CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,440 vulnerabilities with CWE-20
CVE-2025-60787 HIGH
MotionEye <= 0.43.1b4 - Authenticated Configuration Command Injection
CVSS 7.2
CVE-2025-34226 HIGH
OpenPLC Runtime v3 - Persistent Denial of Service via Malformed Epoch Time in Program Upload
CVE-2025-61583 MEDIUM
ts3_manager < 2.2.2 - Reflected Cross-Site Scripting via Login Page Error Handling
CVSS 4.3
CVE-2025-61582 HIGH
ts3_manager < 2.2.2 - Unauthenticated Denial of Service via Unicode Input to Server Field
CVSS 7.5
CVE-2025-59537 HIGH
Argo CD 1.2.0-1.8.7, 2.0.0-rc1-2.14.19, 3.0.0-rc1-3.2.0-rc1, 3.1.7, 3.0.18 - DoS via Gogs Webhook Push Event
CVSS 7.5
CVE-2025-11226 MEDIUM
logback-core <= 1.5.18 - Remote Code Execution via Conditional Configuration Processing
CVE-2025-11195 LOW
Rapid7 AppSpider Pro <7.5.021 - Info Disclosure
CVSS 3.3
CVE-2025-59952 HIGH
MinIO Java SDK < 8.6.0 - Information Exposure via XML System Property Substitution
CVE-2025-59940 MEDIUM
mkdocs-include-markdown-plugin < 7.1.8 - Improper Input Validation
CVSS 6.5
CVE-2025-11135 HIGH
pmTicket Project-Management-Software <2ef379da2075f4761a2c9029cf91d...
CVSS 7.3
CVE-2025-10975 MEDIUM
GuanxingLu <31abc0baf53ef8f5db666a1c882e1ea64def2997 - SSRF
CVSS 6.3
CVE-2025-10974 MEDIUM
giantspatula SewKinect - Deserialization
CVSS 6.3
CVE-2025-10965 MEDIUM
LazyAGI LazyLLM <0.6.1 - Deserialization
CVSS 6.3
CVE-2025-40836 CRITICAL
Ericsson Indoor Connect 8855 Firmware < 2025.q2 - Command Injection via Improper Input Validation
CVSS 9.8
CVE-2025-10950 MEDIUM
geyang ml-logger < acf255bade5be6ad88d90735c8367b28cbe3a743 - Remote Code Execution via Deserialization in Ping Handler
CVSS 6.3
CVE-2025-52907 HIGH
TOTOLINK X6000R < 9.4.0cu.1360_b20241207 - Command Injection and File Manipulation via Improper Input Validation
CVSS 8.8
CVE-2025-47314 HIGH
Qualcomm QAM and SA Series Firmware - Memory Corruption via FE Driver Data Processing
CVSS 7.8
CVE-2025-52905 HIGH
TOTOLINK X6000R <= V9.4.0cu.1360_B20241207 - Denial of Service via Flooding
CVSS 7.5
CVE-2025-59535 MEDIUM
Dnnsoftware Dotnetnuke < 10.1.0 - Information Disclosure
CVSS 6.5
CVE-2025-59532 HIGH
OpenAI Codex 0.2.0-0.38.0 - Arbitrary File Write and Command Execution via Sandbox Boundary Bypass
CVE-2025-10771 MEDIUM
jeecg/jimureport < 2.1.2 - Remote Code Execution via DB2 JDBC Handler Deserialization
CVSS 6.3
CVE-2025-10770 MEDIUM
jeecg/jimureport < 2.1.2 - Deserialization via MySQL JDBC Handler
CVSS 6.3
CVE-2025-10769 MEDIUM
h2o 3.0.0.2-3.46.0.8 - Deserialization via ImportSQLTable Connection URL
CVSS 6.3
CVE-2025-10768 MEDIUM
h2o 3.0.0.2-3.46.0.8 - Deserialization via IBMDB2 JDBC Driver Connection URL
CVSS 6.3
CVE-2025-57644 CRITICAL
Accela Automation Platform 22.2.3.0.230103 - RCE & Arbitrary File Write via Test Script
CVSS 9.1
Details
Vulnerabilities 12,440
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits