Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,470 vulnerabilities with CWE-20

CVE-2021-41561 HIGH

Apache Parquet-MR 1.9.0-1.11.1 and 1.12.0 - Denial of Service via Malicious Parquet File

CVE-2021-45105 MEDIUM

Apache Log4j 2.0-alpha1-2.16.0 - Denial of Service via Thread Context Map Self-Referential Lookup

CVE-2021-37863 LOW

Mattermost < 6.0 - Authenticated Denial of Service via Malicious Post Creation

CVE-2021-1021 HIGH

Android 12 - Local Privilege Escalation via Notification Snooze Input Validation

CVE-2021-1020 HIGH

Android 12 - Local Privilege Escalation via NotificationListenerService Snooze Notification

CVE-2021-0933 HIGH

Android - Remote Escalation of Privilege via Bluetooth Pairing Dialog HTML Injection

CVE-2021-0928 HIGH

Android - Local Privilege Escalation via OutputConfiguration Parcel Deserialization

CVE-2021-0921 HIGH

Android 11 - Local Privilege Escalation via ParsingPackageImpl Deserialization

CVE-2021-4117 MEDIUM

Yetiforce CRM < 6.3.0 - Business Logic Error

CVE-2021-20330 MEDIUM

MongoDB <4.0.27, <4.2.16, <4.4.9 - DoS

CVE-2021-4111 MEDIUM

Yetiforce CRM < 6.3.0 - Business Logic Errors

CVE-2021-41844 CRITICAL

Crocoblock JetEngine < 2.9.1 - Improper Input Validation

CVE-2021-42070 LOW

SAP 3D Visual Enterprise Viewer 9.0 - Denial of Service via Malformed Jupiter Tessellation File

CVE-2021-42068 LOW

SAP 3D Visual Enterprise Viewer 9.0 - Denial of Service via Malicious GIF File

CVE-2021-38182 HIGH

Kyma < 1.24.7 - Authenticated Privilege Escalation via Header Injection

CVE-2021-39932 MEDIUM

GitLab 11.0-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Denial of Service via Diff Feature

CVE-2021-44228 CRITICAL KEV

Log4Shell HTTP Header Injection

CVE-2021-43803 HIGH

Next.js 11.1.0-11.1.2 and 12.0.0-12.0.4 - Denial of Service via Malformed URL

CVE-2021-43802 CRITICAL

Etherpad <1.8.16 - Privilege Escalation

CVE-2021-23862 HIGH

Bosch Video Management System < 9.0 - Authenticated OS Command Injection via Configuration Packet

CVE-2021-37039 MEDIUM

HarmonyOS < 2.0 - Bluetooth Denial of Service via Input Verification Vulnerability

CVE-2021-25520 MEDIUM

Samsung Internet < 16.0.2 - Unauthenticated Script Execution via SearchKeyword Deeplink

CVE-2021-25517 HIGH

LDFW <SMR Dec-2021 Release 1 - Code Injection

CVE-2021-25512 MEDIUM

telephony <SMR Dec-2021 Release 1 - Info Disclosure

CVE-2021-25511 MEDIUM

FilterProvider <SMR Dec-2021 Release 1 - Path Traversal

Previous Page 151 of 499 Next

Details

Vulnerabilities 12,470

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy