Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,465 vulnerabilities with CWE-20

CVE-2024-20017 CRITICAL

MediaTek WLAN Service - Zero-Click Remote Code Execution

CVE-2024-25016 HIGH

IBM MQ 9.0.0.0-9.0.0.22 & MQ Appliance 9.3.0.0-9.3.4.9 - DoS via Buffering Logic

CVE-2024-27092 MEDIUM

Hoppscotch <2023.12.5 - Info Disclosure

CVE-2024-27093 MEDIUM

Minder < 0.0.31 - Denial of Service via Invalid Repository Upstream ID

CVE-2024-27447 CRITICAL

pretix < 2024.1.1 - Improper Input Validation

CVE-2024-23320 HIGH

Apache DolphinScheduler < 3.2.1 - Authenticated Remote Code Execution via JavaScript Injection

CVE-2024-26151 HIGH

mjml-python 0.10.0-0.10.9 - Cross-Site Scripting via Unsanitized Template Input

CVE-2024-1714 HIGH

SailPoint IdentityIQ - Authenticated Access Request Bypass via Entitlement Whitespace Handling

CVE-2024-22054 HIGH

UniFi Devices < 6.6.61 DoS via Malformed Discovery Packet

CVE-2024-25974 MEDIUM

OpenOlat < 18.1.6 - Authenticated Stored Cross-Site Scripting via SVG Upload

CVE-2024-25973 MEDIUM

OpenOlat < 18.1.6 - Stored Cross-Site Scripting via Group/Catalog/Curriculum Name Fields

CVE-2024-1638 HIGH

Zephyr < 3.5.0 - Improper Input Validation in Bluetooth LE Secure Connection Permission Checks

CVE-2024-0021 HIGH

Android - Local Privilege Escalation via Notification Listener Logic Error

CVE-2024-0031 CRITICAL

Android - Remote Code Execution via Improper Input Validation in attp_build_read_by_type_value_cmd

CVE-2024-20733 MEDIUM

Acrobat Reader <20.005.30539-23.008.20470 - DoS

CVE-2024-1471 MEDIUM

Tenable Security Center < 6.3.0 - Authenticated HTML Injection via Repository Parameters

CVE-2024-24696 MEDIUM

Zoom Desktop Client/VDI Client/Meeting SDK - Info Disclosure

CVE-2024-24695 MEDIUM

Zoom Desktop Client for Windows - Info Disclosure

CVE-2024-1378 CRITICAL

GitHub Enterprise Server < 3.8.15 - Authenticated Command Injection via Nomad SMTP Template

CVE-2024-1374 CRITICAL

GitHub Enterprise Server < 3.8.15 - Authenticated Command Injection via Nomad Templates

CVE-2024-1372 CRITICAL

GitHub Enterprise Server < 3.8.15 - Authenticated Command Injection via SAML Settings

CVE-2024-1369 CRITICAL

GitHub Enterprise Server < 3.8.15 - Authenticated Command Injection via Management Console Collectd Configuration

CVE-2024-1359 CRITICAL

GitHub Enterprise Server < 3.8.15 - Authenticated Command Injection via HTTP Proxy Setup

CVE-2024-1355 CRITICAL

GitHub Enterprise Server < 3.8.15 - Authenticated Command Injection via Management Console Service URL

CVE-2024-1354 HIGH

GitHub Enterprise Server < 3.8.15 - Authenticated Command Injection via syslog-ng Configuration

Previous Page 80 of 499 Next

Details

Vulnerabilities 12,465

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy