Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,465 vulnerabilities with CWE-20

CVE-2024-1854 MEDIUM

Essential Blocks < 4.5.1 - Authenticated Stored Cross-Site Scripting via blockId Parameter

CVE-2024-0161 HIGH

Dell PowerEdge Server BIOS - Arbitrary SMRAM Write via Improper SMM Communication Buffer Verification

CVE-2024-27894 HIGH

Pulsar Functions Worker - Code Injection

CVE-2024-27135 HIGH

Apache Pulsar 2.4.0-2.10.5, 2.11.0-2.11.3, 3.0.0-3.0.2, 3.1.0-3.1.2, 3.2.0 - Remote Code Execution

CVE-2024-26197 MEDIUM

Windows Server 2012, 2016, 2019, 2022 DoS in Standards-Based Storage Management Service

CVE-2024-26181 MEDIUM

Windows Kernel - Denial of Service via Improper Input Validation

CVE-2024-26173 HIGH

Windows Kernel - Elevation of Privilege via Improper Input Validation

CVE-2024-26170 HIGH

Windows 10/11, Server 2022 Elevation of Privilege in Composite Image File System

CVE-2024-26164 HIGH

Microsoft Django Backend for SQL Server < 1.4.1 - Remote Code Execution

CVE-2024-21448 MEDIUM

Microsoft Teams < 1.0.0.2024022302 - Information Disclosure

CVE-2024-26002 HIGH

CHARX SEC-3000/3050/3100/3150 Firmware < 1.5.1 - Privilege Escalation via Qualcom plctool File Ownership Change

CVE-2024-25999 HIGH

CHARX SEC-3000/3050/3100/3150 Firmware < 1.5.1 - Unauthenticated Privilege Escalation via OCPP Agent Service

CVE-2024-25997 MEDIUM

CHARX SEC-3000/3050/3100/3150 Firmware < 1.5.1 - Unauthenticated Log Injection via Improper Input Validation

CVE-2024-25995 CRITICAL

PHOENIX CONTACT CHARX SEC-3000/3050/3100/3150 < 1.5.1 - RCE & DoS via Input Validation

CVE-2024-23717 HIGH

Android - Keystroke Injection via Improper Input Validation in btm_sec.cc

CVE-2024-0045 MEDIUM

Android - Out-of-bounds Read in smp_proc_sec_req

CVE-2024-2339 HIGH

PostgreSQL Anonymizer 1.2 - Privilege Escalation via Malicious Masking Function

CVE-2024-27613 HIGH

Numbas editor <7.3 - Info Disclosure

CVE-2024-27612 MEDIUM

Numbas editor <7.3 - Info Disclosure

CVE-2024-23294 HIGH

macOS < 14.4 - Remote Code Execution

CVE-2024-23263 MEDIUM

Safari < 17.4 - Content Security Policy Bypass via Malicious Web Content

CVE-2024-23246 HIGH

iPadOS < 16.7.6 - Sandbox Escape via Improper Input Validation

CVE-2024-1534 MEDIUM

Booster for WooCommerce <= 7.1.7 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes

CVE-2024-27931 MEDIUM

Deno < 1.41.1 - Path Traversal via Temp File API Parameter Injection

CVE-2024-20034 HIGH

Android - Local Privilege Escalation via Missing Bounds Check in Battery Component

Previous Page 79 of 499 Next

Details

Vulnerabilities 12,465

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy