CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,427 vulnerabilities with CWE-20
CVE-2026-28421 MEDIUM
Vim < 9.2.0077 - Heap Buffer Overflow and Denial of Service via Swap File Recovery
CVSS 5.3
CVE-2026-2880 CRITICAL
@fastify/middie <9.2.0 - Auth Bypass
CVSS 9.1
CVE-2026-2750 CRITICAL
Centreon Open Tickets <25.10 - Input Validation
CVSS 9.1
CVE-2026-26935 MEDIUM
Kibana 8.4.0-8.19.12 - Denial of Service via Content Connectors Search Endpoint
CVSS 6.5
CVE-2026-27959 HIGH
Koa 3.0.0-3.1.1 and <2.16.14 - Host Header Injection via ctx.hostname
CVSS 7.5
CVE-2026-27818 HIGH
TerriaJS-Server < 4.0.3 - Server-Side Request Forgery via Proxy Domain Validation Bypass
CVSS 7.5
CVE-2026-25941 MEDIUM
FreeRDP 2.0.0-2.11.7 - Out-of-bounds Read via RDPGFX WIRE_TO_SURFACE_2 PDU
CVSS 4.3
CVE-2026-27702 CRITICAL
Budibase < 3.30.4 - Authenticated Remote Code Execution via Unsafe Eval in View Filtering
CVSS 9.9
CVE-2026-27607 HIGH
RustFS 1.0.0-alpha.56-82 - Auth Bypass
CVSS 8.1
CVE-2026-27590 CRITICAL
Caddy < 2.11.1 - Path Confusion via FastCGI Unicode Case Handling
CVSS 9.8
CVE-2026-27585 MEDIUM
Caddy < 2.11.1 - Path Sanitization Bypass via Backslash Handling
CVSS 6.5
CVE-2026-27642 HIGH
free5gc UDM <=1.4.1 - Info Disclosure
CVSS 7.5
CVE-2026-21864 MEDIUM
Valkey-Bloom < 1.0.1 - Denial of Service via RESTORE Command
CVSS 6.5
CVE-2026-27623 HIGH
Valkey 9.0.0-9.0.3 - Denial of Service via Empty Request Handling
CVSS 7.5
CVE-2026-22568 MEDIUM
Zscaler Internet Access Admin Portal < 6.2r - Authenticated Information Disclosure via Input Validation Flaw
CVSS 5.5
CVE-2026-22567 HIGH
Zscaler Internet Access Admin Portal < 6.2r - Authenticated Backend Function Execution via Input Field Injection
CVSS 7.6
CVE-2026-2970 MEDIUM
datapizza-ai 0.0.2 - Deserialization
CVSS 4.6
CVE-2026-2898 MEDIUM
funadmin <7.1.0-rc4 - Deserialization
CVSS 5.5
CVE-2026-27170 HIGH
OpenSift < 1.1.3 - Server-Side Request Forgery via URL Ingest
CVSS 7.1
CVE-2026-26953 MEDIUM
Pi-hole Web Interface 6.0-6.4.1 - Authenticated Stored HTML Injection via X-Forwarded-For Header
CVSS 5.4
CVE-2026-26952 MEDIUM
Pi-hole web_interface < 6.4.1 - Authenticated Stored HTML Injection via DNS Records Configuration
CVSS 5.4
CVE-2026-26314 HIGH
go-ethereum < 1.16.9 - Denial of Service via Crafted Message
CVSS 7.5
CVE-2026-26063 HIGH
CediPay < 1.2.3 - Improper Input Validation in Transaction API
CVE-2026-24734 HIGH
Apache Tomcat Native 1.3.0-1.3.4 - Auth Bypass
CVSS 7.5
CVE-2026-24733 LOW
Apache Tomcat 9.0.0-11.0.14 - Auth Bypass
CVSS 3.7
Details
Vulnerabilities 12,427
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits