CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,465 vulnerabilities with CWE-20
CVE-2024-23706 HIGH
Android - Local Privilege Escalation via Health Data Permission Bypass
CVSS 7.8
CVE-2024-23705 HIGH
Android - Local Privilege Escalation via Improper Input Validation
CVSS 7.8
CVE-2024-0022 MEDIUM
Android - Local Information Disclosure via CompanionDeviceManagerService Input Validation
CVSS 5.5
CVE-2024-32371 HIGH
HSC Cybersecurity HC Mailinspector <5.2.18 - Privilege Escalation
CVSS 7.5
CVE-2024-21476 HIGH
Qualcomm AQT1000 Firmware - Memory Corruption via Unvalidated Channel ID
CVSS 7.8
CVE-2024-4548 CRITICAL
DIAEnergie SQL Injection (CVE-2024-4548)
CVSS 9.8
CVE-2024-4547 CRITICAL
Delta Electronics DIAEnergie < 1.10.01.004 - Unauthenticated SQL Injection via RecalculateScript Message Fourth Field
CVSS 9.8
CVE-2024-20064 HIGH
wlan service - Privilege Escalation
CVSS 7.8
CVE-2024-20056 MEDIUM
rdk-b - Local Privilege Escalation via Insecure Default Value
CVSS 6.7
CVE-2024-34473 MEDIUM
O-RAN Near-RT RIC I-Release - Privilege Escalation
CVSS 5.3
CVE-2024-33792 CRITICAL
netis-systems MEX605 v2.00.06 - OS Command Injection via Tracert Page
CVSS 9.8
CVE-2024-4003 MEDIUM
Essential Addons for Elementor - WooCommerce Builders <5.9.15 - XSS
CVSS 6.4
CVE-2024-3747 MEDIUM
Blocksy <= 2.0.39 - Authenticated Stored Cross-Site Scripting via About Me Block className Parameter
CVSS 6.4
CVE-2024-2867 MEDIUM
ProfilePress <= 4.15.4 - Authenticated Stored Cross-Site Scripting via Title Parameter
CVSS 6.4
CVE-2024-2751 MEDIUM
Exclusive Addons for Elementor <= 2.6.9.2 - Authenticated Stored XSS via exad_infobox_animating_mask_style
CVSS 6.4
CVE-2024-25290 HIGH
Casa Systems NL1901ACV R6B032 - RCE
CVSS 8.0
CVE-2024-0710 MEDIUM
GP Unique ID plugin <1.5.5 - Info Disclosure
CVSS 5.3
CVE-2024-31965 MEDIUM
Mitel 6800/6900 SIP Phones Path Traversal Vulnerability
CVSS 4.2
CVE-2024-4142 CRITICAL
JFrog Artifactory - Privilege Escalation
CVSS 9.0
CVE-2024-23335 MEDIUM
MyBB < 1.8.38 - Unauthenticated Backup File Exposure via .htaccess Deletion
CVSS 4.7
CVE-2024-3096 MEDIUM
PHP 8.1.0-8.1.27, 8.2.0-8.2.17, 8.3.0-8.3.4 - Authentication Bypass via Null Byte Prefix in Hashed Password
CVSS 6.5
CVE-2024-2756 MEDIUM
PHP 8.1.* < 8.1.28, 8.2.* < 8.2.18, 8.3.* < 8.3.5 - Cookie Prefix Spoofing via Insecure Cookie Handling
CVSS 6.5
CVE-2024-32646 MEDIUM
vyperlang/vyper < 0.4.0 - Double Evaluation Vulnerability via Slice Builtin
CVSS 5.3
CVE-2024-32645 MEDIUM
vyperlang/vyper < 0.4.0 - Incorrect Topic Logging via RawLog Builtin
CVSS 5.3
CVE-2024-28240 HIGH
glpi_agent < 1.7.2 - Denial of Service and Privilege Escalation via MSI Configuration
CVSS 7.3
Details
Vulnerabilities 12,465
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits