Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,423 vulnerabilities with CWE-20

CVE-2026-7317 MEDIUM

Grav CMS Cache Value FileCache.php doGet deserialization

CVE-2026-24204 MEDIUM

NVIDIA FLARE SDK < 2.7.2 - Path Traversal and Information Disclosure

CVE-2026-5941 HIGH

Foxit PDF Editor/Reader AcroForm Signature Remote Code Execution Vulnerability

CVE-2026-41044 HIGH

Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia

CVE-2026-40466 HIGH

Apache ActiveMQ Broker < 5.19.6 and 6.0.0 to before 6.2.5 - Remote Code Execution

CVE-2026-41268 HIGH

Flowise: Flowise Parameter Override Bypass Remote Command Execution

CVE-2026-34066 MEDIUM

nimiq-blockchain: Peer-triggerable panic during history sync

CVE-2026-33471 CRITICAL

nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation

CVE-2026-35380 MEDIUM

uutils coreutils cut Local Logic Error and Data Integrity Issue in Delimiter Parsing

CVE-2026-35377 LOW

uutils coreutils env Local Denial of Service via Improper Handling of Backslashes in Split-String Mode

CVE-2026-35369 MEDIUM

uutils coreutils kill System-wide Process Termination and Denial of Service via Argument Misinterpretation

CVE-2026-35347 MEDIUM

uutils coreutils comm Silent Data Loss or Denial of Service via Improper Input Validation

CVE-2026-31192 MEDIUM

Raindrop.io Bookmark Manager Web App 5.6.76.0 - Info Disclosure

CVE-2026-22748 MEDIUM

Potential Security Misconfiguration when Using withIssuerLocation

CVE-2026-40871 HIGH

mailcow: dockerized vulnerable to Second Order SQL Injection in quarantine category via API

CVE-2026-6779 MEDIUM

Mozilla Firefox and Thunderbird 150 - JavaScript Engine Memory Safety Issue

CVE-2026-6777 MEDIUM

Mozilla Firefox and Thunderbird 150 - DNS Component Input Validation Issue

CVE-2026-6675 MEDIUM

Responsive Blocks <= 2.2.0 - Unauthenticated Open Email Relay via REST API 'email_to' Parameter

CVE-2026-39386 HIGH

Neko has Self-service Privilege Escalation for Authenticated Users

CVE-2026-32604 CRITICAL

Spinnaker vulnerable to RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths

CVE-2026-24505 HIGH

Dell PowerProtect Data Domain 8.5-8.6 - Command Injection

CVE-2026-24504 HIGH

Dell PowerProtect Data Domain 7.7.1.0-8.6 - Command Injection

CVE-2026-6626 MEDIUM

Cockpit-HQ Cockpit Asset Handler/Aggregate data query logic injection

CVE-2026-40317 CRITICAL

NovumOS has Privilege Escalation in the Syscall Interface

CVE-2026-33436 LOW

Stirling-PDF: Reflected XSS through crafted filename in file upload functionality

Previous Page 16 of 497 Next

Details

Vulnerabilities 12,423

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy