CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,440 vulnerabilities with CWE-20
CVE-2025-48985 LOW
Vercel AI SDK <6.0.0-beta - Auth Bypass
CVSS 3.7
CVE-2025-64176 MEDIUM
ThinkDashboard < 0.6.8 - Unrestricted File Upload via Backup Import Feature
CVSS 5.3
CVE-2025-61084 HIGH
MDaemon Mail Server 23.5.2 - Info Disclosure
CVSS 7.1
CVE-2025-59596 MEDIUM
Absolute Secure Access 12.0-14.10 - Denial of Service via Crafted Network Packet
CVSS 6.5
CVE-2025-59595 HIGH
Absolute Secure Access < 14.12 - Denial of Service via Crafted Packet
CVSS 7.5
CVE-2025-62507 HIGH
Redis 8.2.0-8.2.2 - Stack-based Buffer Overflow via XACKDEL Command
CVSS 8.8
CVE-2025-54327 MEDIUM
Samsung Exynos 1280, 1380, 2200, W920, W930, W1000 Firmware - Arbitrary Write via VTS Driver Input Validation
CVSS 6.5
CVE-2025-43472 HIGH
macOS <15.7.2, <26.1, <14.8.2 - Privilege Escalation
CVSS 7.8
CVE-2025-43458 MEDIUM
Safari < 26.1 - Denial of Service via Malicious Web Content
CVSS 4.3
CVE-2025-43430 MEDIUM
Safari < 26.1 - Denial of Service via Malicious Web Content
CVSS 4.3
CVE-2025-43427 MEDIUM
Safari < 26.1 - Denial of Service via Malicious Web Content
CVSS 4.3
CVE-2025-43401 HIGH
macOS < 14.8.2, < 15.7.2, < 26.1 - Denial of Service
CVSS 7.5
CVE-2025-43365 LOW
iPadOS < 26.0 - Denial of Service via Improved Input Validation
CVSS 2.8
CVE-2025-43348 MEDIUM
macOS < 14.8.2, < 15.7.2, < 26.1 - Gatekeeper Bypass via Logic Issue
CVSS 5.5
CVE-2025-64385 CRITICAL
Manufacturer's Software - Info Disclosure
CVE-2025-61235 CRITICAL
Dataphone A920 v2025.07.161103 - RCE
CVSS 9.1
CVE-2025-12305 MEDIUM
shiyi-blog < 1.2.1 - Remote Code Execution via Deserialization in Job Handler
CVSS 6.3
CVE-2025-27224 CRITICAL
TRUfusion Enterprise <7.10.4.0 - Path Traversal
CVSS 9.8
CVE-2025-12285 CRITICAL
BLU-IC2 and BLU-IC4 < 1.20 - Weak Password Requirements
CVSS 9.8
CVE-2025-12284 MEDIUM
BLU-IC2 and BLU-IC4 Firmware <= 1.19.5 - Improper Input Validation in Web UI
CVSS 6.1
CVE-2025-12278 MEDIUM
BLU-IC2 and BLU-IC4 < 1.20 - Insufficient Session Expiration via Logout Functionality
CVSS 6.5
CVE-2025-12275 CRITICAL
BLU-IC2 and BLU-IC4 Firmware < 1.20 - Command Execution via Mail Configuration File Manipulation
CVSS 9.8
CVE-2025-11497 MEDIUM
WordPress Advanced Database Cleaner <3.1.6 - CSRF
CVSS 4.3
CVE-2025-60938 HIGH
Emoncms 11.7.3 - Authenticated Remote Code Execution via Firmware Upload Feature
CVSS 7.5
CVE-2025-11958 MEDIUM
Devolutions Server < 2025.2.15.0 - Authenticated Denial of Service via Security Dashboard Ignored-Tasks API
CVSS 4.1
Details
Vulnerabilities 12,440
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits