Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,039 vulnerabilities with CWE-20

CVE-2026-32604 CRITICAL

Spinnaker vulnerable to RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths

CVE-2026-24505 HIGH

Dell PowerProtect Data Domain 8.5-8.6 - Command Injection

CVE-2026-24504 HIGH

Dell PowerProtect Data Domain 7.7.1.0-8.6 - Command Injection

CVE-2026-6626 MEDIUM

Cockpit-HQ Cockpit Asset Handler/Aggregate data query logic injection

CVE-2026-40317 CRITICAL

NovumOS has Privilege Escalation in the Syscall Interface

CVE-2026-33436 LOW

Stirling-PDF: Reflected XSS through crafted filename in file upload functionality

CVE-2026-6409 HIGH

Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input

CVE-2026-22615 MEDIUM

Eaton IPP Software <2.0 - Command Injection

CVE-2026-40261 HIGH

Composer has Command Injection via Malicious Perforce Reference

CVE-2026-40176 HIGH

Composer is vulnerable to Command Injection via Malicious Perforce Repository

CVE-2026-1782 MEDIUM

MetForm Pro <= 3.9.7 - Unauthenticated Payment Amount Manipulation via 'mf-calculation'

CVE-2026-6328 HIGH

XQUIC Improper STREAM Frame Validation in Initial/Handshake Packets

CVE-2026-39399 CRITICAL

NuGet Gallery: Arbitrary Blob Overwrite via Nuspec Confusion and URI Fragment Truncation

CVE-2026-35031 CRITICAL

Jellyfin: Potential RCE via subtitle upload path traversal + .strm chain

CVE-2026-27299 MEDIUM

Adobe Framemaker | Improper Input Validation (CWE-20)

CVE-2026-27306 HIGH

ColdFusion | Improper Input Validation (CWE-20)

CVE-2026-27304 CRITICAL

ColdFusion | Improper Input Validation (CWE-20)

CVE-2026-27282 HIGH

ColdFusion | Improper Input Validation (CWE-20)

CVE-2026-24893 HIGH

openITCOCKPIT has Authenticated Command Injection Leading to Remote Code Execution via Host Address Macro Expansion

CVE-2026-33826 HIGH

Windows Active Directory Remote Code Execution Vulnerability

CVE-2026-33116 HIGH

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

CVE-2026-32203 HIGH

.NET and Visual Studio Denial of Service Vulnerability

CVE-2026-32201 MEDIUM KEV

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2026-32168 HIGH

Azure Monitor Agent Elevation of Privilege Vulnerability

CVE-2026-32149 HIGH

Windows Hyper-V Remote Code Execution Vulnerability

Previous Page 2 of 482 Next

Details

Vulnerabilities 12,039

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy