Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,427 vulnerabilities with CWE-20

CVE-2026-2555 MEDIUM

JeecgBoot 3.9.1 - Deserialization via AiragKnowledgeController importDocumentFromZip

CVE-2026-2391 LOW

qs 6.7.0-6.14.2 - Comma Array Limit Denial of Service

CVE-2026-20627 MEDIUM

iPadOS < 26.3 - Unprotected User Data Exposure via Environment Variable Handling

CVE-2026-21258 MEDIUM

Microsoft Office Excel - Info Disclosure

CVE-2026-21247 HIGH

Windows 10 1809 < 10.0.17763.8389 - Authenticated Heap-based Buffer Overflow

CVE-2026-21229 HIGH

Power BI Report Server < 15.0.1120.113 - Authenticated Remote Code Execution

CVE-2026-25892 HIGH

Adminer < 5.4.2 - Denial of Service via Unvalidated Version Check POST

CVE-2026-2113 HIGH

yuan1994 tpadmin <1.3.12 - Deserialization

CVE-2026-25631 MEDIUM

NPM N8n < 1.121.0 - Improper Input Validation

CVE-2026-25723 MEDIUM

Claude Code < 2.0.55 - Authenticated Arbitrary File Write via Piped Sed Command Bypass

CVE-2026-25722 CRITICAL

Claude Code < 2.0.57 - Unauthenticated Path Traversal and Arbitrary File Write via Directory Change Command

CVE-2026-25514 HIGH

FacturaScripts < 2025.81 - Authenticated SQL Injection via Autocomplete CodeModel::all() Method

CVE-2026-25513 HIGH

FacturaScripts < 2025.81 - Authenticated SQL Injection via REST API Sort Parameter

CVE-2026-21893 HIGH

NPM N8n < 1.120.3 - OS Command Injection

CVE-2026-24512 HIGH

Kubernetes ingress-nginx Path Field - Controller Code Execution

CVE-2026-1580 HIGH

ingress-nginx < 1.13.7 and < 1.14.3 - Remote Code Execution via Auth-Method Annotation Injection

CVE-2026-22220 MEDIUM

TP-Link Archer BE230 < 1.2.4 - Denial of Service via HTTP Request

CVE-2026-24936 CRITICAL

ASUSTOR ADM AD Domain CGI - Arbitrary File Write System Compromise

CVE-2026-1691 MEDIUM

bolo-solo < 2.6.4 - Remote Code Execution via SnakeYAML Deserialization

CVE-2026-25128 HIGH

fast-xml-parser 5.0.9-5.3.3 - Denial of Service via Out-of-Range XML Entity Code Points

CVE-2026-25126 HIGH

PolarLearn <0-PRERELEASE-15 - Info Disclosure

CVE-2026-25117 HIGH

pwn.college DOJO <e33da14449a5abcff507e554f66e2141d6683b0a - XSS

CVE-2026-23571 MEDIUM

TeamViewer DEX < 26.1 - Authenticated Command Injection via 1E-Nomad-RunPkgStatusRequest Input Field

CVE-2026-23570 MEDIUM

TeamViewer DEX Client <26.1 - Info Disclosure

CVE-2026-23566 MEDIUM

TeamViewer DEX Client <26.1 - Log Injection

Previous Page 24 of 498 Next

Details

Vulnerabilities 12,427

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy