Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,448 vulnerabilities with CWE-20

CVE-2025-54385 CRITICAL

XWiki < 16.10.6 - SQL Injection via Hibernate Query Sanitization Bypass

CVE-2025-54365 HIGH

fastapi-guard 3.0.1 - Regular Expression Denial of Service via Script Tag Attribute Bypass

CVE-2025-47281 HIGH

Kyverno < 1.14.2 - Denial of Service via JMESPath Variable Substitution

CVE-2025-6585 HIGH

WP JobHunt <7.2 - Insecure Direct Object Reference

CVE-2025-54134 MEDIUM

HAX CMS NodeJS < 11.0.9 - Authenticated Denial of Service via Missing URL Parameters

CVE-2025-50151 HIGH

Apache Jena <5.4.0 - Info Disclosure

CVE-2025-7876 MEDIUM

MetaCRM < 6.4.2 - Remote Code Execution via Deserialization in download.jsp AnalyzeParam

CVE-2025-34132 CRITICAL

LILIN Digital Video Recorder <2.0b60_20200207 - Command Injection

CVE-2025-34129 HIGH

LILIN DVR <2.0b60_20200207 - Command Injection

CVE-2025-34124 HIGH

Heroes of Might and Magic III - Buffer Overflow

CVE-2025-34123 HIGH

VideoCharge Studio 2.12.3.685 - Buffer Overflow

CVE-2025-34118 HIGH

Linknat VOS Manager <2.1.9.07 - Path Traversal

CVE-2025-34300 CRITICAL

Template Injection Vulnerability in Sawtooth Software

CVE-2025-6558 HIGH KEV

Google Chrome <138.0.7204.157 - RCE

CVE-2025-34116 HIGH

IPFire < 2.19 Core Update 101 - Authenticated Remote Command Execution via proxy.cgi NCSA User Creation Form

CVE-2025-34115 HIGH

OP5 Monitor <7.1.9 - Command Injection

CVE-2025-34113 HIGH

Tiki Wiki CMS <14.1-6.14 - Command Injection

CVE-2025-34111 CRITICAL

Tiki Wiki CMS Groupware < 15.1 - Unauthenticated Arbitrary File Upload via ELFinder Connector

CVE-2025-34108 HIGH

Disk Pulse Enterprise <9.0.34 - Buffer Overflow

CVE-2025-34105 CRITICAL

DiskBoss Enterprise <8.2.14 - Buffer Overflow

CVE-2025-47182 MEDIUM

Microsoft Edge Chromium < 138.0.3351.55 - Authenticated Security Feature Bypass via Improper Input Validation

CVE-2025-5992 LOW

Qt <6.8.3, <6.9.1 - DoS

CVE-2025-53471 MEDIUM

Emerson ValveLink - Info Disclosure

CVE-2025-34102 CRITICAL

CryptoLog PHP - Unauthenticated Remote Code Execution via SQL Injection and Command Injection

CVE-2025-34101 CRITICAL

Serviio Media Server <1.8 - Command Injection

Previous Page 45 of 498 Next

Details

Vulnerabilities 12,448

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy