Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,451 vulnerabilities with CWE-20

CVE-2025-1186 MEDIUM

xunruicms < 4.6.4 - Deserialization of Untrusted Data via Thumb Argument

CVE-2025-21375 HIGH

Windows 10/11, Server 2008 - Elevation of Privilege via Kernel Streaming WOW Thunk Driver

CVE-2025-21350 MEDIUM

Windows 10 1507-24H2 and Windows Server 2008 - Denial of Service via Kerberos

CVE-2025-21194 HIGH

Microsoft Surface Firmware - Security Feature Bypass via Improper Input Validation

CVE-2025-21126 MEDIUM

Adobe InDesign < 19.5.2 - Denial of Service via Malicious File

CVE-2025-24499 HIGH

SCALANCE -<V3.0.0 - Info Disclosure

CVE-2025-1177 MEDIUM

XunRuiCMS 4.6.3 - Deserialization of Untrusted Data in Linkage Import Function

CVE-2025-24970 HIGH

Netty <4.1.118.Final - Buffer Overflow

CVE-2025-1113 MEDIUM

taisan tarzan-cms <= 1.0.0 - Deserialization of Untrusted Data via Add Theme Handler

CVE-2025-1077 CRITICAL

IBL Software Engineering Visual Weather - RCE

CVE-2025-24319 MEDIUM

F5 BIG-IP Next Central Manager 20.2.0-20.2.x - Denial of Service via API Request

CVE-2025-20184 MEDIUM

Cisco AsyncOS Software - Command Injection

CVE-2025-20183 MEDIUM

Cisco AsyncOS - Unauthenticated Antivirus Scanner Bypass via Crafted Range Request Header

CVE-2025-1026 HIGH

Spatie/Browsershot <5.0.5 - Local File Inclusion

CVE-2025-1022 HIGH

Spatie/Browsershot <5.0.5 - Info Disclosure

CVE-2025-0974 MEDIUM

MaxD Lightning Module 4.43 - Deserialization

CVE-2025-0938 MEDIUM

CPython urllib.parse - Bracketed Host Validation Bypass

CVE-2025-24504 MEDIUM

Unknown App <version> - Info Disclosure

CVE-2025-24501 MEDIUM

Broadcom Symantec Privileged Access Management 3.4.6-4.1.8 and 4.2.0 - Unauthenticated Log Tampering via HTTP Request

CVE-2025-0841 HIGH

Aridius XYZ <20240927 - Deserialization

CVE-2025-24882 MEDIUM

regclient < 0.7.1 - Digest Spoofing via Manifest Pin Bypass

CVE-2025-0734 MEDIUM

y_project RuoYi <4.8.0 - Deserialization

CVE-2025-23202 CRITICAL

Bible Module <0.0.3 - Command Injection

CVE-2025-23041 MEDIUM

Umbraco.Forms < 8.13.16, < 10.5.7 - Improper Input Validation in Character Limit Enforcement

CVE-2025-21370 HIGH

Windows 11 22H2/23H2/24H2 Elevation of Privilege in Virtualization-Based Security Enclave

Previous Page 55 of 499 Next

Details

Vulnerabilities 12,451

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy