Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,423 vulnerabilities with CWE-20

CVE-2026-10916 MEDIUM

Google Chrome - Improper Input Validation

CVE-2026-10912 MEDIUM

Google Chrome - Improper Input Validation

CVE-2026-10911 HIGH

Google Chrome - Improper Input Validation

CVE-2026-10904 HIGH

Google Chrome - Arbitrary Code Execution

CVE-2026-36175 MEDIUM

GNCC GP5 v7.1.76 - Authentication Bypass via U-Boot Kernel Boot Argument Injection

CVE-2026-10863 HIGH

MISP User-controlled order parameter in correlations over-correlation endpoint

CVE-2026-37460 HIGH

FRRouting stable/10.0-10.6 - Denial of Service via Crafted BGP UPDATE Message

CVE-2026-35081 HIGH

MBS Gateway Devices V1_0_0_0-V6_0_0_7 - ugw-logstop Process Termination

CVE-2026-47201 HIGH

authentik: XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

CVE-2026-35049 MEDIUM

wire-ios has Persistent Remote DoS via Integer Underflow

CVE-2026-45685 HIGH

OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages

CVE-2026-45678 HIGH

OpenTelemetry eBPF Instrumentation: Postgres BIND parsing can panic on malformed payloads

CVE-2026-45676 MEDIUM

OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agent

CVE-2026-44367 LOW

Klaw: user lockout due to case sensitivity inconsistency

CVE-2026-7195 HIGH

CWE-20: Improper Input Validation in web services in Progress Sitefinity

CVE-2026-3620 MEDIUM

Word Replacer <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Replacement' Parameter

CVE-2026-10566 MEDIUM

FoundationAgents MetaGPT schema.py Message.check_instruct_content deserialization

CVE-2026-28578 MEDIUM

Android 15-16 DevicePolicyManagerService - Local Denial of Service

CVE-2026-0085 MEDIUM

Android 14-16 DataRowHandler - Local Contact Name Denial of Service

CVE-2026-0078 HIGH

Android 14-16 DevicePolicyManagerService - Local Privilege Escalation

CVE-2026-0070 MEDIUM

DevicePolicyManagerService.java - Unauthenticated Local Denial of Service via Improper Input Validation

CVE-2026-0051 MEDIUM

Android 14-16 UBSan Runtime - Remote Input Validation Denial of Service

CVE-2026-0018 MEDIUM

AccessibilityManagerService.java - Denial of Service via Improper Input Validation

CVE-2026-30963 LOW

Capsule < 0.13.0 - Namespace Hijacking via Unvalidated Subresource Update

CVE-2026-22872 CRITICAL

Capsule < 0.13.0 - Authenticated Privilege Escalation via TenantResource RawItems Processing

Previous Page 8 of 497 Next

Details

Vulnerabilities 12,423

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy