Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,423 vulnerabilities with CWE-20

CVE-2026-46679 HIGH

libp2p: Memory DoS via subscription flood of unique topics

CVE-2026-46669 HIGH

`openvm-pairing` pairing check missing proper subfield check on scaling factor

CVE-2026-45783 HIGH

libp2p: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes

CVE-2026-50569 MEDIUM

Fission: HTTPTrigger admission omits RelativeURL / Prefix validation; kubectl apply bypasses CLI checks

CVE-2026-45062 HIGH

FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files

CVE-2026-20257 MEDIUM

Improper Input Validation through Classic Dashboard CSS in Splunk Enterprise

CVE-2026-20256 MEDIUM

Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk Enterprise

CVE-2026-20255 MEDIUM

Improper Input Validation through Classic Dashboards in Splunk Enterprise

CVE-2026-20254 MEDIUM

Information Disclosure through External Content Restriction Bypass in Splunk Enterprise

CVE-2026-45565 HIGH

Roxy-WI: EscapedString validator skips its '..' block when stripping (root cause for several path-traversal/RCE vectors)

CVE-2026-45558 CRITICAL

Roxy-WI: Authenticated RCE on every managed HAProxy load balancer via `option` field config injection in section save

CVE-2026-45556 CRITICAL

Roxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`

CVE-2026-45329 HIGH

Espressif ESP-IDF ESP-TEE Secure Services - TEE Memory Disclosure

CVE-2026-45328 CRITICAL

Espressif ESP-IDF ESP-TEE Secure Services - Out-of-Bounds Write

CVE-2026-41727 MEDIUM

In Spring for Apache Kafka, forged retry topic headers subvert retry routing and backoff behavior

CVE-2026-47903 MEDIUM

CAI Content Credentials | Improper Input Validation (CWE-20)

CVE-2026-34712 HIGH

CAI Content Credentials | Improper Input Validation (CWE-20)

CVE-2026-47931 HIGH

ColdFusion | Improper Input Validation (CWE-20)

CVE-2026-47930 HIGH

ColdFusion | Improper Input Validation (CWE-20)

CVE-2026-47928 CRITICAL

ColdFusion | Improper Input Validation (CWE-20)

CVE-2026-47909 MEDIUM

Dreamweaver Desktop | Improper Input Validation (CWE-20)

CVE-2026-9213 MEDIUM

Insufficient input validation in certain NETGEAR routers

CVE-2026-9212 MEDIUM

Insufficient authentication and input validation in certain NETGEAR products

CVE-2026-9211 MEDIUM

Certain NETGEAR routers allow unauthenticated users to gain control of the router

CVE-2026-9210 MEDIUM

Certain NETGEAR routers allow authenticated administrators to gain unintended control of the router

Previous Page 2 of 497 Next

Details

Vulnerabilities 12,423

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy