Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,462 vulnerabilities with CWE-20

CVE-2024-6973 HIGH

Cato Windows SDP Client < 5.10.34 - Remote Code Execution via Crafted URLs

CVE-2024-7340 HIGH

Weave < 0.50.8 - Path Traversal and Arbitrary File Read via Server API

CVE-2024-39950 HIGH

Dahua NVR4104-4KS2/L < 4.003.0000000.1.r.240515 - Stack-based Buffer Overflow

CVE-2024-39949 HIGH

Dahuasecurity Nvr4104-4ks2/l Firmware - Reachable Assertion

CVE-2024-39948 HIGH

Dahuasecurity Nvr4104-4ks2/l Firmware - Improper Input Validation

CVE-2024-39944 HIGH

Dahuasecurity Nvr4104-4ks2/l Firmware - Improper Input Validation

CVE-2024-41945 LOW

fuels-ts < 0.93.0 - Transaction Failure via UTXO Reuse in Account Fund Function

CVE-2024-5969 MEDIUM

AIomatic < 2.0.5 - Unauthenticated Arbitrary Email Sending via aiomatic_send_email Function

CVE-2024-41120 CRITICAL

streamlit-geospatial < 2024-07-19 - Server-Side Request Forgery via URL Parameter in Vector Data Visualization

CVE-2024-41119 CRITICAL

streamlit-geospatial < 2024-07-19 - Remote Code Execution via Unsafe eval() on vis_params Input

CVE-2024-41117 CRITICAL

streamlit-geospatial < 2024-07-19 - Remote Code Execution via vis_params eval Injection

CVE-2024-41116 CRITICAL

streamlit-geospatial < 2024-07-19 - Remote Code Execution via vis_params Eval Injection

CVE-2024-41115 CRITICAL

streamlit-geospatial < 2024-07-19 - Remote Code Execution via Unsanitized Palette Input in eval()

CVE-2024-41114 CRITICAL

streamlit-geospatial < 2024-07-19 - Remote Code Execution via Unsanitized Palette Input

CVE-2024-41113 CRITICAL

streamlit-geospatial < 2024-07-19 - Remote Code Execution via vis_params eval Injection

CVE-2024-41112 CRITICAL

streamlit-geospatial < 2024-07-19 - Remote Code Execution via Palette Variable Eval Injection

CVE-2024-35296 HIGH

Apache Traffic Server 8.0.0-8.1.10 and 9.0.0-9.2.4 - Denial of Service via Invalid Accept-Encoding Header

CVE-2024-25090 MEDIUM

Apache Roller 5.0.0-6.1.2 - Authenticated Stored Cross-Site Scripting in Profile and Bookmark Features

CVE-2024-3938 MEDIUM

dotcms 5.1.5-23.01.18 - HTML Injection via Reset Password URL Parameter

CVE-2024-29068 MEDIUM

snapd < 2.62 - Denial of Service via Non-Regular File Extraction

CVE-2024-41839 LOW

Adobe Experience Manager < 6.5.21.0 and < 2024.5.0 - Security Feature Bypass via Improper Input Validation

CVE-2024-7014 HIGH

Telegram < 10.14.5 - Malicious App Disguised as Video via EvilVideo Vulnerability

CVE-2024-32007 HIGH

Apache CXF <4.0.5, 3.6.4, 3.5.9 - DoS

CVE-2024-40642 HIGH

netty-incubator-codec-ohttp < 0.0.13 - HTTP Request Smuggling and Injection via BinaryHttpParser

CVE-2024-23469 CRITICAL

SolarWinds Access Rights Manager < 2023.2.4 - Unauthenticated Remote Code Execution

Previous Page 69 of 499 Next

Details

Vulnerabilities 12,462

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy