Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,456 vulnerabilities with CWE-20

CVE-2024-38189 HIGH KEV

Microsoft Project 2016 < 16.0.5461.1001 - Remote Code Execution

CVE-2024-41976 HIGH

Siemens SCALANCE and RUGGEDCOM Firmware < 8.1 - Authenticated Remote Code Execution via VPN Configuration Input

CVE-2024-41940 CRITICAL

SINEC NMS < 3.0 - Authenticated OS Command Injection via Privileged Command Queue

CVE-2024-7512 MEDIUM

Concrete CMS 9.0.0-9.3.2 - Stored Cross-Site Scripting in Board Instances

CVE-2024-30188 HIGH

Apache DolphinScheduler <3.2.2 - Info Disclosure

CVE-2024-29831 HIGH

Apache DolphinScheduler < 3.2.2 - Authenticated Remote Code Execution via Switch Task Plugin

CVE-2024-6254 MEDIUM

Brizy - Page Builder <= 2.5.1 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-7005 MEDIUM

Google Chrome <127.0.6533.72 - Auth Bypass

CVE-2024-7004 MEDIUM

Google Chrome < 127.0.6533.72 - Discretionary Access Control Bypass via Safe Browsing Input Validation

CVE-2024-23483 HIGH

Zscaler Client Connector < 4.2 - OS Command Injection

CVE-2024-6915 CRITICAL

JFrog Artifactory <7.90.6-7.59.23 - Cache Poisoning

CVE-2024-21978 MEDIUM

AMD EPYC 7003 Series Firmware < milanpi_1.0.0.d - Unauthenticated Memory Read/Write via SEV-SNP Input Validation

CVE-2024-40721 HIGH

TCBServiSign < 1.0.24.0318 - Unauthenticated DLL Loading via Improper Input Validation

CVE-2024-40720 HIGH

TCBServiSign Windows < 1.0.24.0318 - Unauthenticated Arbitrary Command Execution via Registry Modification

CVE-2024-38879 HIGH

Omnivise T3000 Application Server R9.2, R8.2 SP3, R8.2 SP4 - Unauthenticated Bypass via Exposed Internal Port

CVE-2024-42458 CRITICAL

neatvnc < 0.8.1 - Improper Input Validation in Security Type Handling

CVE-2024-4353 MEDIUM

Concrete CMS 9.0.0-9.3.2 - Stored Cross-Site Scripting in Dashboard Board Name Input

CVE-2024-23600 LOW

PingIDM 7.0.0-7.4.9 - Information Disclosure via Query Filter Module

CVE-2024-6978 MEDIUM

Cato Networks SDP Client < 5.10.28 - Unauthenticated Local Root Certificate Installation

CVE-2024-6973 HIGH

Cato Windows SDP Client < 5.10.34 - Remote Code Execution via Crafted URLs

CVE-2024-7340 HIGH

Weave < 0.50.8 - Path Traversal and Arbitrary File Read via Server API

CVE-2024-39950 HIGH

Dahua NVR4104-4KS2/L < 4.003.0000000.1.r.240515 - Stack-based Buffer Overflow

CVE-2024-39949 HIGH

Dahuasecurity Nvr4104-4ks2/l Firmware - Reachable Assertion

CVE-2024-39948 HIGH

Dahuasecurity Nvr4104-4ks2/l Firmware - Improper Input Validation

CVE-2024-39944 HIGH

Dahuasecurity Nvr4104-4ks2/l Firmware - Improper Input Validation

Previous Page 68 of 499 Next

Details

Vulnerabilities 12,456

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy