Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,039 vulnerabilities with CWE-20

CVE-2026-28821 HIGH

macOS <14.8.5 - Privilege Escalation

CVE-2026-20686 MEDIUM

Apple Ios And Ipados < 26.3 - Denial of Service

CVE-2026-3912 HIGH

TIBCO ActiveMatrix BusinessWorks Injection Vulnerability

CVE-2026-33332 HIGH

NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion

CVE-2026-22559 HIGH

UniFi Network Server <10.1.89 - Auth Bypass

CVE-2026-33769 MEDIUM

Astro: Remote allowlist bypass via unanchored matchPathname wildcard

CVE-2026-4755 CRITICAL

CWE-20 in MolotovCherry Android-ImageMagick7

CVE-2026-33250 HIGH

Freeciv21 <3.1.1 - DoS

CVE-2026-4538 MEDIUM

PyTorch pt2 Loading deserialization

CVE-2026-3641 MEDIUM

Appmax <= 1.0.3 - Missing Authorization to Order Status Manipulation and Arbitrary Order Creation via Webhook Endpoint

CVE-2026-3460 MEDIUM

REST API TO MiniProgram <= 5.1.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'userid' REST API Parameter

CVE-2026-33151 HIGH

socket.io allows an unbounded number of binary attachments

CVE-2026-4438 MEDIUM

gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames

CVE-2026-4519 LOW

webbrowser.open() allows leading dashes in URLs

CVE-2026-33369 MEDIUM

Zimbra Collaboration 10.0-10.1 - LDAP Injection

CVE-2026-31805 MEDIUM

Discourse has a poll authorization bypass via post_id array parameter

CVE-2026-4451 HIGH

Google Chrome <146.0.7680.153 - Sandbox Escape

CVE-2026-4342 HIGH

ingress-nginx comment-based nginx configuration injection

CVE-2026-3230 LOW

Improper key_share validation in TLS 1.3 HelloRetryRequest

CVE-2026-32622 HIGH

SQLBot: Remote Code Execution via Terminology Poisoning

CVE-2026-27953 HIGH

ormar has a Pydantic Validation Bypass via Kwargs Injection in Model Constructor

CVE-2026-32735 LOW

Unpacking Arbitrary Mustache Template Files via `maven-dependency-plugin`

CVE-2026-4407 LOW

Out-of-bounds array write in Xpdf 4.06 due to missing validation

CVE-2026-20643 MEDIUM

Apple Macos < 26.3.2 (a) - Denial of Service

CVE-2026-3644 MEDIUM

Incomplete control character validation in http.cookies

Previous Page 6 of 482 Next

Details

Vulnerabilities 12,039

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy