Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,440 vulnerabilities with CWE-20

CVE-2025-8007 MEDIUM

Rockwell Automation 1756-EN2TR/EN4TR <7.001 DoS via Concurrent Forward Close

CVE-2025-10061 MEDIUM

MongoDB 6.0.0-6.0.24 - Authenticated Denial of Service via $group Accumulator Function

CVE-2025-58361 CRITICAL

promptcraft-forge-studio - Cross-Site Scripting via Incomplete URL Scheme Validation

CVE-2025-58353 HIGH

promptcraft-forge-studio - Cross-Site Scripting via Regex Blacklist Bypass

CVE-2025-32322 HIGH

Android - Unauthorized Screen Recording Token Grant via MediaProjectionPermissionActivity Input Validation

CVE-2025-48559 MEDIUM

Android - Local Denial of Service via AppOpsService Input Validation

CVE-2025-48556 HIGH

Android - Local Privilege Escalation via NotificationChannel Input Validation

CVE-2025-48541 HIGH

FaceSettings < - Privilege Escalation

CVE-2025-48538 MEDIUM

Android - Local Denial of Service via PackageManagerService Input Validation

CVE-2025-48537 HIGH

Android - Denial of Service and Local Information Disclosure via Improper Input Validation

CVE-2025-32323 HIGH

Android - Local Privilege Escalation via Deceptive Permission Popup Text

CVE-2025-26429 MEDIUM

Android - Denial of Service via AppOpsService collectOps Input Validation

CVE-2025-26426 MEDIUM

Android - Local Privilege Escalation via BroadcastController.java Input Validation

CVE-2025-9467 MEDIUM

Vaadin <7.7.47, <8.28.1, <14.13.0, <23.6.1, <24.7 - Auth Bypass

CVE-2025-46047 MEDIUM

Silverpeas 6.4.1-6.4.2 - User Enumeration via ForgotPassword Login Parameter

CVE-2025-52547 HIGH

Copeland E3 Supervisory Controller Firmware < 2.31f01 - Denial of Service via Unvalidated API Call

CVE-2025-52544 HIGH

Copeland E3 Supervisory Controller Firmware < 2.31f01 - Unauthenticated Arbitrary File Read via Floor Plan Upload

CVE-2025-8662 MEDIUM

OpenAM 14.0.0-14.0.1 - SAML IdP Malfunction via Tampered Request

CVE-2025-55173 MEDIUM

Next.js <14.2.31, 15.0.0-15.4.4 - Code Injection

CVE-2025-57220 MEDIUM

Tenda AC10 v4.0 Firmware 16.03.10.09_multi_TDE01 - Unauthenticated Privilege Escalation via UDP Packet to ate Service

CVE-2025-9195 MEDIUM

Solidigm D7-PS1010/D7-PS1030 - Denial of Service via Improper Input Validation

CVE-2025-34161 HIGH

Coolify < 4.0.0-beta.420.7 - Authenticated Remote Code Execution via Git Repository Field

CVE-2025-34159 HIGH

Coolify < 4.0.0-beta.420.6 - Authenticated Remote Code Execution via Docker Compose Directive Injection

CVE-2025-34157 CRITICAL

Coolify < 4.0.0-beta.420.6 - Authenticated Stored Cross-Site Scripting in Project Name

CVE-2025-57810 HIGH

jspdf < 3.0.2 - Denial of Service via addImage Method

Previous Page 41 of 498 Next

Details

Vulnerabilities 12,440

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy