Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,424 vulnerabilities with CWE-20

CVE-2026-30078 HIGH

OpenAirInterface oai-cn5g-amf - Denial of Service via Invalid NGAP Message Procedure Code or PDU-Type

CVE-2026-5536 HIGH

FedML-AI FedML gRPC server grpc_server.py sendMessage deserialization

CVE-2026-34773 MEDIUM

Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows

CVE-2026-34980 HIGH

OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network

CVE-2026-28797 HIGH

RAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" Component

CVE-2026-5473 MEDIUM

NASA cFS Pickle pickle.load deserialization

CVE-2026-34762 LOW

Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber

CVE-2026-34760 MEDIUM

vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models

CVE-2026-35038 MEDIUM

signalk-server: Arbitrary Prototype Read via `from` Field Bypass

CVE-2026-32629 MEDIUM

phpMyFAQ: Stored XSS via Unsanitized Email Field in Admin FAQ Editor

CVE-2026-29144 MEDIUM

SEPPmail Secure Email Gateway - Unicode Subject Tags

CVE-2026-29143 CRITICAL

SEPPmail Secure Email Gateway - S/MIME Decryption Impersonation

CVE-2026-29141 MEDIUM

SEPPmail Secure Email Gateway - Bounded Subject Tag Sanitization

CVE-2026-29137 MEDIUM

SEPPmail Secure Email Gateway - Long Subject Untagging

CVE-2026-29135 HIGH

SEPPmail Secure Email Gateway - Webmail Password Tag Sanitization Bypass

CVE-2026-29133 CRITICAL

SEPPmail Secure Email Gateway - UID Regex Bypass

CVE-2026-34525 MEDIUM

AIOHTTP: Duplicate Host header accepted

CVE-2026-34445 HIGH

ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.

CVE-2026-20093 CRITICAL

Cisco Integrated Management Controller Authentication Bypass Vulnerability

CVE-2026-30523 MEDIUM

SourceCodester Loan Management System 1.0 - Business Logic

CVE-2026-34442 MEDIUM

FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScout

CVE-2026-3470 LOW

SonicWall Email Security <=10.0.34.8215 - Data Corruption

CVE-2026-3469 LOW

SonicWall Email Security < 10.0.35.8405 - Authenticated Denial of Service via Improper Input Validation

CVE-2026-34383 MEDIUM

Admidio: CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter

CVE-2026-31799 MEDIUM

Tautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parameters

Previous Page 19 of 497 Next

Details

Vulnerabilities 12,424

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy