CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,423 vulnerabilities with CWE-20
CVE-2026-28201 HIGH
SurrealDB Injection on Open Notebook
CVSS 7.8
CVE-2026-41890 MEDIUM
CI4MS: Arbitrary Database Table Drop via Theme deleteProcess
CVE-2026-41670 HIGH
Admidio: SAML Response Sent to Unvalidated Assertion Consumer Service URL from AuthnRequest
CVSS 8.2
CVE-2026-8013 MEDIUM
Google Chrome < 148.0.7778.96 - Cross-Origin Data Leak via FedCM Input Validation
CVSS 4.3
CVE-2026-8010 MEDIUM
Google Chrome < 148.0.7778.96 - Site Isolation Bypass via Crafted HTML Page
CVSS 6.3
CVE-2026-8007 HIGH
Google Chrome < 148.0.7778.96 - Privilege Escalation via Cast Input Validation
CVSS 7.5
CVE-2026-8005 MEDIUM
Google Chrome < 148.0.7778.96 - Same Origin Policy Bypass via Cast
CVSS 4.3
CVE-2026-8003 MEDIUM
Google Chrome < 148.0.7778.96 - UI Spoofing via TabGroups Input Validation
CVSS 5.4
CVE-2026-8000 HIGH
Google Chrome < 148.0.7778.96 - Remote Code Execution via Crafted HTML Page
CVSS 8.8
CVE-2026-7998 MEDIUM
Google Chrome < 148.0.7778.96 - UI Spoofing via Dialog Input Validation
CVSS 5.4
CVE-2026-7997 HIGH
Google Chrome < 148.0.7778.96 - Local Privilege Escalation via Updater Input Validation
CVSS 7.8
CVE-2026-7996 MEDIUM
Google Chrome < 148.0.7778.96 - UI Spoofing via SSL Input Validation
CVSS 4.2
CVE-2026-7993 MEDIUM
Google Chrome < 148.0.7778.96 - Omnibox Spoofing via Crafted HTML Page
CVSS 4.2
CVE-2026-7992 HIGH
Google Chrome < 148.0.7778.96 - Remote Code Execution via Crafted HTML Page
CVSS 8.8
CVE-2026-7990 HIGH
Google Chrome < 148.0.7778.96 - Local Privilege Escalation via Updater Input Validation
CVSS 7.8
CVE-2026-7989 MEDIUM
Google Chrome < 148.0.7778.96 - Arbitrary Read/Write via DataTransfer
CVSS 4.2
CVE-2026-7968 LOW
Google Chrome < 148.0.7778.96 - Same Origin Policy Bypass via CORS Input Validation
CVSS 3.1
CVE-2026-7967 HIGH
Google Chrome < 148.0.7778.96 - Sandbox Escape via Navigation Input Validation Flaw
CVSS 8.3
CVE-2026-7966 LOW
Google Chrome < 148.0.7778.96 - Site Isolation Bypass via Crafted HTML Page
CVSS 3.1
CVE-2026-7965 LOW
Google Chrome < 148.0.7778.96 - Cross-Origin Data Leak via DevTools Input Validation
CVSS 3.1
CVE-2026-7964 MEDIUM
Google Chrome < 148.0.7778.96 - Arbitrary Read/Write via FileSystem Input Validation
CVSS 4.2
CVE-2026-7962 MEDIUM
Google Chrome < 148.0.7778.96 - Arbitrary Read/Write via DirectSockets Policy Bypass
CVSS 5.4
CVE-2026-7961 MEDIUM
Google Chrome < 148.0.7778.96 - Cross-Origin Data Leak via Malicious Network Traffic
CVSS 4.3
CVE-2026-7953 MEDIUM
Google Chrome < 148.0.7778.96 - Universal Cross-Site Scripting via Omnibox Input Validation
CVSS 6.1
CVE-2026-7947 MEDIUM
Google Chrome < 148.0.7778.96 - UI Spoofing via Crafted HTML Page
CVSS 4.2
Details
Vulnerabilities 12,423
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits