Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,424 vulnerabilities with CWE-20

CVE-2026-33332 HIGH

NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion

CVE-2026-22559 HIGH

UniFi Network Server <10.1.89 - Auth Bypass

CVE-2026-33769 MEDIUM

Astro: Remote allowlist bypass via unanchored matchPathname wildcard

CVE-2026-4755 CRITICAL

CWE-20 in MolotovCherry Android-ImageMagick7

CVE-2026-33250 HIGH

Freeciv21 < 3.1.1 - Unauthenticated Stack-based Buffer Overflow via Crafted Packets

CVE-2026-4538 MEDIUM

PyTorch pt2 Loading deserialization

CVE-2026-3641 MEDIUM

Appmax <= 1.0.3 - Missing Authorization to Order Status Manipulation and Arbitrary Order Creation via Webhook Endpoint

CVE-2026-3460 MEDIUM

REST API TO MiniProgram <= 5.1.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'userid' REST API Parameter

CVE-2026-33151 HIGH

socket.io allows an unbounded number of binary attachments

CVE-2026-4438 MEDIUM

gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames

CVE-2026-4519 LOW

webbrowser.open() allows leading dashes in URLs

CVE-2026-33369 MEDIUM

Zimbra Collaboration 10.0-10.1 - LDAP Injection

CVE-2026-31805 MEDIUM

Discourse Poll Plugin post_id - Authorization Bypass

CVE-2026-4451 HIGH

Google Chrome <146.0.7680.153 - Sandbox Escape

CVE-2026-4342 HIGH

ingress-nginx comment-based nginx configuration injection

CVE-2026-3230 LOW

Improper key_share validation in TLS 1.3 HelloRetryRequest

CVE-2026-32622 HIGH

SQLBot: Remote Code Execution via Terminology Poisoning

CVE-2026-27953 HIGH

ormar <0.23.1 Model Constructor - Pydantic Validation Bypass

CVE-2026-32735 LOW

Unpacking Arbitrary Mustache Template Files via `maven-dependency-plugin`

CVE-2026-4407 LOW

Out-of-bounds array write in Xpdf 4.06 due to missing validation

CVE-2026-20643 MEDIUM

macOS < 26.3.2 - Same Origin Policy Bypass via Navigation API

CVE-2026-3644 HIGH

Incomplete control character validation in http.cookies

CVE-2026-23489 CRITICAL

Fields GLPI plugin vulnerable to RCE in dropdown generation

CVE-2026-22204 LOW

wpDiscuz <7.6.47 - Email Header Injection

CVE-2026-1668 CRITICAL

TP-Link Omada Switches - Web Interface Memory Corruption Code Execution

Previous Page 21 of 497 Next

Details

Vulnerabilities 12,424

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy