CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,448 vulnerabilities with CWE-20
CVE-2025-34100 CRITICAL
BuilderEngine 3.5.0 - Code Injection
CVE-2025-34099 CRITICAL
VICIdial <2.13 RC1 - Command Injection
CVE-2025-6377 HIGH
Rockwell Automation Arena < 16.20.09 - Remote Code Execution via Crafted DOE File
CVSS 7.8
CVE-2025-6376 HIGH
Rockwell Automation Arena < 16.20.09 - Remote Code Execution via Crafted DOE File
CVSS 7.8
CVE-2025-53652 HIGH
Jenkins Git Parameter Plugin <439 - Command Injection
CVSS 8.2
CVE-2025-44526 MEDIUM
Realtek RTL8762E SDK V1.4.0 - Denial of Service via BLE LL_Length_Req Packet
CVSS 6.5
CVE-2025-7378 MEDIUM
ASUSTOR ADM <4.3.1.R5A1 - Info Disclosure
CVE-2025-7216 HIGH
lty628 Aidigu <1.8.2 - Deserialization
CVSS 7.3
CVE-2025-49719 HIGH
Microsoft SQL Server 2016-2022 Unauthenticated Information Disclosure via Network Input
CVSS 7.5
CVE-2025-47982 HIGH
Windows Storage VSP Driver - Privilege Escalation
CVSS 7.8
CVE-2025-40593 MEDIUM
SIMATIC CN 4100 < 4.0 - Denial of Service via Arbitrary File Write in SFTP Folder
CVSS 6.5
CVE-2025-24005 HIGH
CHARX SEC-3000/3050/3100/3150 Firmware < 1.7.3 - Authenticated Privilege Escalation via SSH Script
CVSS 7.8
CVE-2025-24002 MEDIUM
PHOENIX CONTACT CHARX SEC-3000/3050/3100/3150 Firmware < 1.6.5 - Unauthenticated Denial of Service via MQTT Messages
CVSS 5.3
CVE-2025-26780 HIGH
Samsung Exynos 2400 and Modem 5400 Firmware - Denial of Service via Malformed PDCP Packet
CVSS 7.5
CVE-2025-3777 LOW
Hugging Face Transformers <4.49.0 - Info Disclosure
CVSS 3.5
CVE-2025-7099 MEDIUM
BoyunCMS < 1.21 - Deserialization via Install Handler db_host Argument
CVSS 5.6
CVE-2025-7060 MEDIUM
Monitorr <= 1.7.6m - Improper Input Validation in Installer via datadir Argument
CVSS 4.1
CVE-2025-53502 MEDIUM
Mediawiki - FeaturedFeeds Ext <1.43.X - XSS
CVSS 6.5
CVE-2025-6563 MEDIUM
MikroTik RouterOS < 7.19.2 - Cross-Site Scripting via Hotspot DST Parameter
CVE-2025-52891 MEDIUM
ModSecurity <2.9.11 - Buffer Overflow
CVSS 6.5
CVE-2025-34072 CRITICAL
Anthropic's Slack Model Context Protocol Server - Info Disclosure
CVE-2025-27023 MEDIUM
Infinera G42 R6.1.3 - Info Disclosure
CVSS 6.5
CVE-2025-34060 CRITICAL
Monero Project's Laravel-based forum < - Code Injection
CVE-2025-34056 CRITICAL
AVTECH IP camera - Command Injection
CVE-2025-34055 CRITICAL
AVTECH DVR-NVR-IP Camera - Command Injection
Details
Vulnerabilities 12,448
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits