Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,449 vulnerabilities with CWE-20

CVE-2025-30471 HIGH

iPadOS < 18.4 - Denial of Service via Input Validation Issue

CVE-2025-30452 CRITICAL

macOS < 13.7.5, < 14.7.5, < 15.4 - Input Validation Issue

CVE-2025-24255 HIGH

macOS < 13.7.5, < 14.7.5, < 15.4 - Sandbox Escape via Improved Input Validation

CVE-2025-24191 MEDIUM

macOS < 15.4 - Unprotected User Data Exposure via Environment Variable Validation

CVE-2025-1736 HIGH

PHP 8.1.0-8.1.31, 8.2.0-8.2.27, 8.3.0-8.3.18, 8.4.0-8.4.4 - Improper Input Validation in Header Handling

CVE-2025-1734 MEDIUM

PHP 8.1.0-8.1.31, 8.2.0-8.2.27, 8.3.0-8.3.18, 8.4.0-8.4.4 - Improper Input Validation in HTTP Header Parsing

CVE-2025-1217 LOW

PHP <8.1.32, <8.2.28, <8.3.19, <8.4.5 - Info Disclosure

CVE-2025-2855 MEDIUM

eladmin < 2.7 - Deserialization of Untrusted Data via /api/deploy/upload checkFile Function

CVE-2025-30355 HIGH

Synapse < 1.127.1 - Denial of Service via Malicious Federation Events

CVE-2025-20227 MEDIUM

Splunk <9.4.1, <9.3.3, <9.2.5, <9.1.8 - Info Disclosure

CVE-2025-1440 MEDIUM

Advanced iFrame < 2024.5 - Unauthenticated Excessive Option Creation in aip_map_url_callback

CVE-2025-1514 HIGH

WooCommerce Use Constructor - Info Disclosure

CVE-2025-30213 HIGH

Frappe < 14.91.0 - Remote Code Execution via Document Creation

CVE-2025-24514 HIGH

ingress-nginx < 1.11.5 and 1.12.0 - Remote Code Execution via auth-url Annotation Injection

CVE-2025-24513 MEDIUM

ingress-nginx < 1.11.5 and 1.12.0 - Directory Traversal via Admission Controller Filename Handling

CVE-2025-1098 HIGH

Kubernetes ingress-nginx mirror annotations - Controller Code Execution

CVE-2025-1097 HIGH

Kubernetes ingress-nginx auth-tls-match-cn - Controller Code Execution

CVE-2025-23204 MEDIUM

API Platform Core 3.3.8-3.3.14 - Improper Input Validation in GraphQL Resolver Security Check

CVE-2025-2690 MEDIUM

Yii 2.0.0-2.0.39 - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-2689 MEDIUM

Yii 2.0.0-2.0.45 - Deserialization of Untrusted Data in SortableIterator

CVE-2025-2622 MEDIUM

aizuda snail-job 1.4.0 - Deserialization

CVE-2025-29814 CRITICAL

Microsoft Partner Center - Privilege Escalation via Improper Authorization

CVE-2025-29923 LOW

go-redis <9.5.5, 9.6.3, 9.7.3 - Info Disclosure

CVE-2025-1385 HIGH

ClickHouse - Code Injection

CVE-2025-2376 HIGH

viames Pair Framework <1.9.11 - Deserialization

Previous Page 53 of 498 Next

Details

Vulnerabilities 12,449

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy