The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,039 vulnerabilities with CWE-20
CVE-2026-28421
MEDIUM
Vim <9.2.0077 - Memory Corruption
CVSS 5.3
CVE-2026-2880
CRITICAL
@fastify/middie <9.2.0 - Auth Bypass
CVSS 9.1
CVE-2026-2750
CRITICAL
Centreon Open Tickets <25.10 - Input Validation
CVSS 9.1
CVE-2026-26935
MEDIUM
Kibana - DoS
CVSS 6.5
CVE-2026-27959
HIGH
Koa <3.1.2/2.16.4 - Auth Bypass
CVSS 7.5
CVE-2026-27818
HIGH
TerriaJS-Server <4.0.3 - SSRF
CVSS 7.5
CVE-2026-25941
MEDIUM
FreeRDP 2.x-3.x - Info Disclosure
CVSS 4.3
CVE-2026-27702
CRITICAL
Budibase <3.30.4 - Code Injection
CVSS 9.9
CVE-2026-27607
HIGH
RustFS 1.0.0-alpha.56-82 - Auth Bypass
CVSS 8.1
CVE-2026-27590
CRITICAL
Caddy <2.11.1 - Path Traversal
CVSS 9.8
CVE-2026-27585
MEDIUM
Caddy <2.11.1 - Path Traversal
CVSS 6.5
CVE-2026-27642
HIGH
free5gc UDM <=1.4.1 - Info Disclosure
CVSS 7.5
CVE-2026-21864
MEDIUM
Valkey-Bloom <a68614b - DoS
CVSS 6.5
CVE-2026-27623
HIGH
Valkey 9.0.0-9.0.3 - DoS
CVSS 7.5
CVE-2026-22568
MEDIUM
ZIA Admin UI - Info Disclosure
CVSS 5.5
CVE-2026-22567
HIGH
ZIA Admin UI - Command Injection
CVSS 7.6
CVE-2026-2970
MEDIUM
datapizza-ai 0.0.2 - Deserialization
CVSS 4.6
CVE-2026-2898
MEDIUM
funadmin <7.1.0-rc4 - Deserialization
CVSS 5.5
CVE-2026-27170
HIGH
OpenSift <=1.1.2-alpha - SSRF
CVSS 7.1
CVE-2026-26953
MEDIUM
Pi-hole Admin Interface 6.0+ - XSS
CVSS 5.4
CVE-2026-26952
MEDIUM
Pi-hole Admin Interface <6.4 - XSS
CVSS 5.4
CVE-2026-26314
HIGH
go-ethereum <1.16.9 - DoS
CVSS 7.5
CVE-2026-26063
HIGH
CediPay <1.2.3 - Auth Bypass
CVE-2026-24734
HIGH
Apache Tomcat Native 1.3.0-1.3.4 - Auth Bypass
CVSS 7.5
CVE-2026-24733
LOW
Apache Tomcat 9.0.0-11.0.14 - Auth Bypass
CVSS 3.7
Details
Vulnerabilities
12,039
Exploit Likelihood
High