Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,423 vulnerabilities with CWE-20

CVE-2026-8391 MEDIUM

Firefox < 150.0.3 - Memory Corruption in JavaScript Engine

CVE-2026-45393 HIGH

Cribl Edge < 4.17.1 - Improper Input Validation

CVE-2026-45392 HIGH

Cribl Stream < 4.17.1 - Improper Input Validation

CVE-2026-45391 HIGH

Cribl Edge < 4.17.1 - Improper Input Validation

CVE-2026-43899 CRITICAL

DeepChat < 1.0.4-beta.1 Markdown Links - Remote Code Execution

CVE-2026-28936 HIGH

iOS/iPadOS <18.7.9, macOS <14.8.7, visionOS <26.5 - DoS via Malicious File

CVE-2026-28917 MEDIUM

iOS and iPadOS < 18.7.9 and < 26.5 - Denial of Service via Malicious Web Content

CVE-2026-28907 HIGH

iOS and iPadOS < 18.7.9 and < 26.5 - Content Security Policy Bypass via Malicious Web Content

CVE-2026-28860 HIGH

iOS and iPadOS < 18.7.7 - Local Keychain State Modification via Improper Input Validation

CVE-2026-44658 LOW

Zen Browser: RSS Live-Folder Item URLs Are Not Scheme-Restricted Before Trusted Tab Creation

CVE-2026-43895 MEDIUM

jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts

CVE-2026-31251 HIGH

CosyVoice thru 6e01309 - Deserialization

CVE-2026-42613 CRITICAL

Grav: Privilege Escalation via Missing Server-Side Validation of groups/access

CVE-2026-34086 LOW

AbuseFilter misuses ::userCanBitfield, exposing access-controlled information

CVE-2026-42301 HIGH

Improper Input Validation leading to Improper Control of Generation of Code ('Code Injection') in pyp2spec

CVE-2026-44337 MEDIUM

PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries

CVE-2026-44336 CRITICAL

PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection

CVE-2026-43944 CRITICAL

electerm: dangerous code can be run through links or command line

CVE-2026-42261 HIGH

PromptHub: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote`

CVE-2026-33844 CRITICAL

Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

CVE-2026-6973 HIGH KEV

Ivanti Endpoint Manager Mobile < 12.6.1.1, < 12.7.0.1, < 12.8.0.1 - Authenticated Remote Code Execution

CVE-2026-41654 HIGH

Weblate is Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url

CVE-2026-33589 MEDIUM

Open Notebook File Upload - Path Traversal Arbitrary File Read

CVE-2026-33588 HIGH

Open Notebook < 1.8.3 - Path Traversal via File Upload

CVE-2026-33587 CRITICAL

Open Notebook Transformations - Server-Side Template Injection RCE

Previous Page 13 of 497 Next

Details

Vulnerabilities 12,423

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy