The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,628 vulnerabilities with CWE-20
CVE-2015-1425
CRITICAL
JAKWEB Gecko CMS - Multiple Input Validation Vulnerabilities
CVSS 9.8
CVE-2015-2689
HIGH
Tor < 0.2.4.26 and 0.2.5.x < 0.2.5.11 - Denial of Service via DNS Load Handling
CVSS 7.5
CVE-2015-1525
MEDIUM
Android < 5.1 - Denial of Service via NULL Device Address in AudioPolicyManagerBase
CVSS 5.5
CVE-2015-2784
CRITICAL
papercrop < 0.3.0 - Improper Input Validation
CVSS 9.8
CVE-2015-6497
HIGH
Magento < 1.9.2.1 and < 1.14.2.1 - Authenticated Remote Code Execution via Product API
CVSS 8.8
CVE-2015-5230
HIGH
PowerDNS Authoritative 3.4.0-3.4.5 - Denial of Service via Crafted DNS Query Packets
CVSS 7.5
CVE-2015-3150
HIGH
abrt-dbus - Local Privilege Escalation
CVSS 7.1
CVE-2015-1855
MEDIUM
Ruby < 2.0.0p645, 2.1.x < 2.1.6, 2.2.x < 2.2.2 - Hostname Validation Bypass in OpenSSL Extension
CVSS 5.9
CVE-2015-1607
MEDIUM
GnuPG <1.4.19, 2.0.x <2.0.27, 2.1.x <2.1.2 - DoS
CVSS 5.5
CVE-2015-8980
CRITICAL
php-gettext < 1.0.12 - Remote Code Execution via Plural Form Formula
CVSS 9.8
CVE-2015-9415
HIGH
bj_lazy_load < 1.0 - Remote File Inclusion
CVSS 7.5
CVE-2015-9351
CRITICAL
feed-them-social < 1.7.0 - Unauthenticated Shortcode Execution via Facebook Feeds Load More Button
CVSS 9.8
CVE-2015-9348
HIGH
sell-downloads < 1.0.8 - Brute-Force Purchase ID Guessing
CVSS 7.5
CVE-2015-9345
HIGH
link_log < 2.0 - HTTP Response Splitting
CVSS 7.5
CVE-2015-7559
LOW
Apache ActiveMQ < 5.14.5 - Denial of Service via Remote Shutdown Command
CVSS 2.7
CVE-2015-1326
MEDIUM
python-dbusmock <0.15.1 - Code Injection
CVSS 5.7
CVE-2015-5606
HIGH
Vordel XML Gateway 7.2.2 - Denial of Service via Crafted Request
CVSS 7.5
CVE-2015-6461
MEDIUM
Schneider Electric Modicon BMXNOC0401 and BMXNOE/BMXNOR/BMXP3420 Firmware - Remote File Inclusion via Crafted URL
CVSS 5.4
CVE-2015-5159
HIGH
kdcproxy < 0.3.2 - Denial of Service via Large POST Request
CVSS 7.5
CVE-2015-9268
HIGH
Nullsoft Scriptable Install System < 2.49 - Unsafe Implicit Linking via Version.dll
CVSS 7.8
CVE-2015-9264
CRITICAL
Lansweeper 4.x-6.x < 6.0.0.48 - Remote Code Execution via Crafted Windows Service
CVSS 9.8
CVE-2015-4664
CRITICAL
CA Privileged Access Manager < 2.4.4.4 - Remote Command Execution
CVSS 9.8
CVE-2015-9239
HIGH
ansi2html - Regular Expression Denial of Service via User Input
CVSS 7.5
CVE-2015-9242
HIGH
ecstatic < 1.4.0 - Denial of Service via If-Modified-Since Header
CVSS 7.5
CVE-2015-9241
HIGH
hapi < 11.1.3 - Denial of Service via If-Modified-Since or Last-Modified Header
CVSS 7.5
Details
Vulnerabilities
12,628
Exploit Likelihood
High