Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,424 vulnerabilities with CWE-20

CVE-2026-33029 MEDIUM

Nginx UI: DoS via Negative Integer Input in Logrotate Interval

CVE-2026-30077 HIGH

OpenAirInterface V2.2.0 - Denial of Service via Malformed Message Decoding

CVE-2026-29909 MEDIUM

MRCMS 3.1.2 - Unauthenticated Directory Enumeration via File Management Module

CVE-2026-21712 MEDIUM

Node.js 24.14.0 and 25.8.1 - Denial of Service via Malformed IDN in url.format()

CVE-2026-4987 HIGH

SureForms <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id'

CVE-2026-33936 MEDIUM

python-ecdsa: Denial of Service via improper DER length validation in crafted private keys

CVE-2026-33894 HIGH

Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

CVE-2026-33882 MEDIUM

Statamic's Markdown preview endpoint exposes sensitive user data

CVE-2026-30576 HIGH

SourceCodester Pharmacy Product Management System 1.0 - Business Logic

CVE-2026-30575 HIGH

SourceCodester Pharmacy Product Management System 1.0 - DoS

CVE-2026-33758 MEDIUM

OpenBao has Reflected XSS in its OIDC authentication error message

CVE-2026-33284 MEDIUM

GlobalLeaks has insufficient URL validation in user support API

CVE-2026-30304 CRITICAL

AI Code < 3.12.4 - Remote Code Execution via Prompt Injection

CVE-2026-4982 HIGH

Unauthorized access to chat contents

CVE-2026-33729 CRITICAL

OpenFGA <1.13.1 Condition Cache Keys - Authorization Bypass

CVE-2026-29905 MEDIUM

Kirby CMS < 5.1.4 - Authenticated Denial of Service via Malformed Image Upload

CVE-2026-4860 HIGH

648540858 wvp-GB28181-pro API Endpoint RedisTemplateConfig.java GenericFastJsonRedisSerializer deserialization

CVE-2026-33287 HIGH

LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

CVE-2026-33285 HIGH

LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

CVE-2026-33218 HIGH

NATS has pre-auth server panic via leafnode handling

CVE-2026-28894 HIGH

iOS and iPadOS < 26.4 - Denial of Service via Improved Input Validation

CVE-2026-28852 MEDIUM

iOS and iPadOS < 18.7.7 - Denial of Service via Stack Overflow

CVE-2026-28821 HIGH

macOS <14.8.5 - Privilege Escalation

CVE-2026-20686 MEDIUM

iOS and iPadOS < 26.3 - Unprotected User Data Exposure via Input Validation Issue

CVE-2026-3912 HIGH

TIBCO ActiveMatrix BusinessWorks Injection Vulnerability

Previous Page 20 of 497 Next

Details

Vulnerabilities 12,424

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy