Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,448 vulnerabilities with CWE-20

CVE-2025-53076 CRITICAL

Samsung rLottie V0.2 - Buffer Overread via Improper Input Validation

CVE-2025-53075 CRITICAL

Samsung rLottie V0.2 - Path Traversal

CVE-2025-5878 HIGH

ESAPI esapi-java-legacy - SQL Injection

CVE-2025-34047 HIGH

Leadsec SSL VPN - Unauthenticated Path Traversal and Arbitrary File Read via ostype Parameter

CVE-2025-34043 CRITICAL

Vacron NVR v1.4 - Command Injection

CVE-2025-6709 HIGH

MongoDB 6.0.0-6.0.20 - Authenticated Denial of Service via Malicious JSON Date Values in OIDC Authentication

CVE-2025-6703 MEDIUM

Mozilla neqo 0.4.24-0.13.2 - Denial of Service via Improper Input Validation

CVE-2025-6444 MEDIUM

ServiceStack < 8.6 - NTLM Relay via GetErrorResponse Type Confusion

CVE-2025-52894 HIGH

OpenBao < 2.3.0 - Unauthenticated Denial of Service via Rekey Operation Cancellation

CVE-2025-52569 MEDIUM

GitForge.jl <5.9.1 - Path Traversal

CVE-2025-50178 MEDIUM

GitForge.jl <0.4.3 - Path Traversal

CVE-2025-52568 HIGH

NeKernal <0.0.3 - Memory Corruption

CVE-2025-6547 CRITICAL

pbkdf2 <=3.1.2 - Signature Spoofing

CVE-2025-6545 CRITICAL

pbkdf2 3.0.10-3.1.2 - Signature Spoofing via Improper Input Validation in lib/to-buffer.js

CVE-2025-4563 LOW

Kubernetes 1.32.0-1.32.5 and 1.33.0-1.33.1 - Privilege Escalation via NodeRestriction Bypass

CVE-2025-34021 HIGH

Selea Targa IP OCR-ANPR Camera - Server-Side Request Forgery via JSON POST Parameters

CVE-2025-6279 MEDIUM

Upsonic < 0.55.6 - Remote Code Execution via cloudpickle.loads Deserialization

CVE-2025-29646 HIGH

open5gs < 2.7.2 - Denial of Service via Crafted PFCP SessionEstablishmentRequest Packet

CVE-2025-6240 MEDIUM

Profisee 2020R1-2024R1 - Authenticated Path Traversal in Filesystem Modules

CVE-2025-1088 LOW

Grafana < 11.6.2 - Denial of Service via Excessively Long Dashboard Title or Panel Name

CVE-2025-49081 MEDIUM

Absolute Secure Access < 13.55 - Authenticated Denial of Service via Warehouse Component

CVE-2025-4613 HIGH

Google Web Designer <16.3.0.0407 - Path Traversal

CVE-2025-47096 LOW

Adobe Experience Manager < 6.5.23.0 and < 2025.5.0 - Security Feature Bypass via Improper Input Validation

CVE-2025-0052 HIGH

Pure Storage FlashBlade DoS via Authentication Input Validation

CVE-2025-0051 HIGH

Pure Storage FlashArray - Denial of Service via Authentication Input Validation

Previous Page 47 of 498 Next

Details

Vulnerabilities 12,448

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy