Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,440 vulnerabilities with CWE-20

CVE-2025-65561 HIGH

free5gc 4.1.0 - Denial of Service via PFCP Session Modification Request Local SEID Header

CVE-2025-67493 HIGH

homarr < 1.45.3 - Authenticated Privilege Escalation via LDAP Query Injection

CVE-2025-43533 MEDIUM

iPadOS < 26.2 - Denial of Service via Malicious HID Device

CVE-2025-67170 MEDIUM

RiteCMS 3.1.0 - Reflected Cross-Site Scripting

CVE-2025-66923 HIGH

Open Source Point of Sale 3.4.1 - Stored Cross-Site Scripting via Phone Number Parameter

CVE-2025-66921 HIGH

Open Source Point of Sale 3.4.1 - Stored Cross-Site Scripting via Item Name Parameter

CVE-2025-20393 CRITICAL KEV

Cisco AsyncOS < 15.0.5-016 - Unauthenticated Remote Code Execution via Spam Quarantine HTTP Request

CVE-2025-58173 HIGH

FreshRSS 1.23.0-1.27.0 - Unauthenticated Path Traversal via Language Parameter

CVE-2025-14156 CRITICAL

Fox LMS - WordPress LMS Plugin <1.0.5.1 - Privilege Escalation

CVE-2025-9207 MEDIUM

TI WooCommerce Wishlist <2.10.0 - XSS

CVE-2025-14606 MEDIUM

Tiny RDM <= 1.2.5 - Remote Code Execution via Pickle Deserialization

CVE-2025-43494 HIGH

iPadOS < 18.7.2 - Persistent Denial-of-Service via Mail Header Parsing

CVE-2025-43482 MEDIUM

macOS < 14.8.3, < 15.7.3, < 26.2 - Denial of Service

CVE-2025-43464 MEDIUM

macOS < 26.1 - Denial of Service via Website Visit

CVE-2025-66451 MEDIUM

LibreChat < 0.8.1 - Improperly Controlled Modification of Dynamically-Determined Object Attributes via PATCH Endpoint

CVE-2025-36932 HIGH

Android - Local Privilege Escalation via Improper Input Validation in tracepoint_msg_handler

CVE-2025-36929 MEDIUM

Android - Local Information Disclosure via AreFencesRegistered Input Validation

CVE-2025-66918 HIGH

edoc-doctor-appointment-system 1.0.1 - Cross-Site Scripting via Title Parameter

CVE-2025-64993 MEDIUM

TeamViewer DEX < 29.0 - Authenticated Command Injection via 1E-ConfigMgrConsoleExtensions

CVE-2025-64992 MEDIUM

TeamViewer DEX < 25.0 - Authenticated Command Injection via 1E-Nomad-PauseNomadJobQueue

CVE-2025-64991 MEDIUM

TeamViewer DEX < 15.0 - Authenticated Command Injection via 1E-PatchInsights-Deploy Instruction

CVE-2025-64990 MEDIUM

TeamViewer DEX < 21.1 - Authenticated Command Injection via 1E-Explorer-TachyonCore-LogoffUser Instruction

CVE-2025-64989 HIGH

TeamViewer DEX < 21.1 - Authenticated Command Injection via 1E-Explorer-TachyonCore-FindFileBySizeAndHash

CVE-2025-64988 HIGH

TeamViewer DEX < 19.2 - Authenticated Command Injection via 1E-Nomad-GetCmContentLocations Instruction

CVE-2025-64987 HIGH

TeamViewer DEX < 21.0 - Authenticated Command Injection via 1E-Explorer-TachyonCore-CheckSimpleIoC

Previous Page 33 of 498 Next

Details

Vulnerabilities 12,440

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy