Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,465 vulnerabilities with CWE-20

CVE-2024-2536 MEDIUM

Rank Math SEO - AI SEO Tools < 1.0.214 - Authenticated Stored Cross-Site Scripting via HowTo Block Attributes

CVE-2024-2513 MEDIUM

WP Chat App <= 3.6.2 - Authenticated Stored Cross-Site Scripting via ImageAlt Block Attribute

CVE-2024-2226 MEDIUM

Otter Blocks < 2.6.5 - Authenticated Stored Cross-Site Scripting via Google Map Block ID Parameter

CVE-2024-2165 MEDIUM

SEOPress - On-site SEO < 7.5.2.1 - Authenticated Stored Cross-Site Scripting via Image Alt Parameter

CVE-2024-2027 MEDIUM

Real Media Library < 4.22.7 - Authenticated Stored Cross-Site Scripting via Style Attributes

CVE-2024-25116 MEDIUM

RedisBloom 2.0.0-2.4.6 and 2.5.0-2.6.9 - Authenticated Denial of Service via CF.RESERVE Command

CVE-2024-31867 MEDIUM

Apache Zeppelin <0.11.1 - SQL Injection

CVE-2024-28897 MEDIUM

Windows 10 1507-22H2 and Windows 11 21H2-23H2 - Secure Boot Security Feature Bypass

CVE-2024-26253 MEDIUM

Windows rndismp6.sys - Remote Code Execution

CVE-2024-26240 HIGH

Windows 10 1507-22H2, Windows 11 21H2-23H2, Windows Server 2008-2012 - Secure Boot Security Feature Bypass

CVE-2024-26189 HIGH

Windows Secure Boot - Security Feature Bypass via Improper Input Validation

CVE-2024-20670 HIGH

Outlook for Windows < 1.2023.0322.0100 - Spoofing via Improper Input Validation

CVE-2024-31865 MEDIUM

Apache Zeppelin <0.11.1 - Privilege Escalation

CVE-2024-31862 MEDIUM

Apache Zeppelin <0.11.0 - Info Disclosure

CVE-2024-27896 HIGH

Huawei EMUI and HarmonyOS - Improper Input Validation in Log Module

CVE-2024-27912 HIGH

Lenovo Printers - Denial of Service via Crafted LPD Packets

CVE-2024-27909 MEDIUM

Lenovo Printers - Denial of Service via HTTPS Service

CVE-2024-0080 LOW

NVIDIA nvTIFF Library < 0.3.0 - Partial Denial of Service via Crafted Input File

CVE-2024-31212 MEDIUM

InstantCMS 2.16.2 - Authenticated SQL Injection via index_chart_data period Parameter

CVE-2024-29008 MEDIUM

Apache CloudStack 4.14.0.0-4.18.1.0 - Unauthenticated Host Device Attachment via Extraconfig Feature

CVE-2024-2689 MEDIUM

Temporal Server <1.20.5, 1.21.6, 1.22.7 - DoS

CVE-2024-20334 MEDIUM

Cisco TelePresence Management Suite - XSS

CVE-2024-27201 MEDIUM

Open Automation Software OAS Platform <19.00.0057 - Info Disclosure

CVE-2024-27254 MEDIUM

IBM Db2 10.5, 11.1, 11.5 - Denial of Service via Specially Crafted Query

CVE-2024-25046 MEDIUM

IBM Db2 11.1 and 11.5 - Authenticated Denial of Service via Specially Crafted Query

Previous Page 77 of 499 Next

Details

Vulnerabilities 12,465

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy