CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,440 vulnerabilities with CWE-20
CVE-2025-64986 HIGH
TeamViewer DEX < 21.0 - Authenticated Command Injection via 1E-Explorer-TachyonCore-DevicesListeningOnAPort Instruction
CVSS 7.2
CVE-2025-46266 MEDIUM
TeamViewer DEX Client <25.11 - SSRF
CVSS 4.3
CVE-2025-44016 HIGH
TeamViewer DEX Client < 25.11 - Arbitrary Code Execution via File Integrity Validation Bypass
CVSS 8.8
CVE-2025-12687 MEDIUM
TeamViewer DEX Client < 25.11 - Denial of Service via Crafted Command
CVSS 6.5
CVE-2025-61822 MEDIUM
ColdFusion <= 2025.4, <= 2023.16, <= 2021.22 - Arbitrary File System Write via Improper Input Validation
CVSS 6.2
CVE-2025-61812 HIGH
ColdFusion <= 2025.4, <= 2023.16, <= 2021.22 - Authenticated Remote Code Execution
CVSS 8.4
CVE-2025-61809 CRITICAL
ColdFusion 2025.4 2023.16 2021.22 and earlier - Security Feature Bypass via Improper Input Validation
CVSS 9.1
CVE-2025-64666 HIGH
Microsoft Exchange Server - Privilege Escalation via Improper Input Validation
CVSS 7.5
CVE-2025-62571 HIGH
Windows Installer - Authenticated Privilege Escalation via Improper Input Validation
CVSS 7.8
CVE-2025-62455 HIGH
Windows 10 1607-22H2 & Server 2008-2019 Privilege Escalation via Message Queuing
CVSS 7.8
CVE-2025-12946 HIGH
NETGEAR Nighthawk Routers - Remote Code Execution via Speedtest DNS Manipulation
CVSS 7.5
CVE-2025-12945 HIGH
NETGEAR Nighthawk R7000P <1.3.3.154 - Command Injection
CVSS 7.2
CVE-2025-40935 MEDIUM
RUGGEDCOM -<V5.10.1 - Info Disclosure
CVSS 4.3
CVE-2025-40831 MEDIUM
SINEC Security Monitor < 4.10.0 - Authenticated Denial of Service via Report Generation Date Parameter
CVSS 6.5
CVE-2025-2296 HIGH
TianoCore EDK2 BIOS - Local Input Validation Command Execution
CVE-2025-13428 HIGH
Google Security Operations SOAR < 6.3.64 - Authenticated Remote Code Execution via Malicious Python Package Upload
CVSS 7.2
CVE-2025-48638 HIGH
__pkvm_load_tracing - Privilege Escalation
CVSS 7.8
CVE-2025-48632 HIGH
Android - Local Privilege Escalation via CDM Association Persistence
CVSS 7.8
CVE-2025-48624 HIGH
Android - Local Privilege Escalation via Improper Input Validation in arm-smmu-v3.c
CVSS 7.8
CVE-2025-48623 HIGH
Google Android - Out-of-Bounds Write in PKVM
CVSS 7.8
CVE-2025-48612 HIGH
Android - Local Privilege Escalation via NFC Payment Setting Manipulation
CVSS 7.8
CVE-2025-48601 MEDIUM
Android - Denial of Service via Improper Input Validation
CVSS 5.5
CVE-2025-48594 HIGH
Android - Local Privilege Escalation via DisassociationProcessor Input Validation
CVSS 7.3
CVE-2025-48566 HIGH
Google Android Intent Forwarding - Privilege Escalation
CVSS 7.8
CVE-2025-48525 HIGH
Android - Local Privilege Escalation via DisassociationProcessor Input Validation
CVSS 7.8
Details
Vulnerabilities 12,440
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits