CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,439 vulnerabilities with CWE-20
CVE-2026-21505 MEDIUM
iccDEV < 2.3.1.2 - Undefined Behavior via Invalid Enum Value
CVSS 5.5
CVE-2026-21503 MEDIUM
iccDEV < 2.3.1.2 - Denial of Service via Null Pointer in CIccTagSparseMatrixArray
CVSS 6.1
CVE-2026-21502 MEDIUM
iccdev < 2.3.1.2 - Denial of Service via XML Tag Parser
CVSS 5.5
CVE-2026-21501 MEDIUM
iccdev < 2.3.1.2 - Stack Overflow in Calculator Parser
CVSS 5.5
CVE-2026-21500 MEDIUM
iccdev < 2.3.1.2 - Stack Overflow in XML Calculator Macro Expansion
CVSS 5.5
CVE-2026-21499 MEDIUM
iccdev < 2.3.1.2 - NULL Pointer Dereference in XML Parser
CVSS 5.5
CVE-2026-21498 MEDIUM
iccdev < 2.3.1.2 - Denial of Service via XML Calculator Parser
CVSS 5.5
CVE-2026-21497 MEDIUM
Color Iccdev < 2.3.1.2 - NULL Pointer Dereference
CVSS 5.5
CVE-2026-21496 MEDIUM
iccDEV < 2.3.1.2 - Denial of Service via Signature Parser NULL Pointer Dereference
CVSS 5.5
CVE-2026-21495 MEDIUM
iccDEV < 2.3.1.2 - Denial of Service via TIFF Image Reader Division by Zero
CVSS 5.5
CVE-2026-21677 HIGH
iccdev < 2.3.1.1 - Undefined Behavior in CIccCLUT::Init Function
CVSS 8.8
CVE-2026-21487 MEDIUM
iccDEV < 2.3.1.2 - Out-of-bounds Read in CIccProfile::LoadTag
CVSS 6.1
CVE-2026-21485 HIGH
iccdev < 2.3.1.2 - Out-of-bounds Read
CVSS 8.8
CVE-2026-21675 CRITICAL
iccdev < 2.3.1.1 - Use-After-Free in CIccXform::Create()
CVSS 9.8
CVE-2025-58175 MEDIUM
GeoServer < 2.26.4 and 2.27.0-2.27.2 - Server-Side Request Forgery
CVSS 6.5
CVE-2025-48643 HIGH
Android - Local Privilege Escalation via Provisioning Bypass
CVSS 7.8
CVE-2025-5090 MEDIUM
Arista CloudVision Exchange Cluster Instability via Unexpected Switch Messages
CVSS 6.5
CVE-2025-5089 MEDIUM
Arista EOS SysDB Agent Denial of Service via Malformed CVX Client/Server Messages
CVSS 6.5
CVE-2025-22424 HIGH
Android 14-16 - Cross-User Image Disclosure Privilege Escalation
CVSS 7.8
CVE-2025-33221 MEDIUM
Nvidia GeForce - Improper Input Validation
CVSS 4.4
CVE-2025-29936 HIGH
Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics (formerly Codenamed "Rembrandt R") - Improper Input Validation
CVE-2025-35990 HIGH
Intel Endpoint Management Assistant (EMA) < 1.14.5 - Unauthenticated Privilege Escalation via Improper Input Validation
CVE-2025-52347 HIGH
PassMark BurnInTest 11.0 Build 1011 - Privilege Escalation
CVSS 7.8
CVE-2025-46115 HIGH
open5gs 2.7.3 - Denial of Service via Crafted PDU Session Modification Request
CVSS 7.5
CVE-2025-14576 HIGH
Possible QML code injection in VectorImage component
CVSS 7.8
Details
Vulnerabilities 12,439
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits