CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,039 vulnerabilities with CWE-20
CVE-2026-5879 HIGH
Google Chrome <147.0.7727.55 - Code Injection
CVSS 8.8
CVE-2026-39410 MEDIUM
Hono has a non-breaking space prefix bypass in cookie name handling in getCookie()
CVSS 4.8
CVE-2026-34197 HIGH KEV
Apache ActiveMQ Broker, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
CVSS 8.8
CVE-2026-5659 MEDIUM
pytries datrie trie File datrie.pyx Trie.__setstate__ deserialization
CVSS 6.3
CVE-2026-30078 HIGH
OpenAirInterface V2.2.0 - DoS
CVSS 7.5
CVE-2026-5536 HIGH
FedML-AI FedML gRPC server grpc_server.py sendMessage deserialization
CVSS 7.3
CVE-2026-34773 MEDIUM
Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows
CVSS 4.7
CVE-2026-34980 HIGH
OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
CVSS 7.5
CVE-2026-28797 HIGH
RAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" Component
CVSS 8.8
CVE-2026-5473 MEDIUM
NASA cFS Pickle pickle.load deserialization
CVSS 4.5
CVE-2026-34762 LOW
Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber
CVSS 2.7
CVE-2026-34760 MEDIUM
vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models
CVSS 5.9
CVE-2026-35038 MEDIUM
signalk-server: Arbitrary Prototype Read via `from` Field Bypass
CVSS 6.5
CVE-2026-32629 MEDIUM
phpMyFAQ: Stored XSS via Unsanitized Email Field in Admin FAQ Editor
CVSS 6.1
CVE-2026-29144 MEDIUM
Unicode Subject Tags
CVSS 5.3
CVE-2026-29143 CRITICAL
S/MIME Decryption Impersonation
CVSS 9.1
CVE-2026-29141 MEDIUM
Bounded Subject Tag Sanitization
CVSS 5.3
CVE-2026-29137 MEDIUM
Long Subject Untagging
CVSS 5.3
CVE-2026-29135 HIGH
Webmail Password Tag Sanitization Bypass
CVSS 7.5
CVE-2026-29133 CRITICAL
UID Regex Bypass
CVSS 9.1
CVE-2026-34525 MEDIUM
AIOHTTP: Duplicate Host header accepted
CVSS 5.3
CVE-2026-34445 HIGH
ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.
CVSS 8.6
CVE-2026-20093 CRITICAL
Cisco Integrated Management Controller Authentication Bypass Vulnerability
CVSS 9.8
CVE-2026-30523 MEDIUM
SourceCodester Loan Management System 1.0 - Business Logic
CVSS 6.5
CVE-2026-34442 MEDIUM
FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScout
CVSS 5.4
Details
Vulnerabilities 12,039
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits