Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,440 vulnerabilities with CWE-20

CVE-2025-22432 MEDIUM

Android - Local Privilege Escalation via CallRedirectionProcessor Input Validation

CVE-2025-26489 MEDIUM

Infinera MTC-9 Firmware 22.1.1.0275-<23.0 - Authenticated Denial of Service via Netconf XML Payload

CVE-2025-26488 HIGH

Infinera MTC-9 Firmware >=22.1.1.0275 <23.0 - Unauthenticated Denial of Service via Crafted XML Payloads

CVE-2025-54306 HIGH

Thermo Fisher Torrent Suite 5.18.1 - Authenticated Remote Code Execution via Network Configuration Endpoint

CVE-2025-20389 MEDIUM

Splunk Enterprise <10.0.2,9.4.6,9.3.8,9.2.10 - DoS

CVE-2025-66400 MEDIUM

mdast-util-to-hast <13.2.1 - Info Disclosure

CVE-2025-63095 MEDIUM

Tempus Ex hello-video-codec <0.1.0 - DoS

CVE-2025-26858 HIGH

Socomec DIRIS Digiware M-70 1.6.9 - Unauthenticated Denial of Service via Modbus TCP

CVE-2025-13805 LOW

NutzBoot < 2.6.0-SNAPSHOT - Remote Code Execution via LiteRpc-Serializer Deserialization

CVE-2025-66225 HIGH

OrangeHRM 5.0-5.7 - Unauthenticated Account Takeover via Password Reset Username Manipulation

CVE-2025-53939 MEDIUM

Kiteworks <9.1.0 - Privilege Escalation

CVE-2025-66201 HIGH

LibreChat < 0.8.1-rc2 - Authenticated Server-Side Request Forgery via Actions Feature

CVE-2025-13762 MEDIUM

CyberArk Secure Web Sessions Extension <2.2.30305 - DoS

CVE-2025-0658 HIGH

Automated Logic and Carrier Zone Controllers < 6.06-101 - Denial of Service via BACnet Protocol

CVE-2025-66259 CRITICAL

DB Electronica Mozart FM Transmitter - Authenticated RCE via Improper Input Validation

CVE-2025-33191 MEDIUM

NVIDIA DGX Spark GB10 - Memory Corruption

CVE-2025-0248 HIGH

HCL iNotes <12.0.2 FP6 and <14.0 FP4 - Reflected Cross-Site Scripting

CVE-2025-12741 HIGH

Looker - Command Injection

CVE-2025-12740 HIGH

Looker <upgrade - Command Injection

CVE-2025-12889 MEDIUM

wolfssl - Improper Input Validation in TLS 1.2 Digest Handling

CVE-2025-65946 HIGH

Roo Code <3.26.7 - Command Injection

CVE-2025-11936 MEDIUM

wolfssl 5.8.2-5.8.3 - Unauthenticated Denial of Service via TLS 1.3 KeyShareEntry Parsing

CVE-2025-11934 LOW

wolfSSL 5.8.2-5.8.4 - TLS 1.3 CertificateVerify Signature Algorithm Downgrade

CVE-2025-11933 MEDIUM

wolfssl 5.8.2-5.8.4 - Unauthenticated Denial of Service via TLS 1.3 CKS Extension Parsing

CVE-2025-62164 HIGH

vLLM 0.10.2-0.11.1 - Remote Code Execution via Malicious Prompt Embedding Tensors

Previous Page 35 of 498 Next

Details

Vulnerabilities 12,440

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy