Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,451 vulnerabilities with CWE-20

CVE-2024-43445 MEDIUM

OTRS 7.0.x-8.0.x, 2023.x-2024.x & Community Edition 6.0.x - MIME Sniffing via Missing X-Content-Type-Options Header

CVE-2024-10846 MEDIUM

compose-go 2.1.0-2.4.0 - Authenticated Denial of Service via Malicious YAML Payload

CVE-2024-11636 MEDIUM

Email Subscribers by Icegram Express <5.7.45 - XSS

CVE-2024-42175 LOW

HCL MyXalytics - Improper Input Validation

CVE-2024-54121 MEDIUM

HarmonyOS - Improper Input Validation in Ability Module

CVE-2024-56437 MEDIUM

HarmonyOS - Denial of Service via Widget Framework Input Parameter

CVE-2024-47934 MEDIUM

TXOne Networks Portable Inspector <1.0.0 - DoS

CVE-2024-51741 MEDIUM

Redis 7.0.0-7.2.7 - Authenticated Denial of Service via Malformed ACL Selector

CVE-2024-13136 MEDIUM

wangl1989 mysiteforme 1.0 - Deserialization

CVE-2024-56321 LOW

GoCD 18.9.0-24.4.0 - Authenticated Arbitrary Script Execution via Backup Configuration Post-Backup Script

CVE-2024-12912 HIGH

ASUS Router 3.0.0.4_382-3.0.0.6_102 - OS Command Injection in AiCloud

CVE-2024-12994 MEDIUM

running-elephant Datart 1.0.0-rc3 - Deserialization

CVE-2024-12014 LOW

eSigna 1.0-1.5 - Unauthenticated Path Traversal in eSignaViewer

CVE-2024-21549 HIGH

spatie/browsershot < 5.0.3 - Arbitrary File Read via setUrl Method

CVE-2024-25131 HIGH

OpenShift Dedicated - Privilege Escalation

CVE-2024-52593 MEDIUM

Misskey 12.29.0-2024.11.0 - Improper Input Validation in NoteCreateService and ApPersonService

CVE-2024-52592 MEDIUM

Misskey 10.92.1-2024.11.0 - Unauthenticated Poll Result Modification via ApInboxService.update

CVE-2024-52591 CRITICAL

Misskey < 2024.11.0 - User Impersonation via Missing Validation in ApRequestService and HttpRequestService

CVE-2024-52590 MEDIUM

Misskey 2024.8.0-2024.11.0 - User Impersonation via ApRequestService.signedGet Validation Bypass

CVE-2024-52579 MEDIUM

Misskey < 2024.11.0 - Server-Side Request Forgery via HttpRequestService

CVE-2024-55952 HIGH

DataEase < 1.18.27 - Authenticated Remote Code Execution via JDBC Connection String Injection

CVE-2024-21544 HIGH

spatie/browsershot < 5.0.1 - Local File Inclusion via Leading Whitespace in URL

CVE-2024-47238 HIGH

Dell Embedded Box PC 3000 Firmware < 1.25.0 - Arbitrary Code Execution

CVE-2024-54101 MEDIUM

Huawei EMUI and HarmonyOS - Denial of Service in Installation Module

CVE-2024-54100 MEDIUM

Secure Input Module - Info Disclosure

Previous Page 59 of 499 Next

Details

Vulnerabilities 12,451

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy