CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,440 vulnerabilities with CWE-20
CVE-2025-67484 CRITICAL
MediaWiki <1.39.16, 1.43.6, 1.44.3, 1.45.1 - Info Disclosure
CVSS 9.8
CVE-2025-67480 MEDIUM
MediaWiki <1.39.16, 1.43.6, 1.44.3, 1.45.1 - Info Disclosure
CVSS 6.5
CVE-2025-61652 LOW
DiscussionTools <1.43.4, 1.44.1 - Info Disclosure
CVE-2025-15545 MEDIUM
TP-Link Archer RE605X Firmware <= 1.2.10 - Command Injection via Backup Restore
CVSS 6.8
CVE-2025-71011 MEDIUM
OneFlow v0.9.0 - Denial of Service via Tensor.new_empty/ones/zeros Input Validation
CVSS 6.2
CVE-2025-71009 MEDIUM
OneFlow v0.9.0 - Denial of Service via Crafted Indices in flow.scatter/flow.scatter_add
CVSS 6.2
CVE-2025-71007 HIGH
OneFlow v0.9.0 - Denial of Service via Crafted Input in index_add Component
CVSS 7.5
CVE-2025-71003 HIGH
OneFlow v0.9.0 - Denial of Service via flow.arange() Input Validation
CVSS 7.5
CVE-2025-59895 HIGH
Flexense Diskpulse - Improper Input Validation
CVSS 7.5
CVE-2025-65264 MEDIUM
CPUID CPU-Z < 2.17 - Information Disclosure via IOCTL Interface
CVSS 5.5
CVE-2025-27378 HIGH
Altium On-Prem Enterprise Server 7.0.3-7.0.5 - SQL Injection via Inactive Configuration
CVSS 8.6
CVE-2025-68134 HIGH
EVerest < 2025.10.0 - Denial of Service via Assert Function Error Handling
CVSS 7.4
CVE-2025-66960 HIGH
ollama 0.1.2.10 - Denial of Service via GGUF Metadata String Length
CVSS 7.5
CVE-2025-66959 HIGH
ollama 0.1.2.10 - Denial of Service via GGUF Decoder
CVSS 7.5
CVE-2025-66902 HIGH
Pithikos websocket-server <0.6.4 - Info Disclosure
CVSS 7.5
CVE-2025-61684 HIGH
Quicly < 2026-01-18 - Denial of Service via Reachable Assertion
CVSS 7.5
CVE-2025-29847 HIGH
Apache Linkis <1.7.0 - Info Disclosure
CVSS 7.5
CVE-2025-12718 MEDIUM
Quick Contact Form <8.2.6 - Open Redirect
CVSS 5.8
CVE-2025-48647 HIGH
Android - Local Privilege Escalation via Improper Input Validation in cpm_fwtp_msg_handler
CVSS 7.8
CVE-2025-9014 HIGH
TP-Link TL-WR841N v14 < 250908 - Unauthenticated Denial of Service via Referer Header Check
CVSS 7.5
CVE-2025-65397 MEDIUM
Blurams Flare Camera < 24.1114.151.929 - Unauthenticated Arbitrary Command Execution via Crafted auth.ini File
CVSS 6.8
CVE-2025-68970 MEDIUM
Media Library Module - Privilege Escalation
CVSS 6.1
CVE-2025-68964 MEDIUM
HarmonyOS - Denial of Service in HiView Module
CVSS 6.2
CVE-2025-37173 HIGH
Mobility Conductor - Improper Input Handling
CVSS 7.2
CVE-2025-15035 HIGH
TP-Link Archer AXE75 v1.6 - Privilege Escalation
CVSS 7.3
Details
Vulnerabilities 12,440
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits