CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,467 vulnerabilities with CWE-20
CVE-2022-40276 MEDIUM
Zettlr 2.3.0 - Arbitrary Local File Disclosure via Malicious Markdown File
CVSS 5.5
CVE-2022-40235 MEDIUM
IBM InfoSphere Information Server 11.7 - Denial of Service via Job Input Validation
CVSS 6.5
CVE-2022-3675 LOW
Fedora CoreOS >=36.20220820.3.0 <37.20221031.1.0 - Unauthenticated OSTree Deployment Boot Bypass
CVSS 2.6
CVE-2022-39376 LOW
GLPI 0.65-10.0.3 - Improper Input Validation in Mailto Link Custom Fields
CVSS 2.6
CVE-2022-3181 HIGH
Trihedral VTScada < 12.0.38 - Denial of Service via Malformed HTTP Request
CVSS 7.5
CVE-2022-39353 CRITICAL
xmldom < 0.6.0 and 0.7.0-0.7.6 - Improper Validation of Consistency within Input
CVSS 9.4
CVE-2022-3661 MEDIUM
Google Chrome < 107.0.5304.62 - Cross-Origin Data Leak via Crafted Extension
CVSS 4.3
CVE-2022-3656 HIGH
Google Chrome < 107.0.5304.62 - File System Restriction Bypass via Crafted HTML Page
CVSS 8.8
CVE-2022-42800 HIGH
iPadOS < 15.7.1 - Remote Code Execution
CVSS 7.8
CVE-2022-3444 MEDIUM
Chrome < 106.0.5249.62 - File System Restriction Bypass via File System API
CVSS 4.3
CVE-2022-22658 MEDIUM
iPhone OS < 16.0.3 - Denial of Service via Maliciously Crafted Email Message
CVSS 6.5
CVE-2022-25885 HIGH
muhammara < 2.6.0 - Denial of Service via PDFStreamForResponse
CVSS 7.5
CVE-2022-39017 HIGH
M-Files Hubshare < 3.3.10.9 - Authenticated Stored Cross-Site Scripting via Comment Fields
CVSS 8.2
CVE-2022-39016 HIGH
M-Files Hubshare < 3.3.10.9 - Authenticated Account Takeover via PDF JavaScript Injection
CVSS 8.2
CVE-2022-28763 HIGH
Zoom Client for Meetings <5.12.2 - SSRF
CVSS 8.8
CVE-2022-0073 HIGH
OpenLiteSpeed 1.7.0-1.7.16 - Command Injection via Improper Input Validation
CVSS 8.8
CVE-2022-3095 CRITICAL
Dart <2.18-Flutter <3.30 - Auth Bypass
CVSS 9.8
CVE-2022-39361 HIGH
Metabase 0.41.0-0.41.8 - Remote Code Execution via H2 Database DDL Statements
CVSS 8.8
CVE-2022-42468 CRITICAL
Apache Flume 1.4.0-1.10.1 - Remote Code Execution via JMS Source ProviderURL
CVSS 9.8
CVE-2022-20822 HIGH
Cisco Identity Services Engine - Authenticated Path Traversal and Arbitrary File Deletion via Web Interface
CVSS 7.1
CVE-2022-33178 HIGH
Brocade Fabric OS < 9.0.0 - Remote Code Execution via Radius Authentication
CVSS 7.2
CVE-2022-39312 CRITICAL
Dataease < 1.15.2 - Remote Code Execution via Mysql JDBC Deserialization
CVSS 9.8
CVE-2022-38435 HIGH
Adobe Illustrator <26.4, 25.4.7 - RCE
CVSS 7.8
CVE-2022-3676 MEDIUM
Eclipse Openj9 < 0.35.0 - Type Confusion via Interface Call Inlining
CVSS 6.5
CVE-2022-39259 LOW
jadx < 1.4.5 - Denial of Service via HTML Sequences in Zip Files
CVSS 3.3
Details
Vulnerabilities 12,467
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits