Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,039 vulnerabilities with CWE-20

CVE-2026-3470 LOW

SonicWall Email Security <=10.0.34.8215 - Data Corruption

CVE-2026-3469 LOW

Sonicwall Email Security - Denial of Service

CVE-2026-34383 MEDIUM

Admidio: CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter

CVE-2026-31799 MEDIUM

Tautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parameters

CVE-2026-33029 MEDIUM

Nginx UI: DoS via Negative Integer Input in Logrotate Interval

CVE-2026-30077 HIGH

OpenAirInterface V2.2.0 - DoS

CVE-2026-29909 MEDIUM

MRCMS 3.1.2 - Path Traversal

CVE-2026-4987 HIGH

SureForms <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id'

CVE-2026-33936 MEDIUM

python-ecdsa: Denial of Service via improper DER length validation in crafted private keys

CVE-2026-33894 HIGH

Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

CVE-2026-33882 MEDIUM

Statamic's Markdown preview endpoint exposes sensitive user data

CVE-2026-30576 HIGH

SourceCodester Pharmacy Product Management System 1.0 - Business Logic

CVE-2026-30575 HIGH

SourceCodester Pharmacy Product Management System 1.0 - DoS

CVE-2026-33758 MEDIUM

OpenBao has Reflected XSS in its OIDC authentication error message

CVE-2026-33284 MEDIUM

GlobalLeaks has insufficient URL validation in user support API

CVE-2026-30304 CRITICAL

AI Code 3.12.4 - Command Injection

CVE-2026-4982 HIGH

Unauthorized access to chat contents

CVE-2026-33729 CRITICAL

OpenFGA has an Authorization Bypass through cached keys

CVE-2026-29905 MEDIUM

Kirby CMS through 5.1.4 - DoS

CVE-2026-4860 HIGH

648540858 wvp-GB28181-pro API Endpoint RedisTemplateConfig.java GenericFastJsonRedisSerializer deserialization

CVE-2026-33287 HIGH

LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

CVE-2026-33285 HIGH

LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

CVE-2026-33218 HIGH

NATS has pre-auth server panic via leafnode handling

CVE-2026-28894 HIGH

Apple Ios And Ipados < 26.4 - Denial of Service

CVE-2026-28852 MEDIUM

Apple Ios And Ipados < 18.7.7 - Denial of Service

Previous Page 5 of 482 Next

Details

Vulnerabilities 12,039

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy