS Horizon < 31.0.4 and Meridian < 2023.1.0 - Stored and Reflected Cross-Site Scripting in Webapp JSP Pages

CVE-2023-22239 HIGH

Adobe After Effects <=23.1 and <=22.6.3 - Code Execution via Malicious File

CVE-2023-22228 HIGH

Adobe Bridge < 12.0.4 and <= 13.0.1 - Arbitrary Code Execution via Malicious File

CVE-2023-21621 HIGH

FrameMaker <2020 Update 4, <2022 - RCE

CVE-2023-21574 HIGH

Photoshop 23.0.0-23.5.3 and 24.1 - Arbitrary Code Execution via Malicious File

CVE-2023-24329 HIGH

Python < 3.11.4 - URL Blocklist Bypass via Leading Blank Characters in urllib.parse

CVE-2023-24807 HIGH

Undici < 5.19.1 - Regular Expression Denial of Service via Header Value Normalization

CVE-2023-23934 LOW

Werkzeug < 2.2.3 - Improper Input Validation in Cookie Parsing

CVE-2023-21818 HIGH

Windows 10 and Windows Server - Denial of Service via Secure Channel

CVE-2023-21816 HIGH

Windows Active Directory Domain Services API - DoS

CVE-2023-21685 HIGH

Microsoft WDAC OLE DB provider for SQL Server - RCE

CVE-2023-22940 MEDIUM

Splunk Enterprise < 8.1.13, 8.2.10, 9.0.4 - Unauthorized Data Exposure via SPL Command Aliases

CVE-2023-22939 HIGH

Splunk Enterprise < 8.1.13, 8.2.10, 9.0.4 - Authenticated SPL Safeguard Bypass via Map Command

CVE-2023-22937 MEDIUM

Splunk < 8.1.13 - Improper Input Validation

CVE-2023-22935 HIGH

Splunk Enterprise < 8.1.13, 8.2.10, 9.0.4 - Authenticated SPL Safeguard Bypass via Search Parameter

CVE-2023-22934 HIGH

Splunk Enterprise < 8.1.13, 8.2.10, 9.0.4 & Splunk Cloud < 9.0.2209.3 - Authenticated SPL Bypass via Pivot

CVE-2023-24816 MEDIUM

IPython < 8.10.0 - OS Command Injection via set_term_title Function

CVE-2023-24569 HIGH

Dell Alienware Command Center <5.5.37.0 - Privilege Escalation

CVE-2023-21451 MEDIUM

Samsung Android SECRIL - Stack-based Buffer Overflow in IpcRxEmbmsSessionList

CVE-2023-21446 MEDIUM

Samsung MyFiles <12.2.09/13.1.03.501/14.1.00.422 - Unauthenticated Data Access via Improper Input Validation

CVE-2023-21439 HIGH

Samsung Android - Improper Input Validation in UwbDataTxStatusEvent

CVE-2023-21434 MEDIUM

Samsung Galaxy Store < 4.5.49.8 - JavaScript Execution via Web Page Launch

Previous Page 112 of 499 Next

Details

Vulnerabilities 12,467

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy