Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,451 vulnerabilities with CWE-20

CVE-2025-1385 HIGH

ClickHouse - Code Injection

CVE-2025-2376 HIGH

viames Pair Framework <1.9.11 - Deserialization

CVE-2025-1767 MEDIUM

Kubernetes - Improper Input Validation in gitRepo Volume

CVE-2025-20146 HIGH

Cisco IOS XR - Unauthenticated Denial of Service via Malformed IPv4 Multicast Packets

CVE-2025-20142 HIGH

Cisco IOS XR - Unauthenticated Denial of Service via Malformed IPv4 Packet Handling

CVE-2025-27494 CRITICAL

SiPass integrated AC5102/ACC-AP <6.4.9 - Privilege Escalation

CVE-2025-27493 HIGH

Siemens Sipass Integrated Ac5102 (acc-g2) Firmware < 6.4.9 - Improper Input Validation

CVE-2025-26702 MEDIUM

ZTE GoldenDB 6.1.03-6.1.03.04 - Input Data Manipulation via Improper Input Validation

CVE-2025-0660 MEDIUM

Concrete CMS 9.0.0-9.3.9 - Stored Cross-Site Scripting in Folder Name Input

CVE-2025-2043 MEDIUM

pb-cms 1.0.0 - Deserialization of Untrusted Data via Topic Key

CVE-2025-27517 CRITICAL

livewire/volt < 1.7.0 - Remote Code Execution via Malicious Request Payload

CVE-2025-1080 HIGH

LibreOffice <24.8.5-<25.2.1 - Code Injection

CVE-2025-0958 MEDIUM

Ultimate WordPress Auction Plugin <= 4.2.9 - Authenticated Arbitrary Auction and Post Deletion

CVE-2025-0764 MEDIUM

wpForo Forum <2.4.1 - Info Disclosure

CVE-2025-1741 MEDIUM

b1gMail <7.4.1-pl1 - Deserialization

CVE-2025-0514 HIGH

LibreOffice 24.8.0-24.8.5.0 - Unauthenticated Arbitrary Windows Executable Execution via Hyperlink Activation

CVE-2025-1556 MEDIUM

westboy CicadasCMS 1.0 - Deserialization of Untrusted Data in Template Management

CVE-2025-0424 MEDIUM

bestinformed Web - Authenticated XSS

CVE-2025-0423 MEDIUM

Cordaware bestinformed Web < 6.2.2.5 - Unauthenticated Stored Cross-Site Scripting

CVE-2025-0422 HIGH

bestinformed Web - Authenticated RCE

CVE-2025-0178 MEDIUM

WatchGuard Fireware OS <12.11 - XSS

CVE-2025-0816 MEDIUM

Schneider Electric Enerlin'X IFE and eIFE - Denial of Service via Malicious IPv6 Packets

CVE-2025-0815 MEDIUM

Schneider Electric Enerlin'X IFE (LV434001) & eIFE (LV851001) DoS via ICMPv6

CVE-2025-0814 MEDIUM

Schneider Electric Enerlin'X IFE and eIFE - Denial of Service via Malicious IEC61850-MMS Packets

CVE-2025-26358 MEDIUM

Q-Free MaxTime <= 2.11.0 - Authenticated System Configuration Modification via HTTP Requests

Previous Page 54 of 499 Next

Details

Vulnerabilities 12,451

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy