Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,439 vulnerabilities with CWE-20

CVE-2026-24403 HIGH

iccDEV <2.3.1.1 - Memory Corruption

CVE-2026-1225 LOW

logback-core <= 1.5.24 - Arbitrary Class Instantiation via Configuration File Processing

CVE-2026-23887 MEDIUM

Group-Office <6.8.148 & 25.0.1-25.0.79 - XSS

CVE-2026-22598 HIGH

ManageIQ < radjabov-2 - Denial of Service via Malformed TimeProfile

CVE-2026-22444 HIGH

Apache Solr 8.6.0-9.10.0 - Unauthenticated Path Traversal via Create Core API

CVE-2026-0933 CRITICAL

Cloudflare Wrangler 2.0.15-3.114.17 - OS Command Injection via --commit-hash Parameter

CVE-2026-0903 MEDIUM

Google Chrome < 144.0.7559.59 - Dangerous File Type Protection Bypass via Malicious File Download

CVE-2026-23886 MEDIUM

Swift W3C TraceContext <1.0.0-beta.5 & Swift OTel <1.0.4 - DoS

CVE-2026-23880 HIGH

OnboardLite <commit 1d32081a66f21bcf41df1ecb672490b13f6e429f - XSS

CVE-2026-23841 CRITICAL

Movary < 0.70.0 - Cross-Site Scripting via CategoryCreated Parameter

CVE-2026-23840 CRITICAL

Movary < 0.70.0 - Cross-Site Scripting via CategoryDeleted Parameter

CVE-2026-23839 CRITICAL

Movary < 0.70.0 - Cross-Site Scripting via CategoryUpdated Parameter

CVE-2026-23836 CRITICAL

hotcrp 3.0-3.1 - Remote Code Execution via Formula Code Injection

CVE-2026-0976 LOW

Keycloak - Path Filter Bypass via RFC-Compliant Matrix Parameters

CVE-2026-22868 HIGH

go-ethereum < 1.16.8 - Denial of Service via Crafted Message

CVE-2026-22862 HIGH

go-ethereum < 1.16.8 - Denial of Service via Crafted Message

CVE-2026-0543 MEDIUM

Kibana 7.0.0-7.17.29 - Authenticated Denial of Service via Email Connector Address Parameter

CVE-2026-21272 HIGH

Dreamweaver < 21.7 - Arbitrary File System Write via Malicious File Processing

CVE-2026-21271 HIGH

Dreamweaver < 21.7 - Arbitrary Code Execution via Malicious File

CVE-2026-21268 HIGH

Dreamweaver < 21.7 - Arbitrary Code Execution via Malicious File

CVE-2026-20951 HIGH

Microsoft SharePoint Server - Unauthenticated Remote Code Execution

CVE-2026-20856 HIGH

Windows Server Update Service - Code Injection

CVE-2026-20812 MEDIUM

Windows LDAP - Lightweight Directory Access Protocol - Info Disclosure

CVE-2026-0406 HIGH

NETGEAR XR1000v2 - Command Injection

CVE-2026-0404 HIGH

NETGEAR Orbi Firmware < 7.2.8.5 - Authenticated OS Command Injection via DHCPv6

Previous Page 26 of 498 Next

Details

Vulnerabilities 12,439

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy