Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,440 vulnerabilities with CWE-20

CVE-2025-57805 HIGH

Scratch Channel <1.1 - Info Disclosure

CVE-2025-55301 MEDIUM

Scratch Channel <1 - Info Disclosure

CVE-2025-52451 HIGH

Tableau Server < 2023.3.19 - Absolute Path Traversal via tabdoc API Create-Data-Source-From-File-Upload

CVE-2025-50674 HIGH

OpenMediaVault 7.4.17 - Privilege Escalation

CVE-2025-9288 CRITICAL

sha.js < 2.4.11 - Input Data Manipulation via Improper Input Validation

CVE-2025-9287 CRITICAL

cipher-base <1.0.4 - Info Disclosure

CVE-2025-55444 CRITICAL

Online Artwork & Fine Arts MCA Project 1.0 - SQL Injection

CVE-2025-36114 MEDIUM

IBM QRadar SOAR Plugin App 1.0.0-5.6.0 - Path Traversal via URL Request

CVE-2025-7693 CRITICAL

Rockwell Automation PLC - Micro850 L50E V20.011-V22.011 - Denial of Service via Malformed CIP Forward Close Packet

CVE-2025-6625 HIGH

Schneider Electric Modicon M340 - Denial of Service via Crafted FTP Command

CVE-2025-52620 MEDIUM

HCL BigFix SaaS < 8.1.14 - Cross-Site Scripting via Image Upload

CVE-2025-9060 CRITICAL

MSoft MFlash 8.0 - Authenticated Remote Code Execution via Integration Configuration

CVE-2025-7507 MEDIUM

elink - Embed Content <= 1.1.0 - Authenticated Malicious Redirect via Shortcode URL Parameter

CVE-2025-20148 HIGH

Cisco Secure Firewall Management Center - XSS

CVE-2025-8876 HIGH KEV

N-able N-central < 2025.3.1 - OS Command Injection

CVE-2025-7971 HIGH

Studio 5000 Logix Designer - Code Injection

CVE-2025-8963 MEDIUM

jeecgboot JimuReport < 2.1.1 - Deserialization of Untrusted Data via Data Large Screen Template

CVE-2025-27388 HIGH

OPPO Health App <= 4.23.4 - WebView Arbitrary URL Token Theft

CVE-2025-4410 HIGH

InsydeH2O - Buffer Overflow in SetupUtility

CVE-2025-4277 HIGH

InsydeH2O Kernel 5.2-5.7 - Arbitrary Memory Write and Code Execution in SMRAM via Tcg2Smm

CVE-2025-4276 HIGH

InsydeH2O Kernel 5.3-5.7 - Arbitrary SMRAM Write and SMM Code Execution via UsbCoreDxe

CVE-2025-49554 HIGH

Adobe Commerce < 2.4.4 - Denial of Service via Improper Input Validation

CVE-2025-25005 MEDIUM

Microsoft Exchange Server - Info Disclosure

CVE-2025-32004 LOW

Intel Edger8r Tool - Privilege Escalation

CVE-2025-27537 MEDIUM

Intel(R) Tiber(TM) Edge Platform <24.11.1 - Privilege Escalation

Previous Page 42 of 498 Next

Details

Vulnerabilities 12,440

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy