CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,466 vulnerabilities with CWE-20
CVE-2023-39509 HIGH
Bosch CPP13 Firmware < 8.90 and CPP14 Firmware 8.20-8.81 - Authenticated OS Command Injection
CVSS 7.2
CVE-2023-32728 MEDIUM
Zabbix Agent2 5.0.0-5.0.37 - Remote Code Execution via smart.disk.get Item Key
CVSS 4.6
CVE-2023-32727 MEDIUM
Zabbix Server 4.0.0-4.0.48 - Authenticated Remote Code Execution via icmpping() Function
CVSS 6.8
CVE-2023-46116 CRITICAL
Tutanota <3.118.12 - Code Injection
CVSS 9.3
CVE-2023-48608 LOW
Adobe Experience Manager <6.5.18 - Info Disclosure
CVSS 3.5
CVE-2023-33217 HIGH
Idemia Multiple Devices Firmware - Permanent DoS via Upgrade Mechanism
CVSS 7.5
CVE-2023-6835 MEDIUM
WSO2 API Manager and IoT Server - Improper Input Validation in Forum Feature
CVSS 4.3
CVE-2023-48631 MEDIUM
Adobe CSS-Tools < 4.3.2 - Denial of Service via CSS Parsing
CVSS 5.3
CVE-2023-25651 MEDIUM
ZTE MF833U1 and MF286R Firmware - Authenticated SQL Injection via SMS Interface Parameter
CVSS 4.3
CVE-2023-25650 MEDIUM
ZXCLOUD iRAI < 7.23.30 - Authenticated Arbitrary File Download via Request Parameter
CVSS 6.5
CVE-2023-50709 MEDIUM
cube.js < 0.34.34 - Denial of Service via Crafted API Request
CVSS 6.5
CVE-2023-50262 MEDIUM
dompdf < 2.0.4 - Uncontrolled Recursion via Chained SVG Image References
CVSS 5.3
CVE-2023-48634 HIGH
Adobe After Effects <24.0.3-23.6.0 - RCE
CVSS 7.8
CVE-2023-6381 LOW
Newsletter Software SuperMailer <11.20.0.2204 - DoS
CVSS 3.3
CVE-2023-35619 MEDIUM
Microsoft Outlook for Mac - Spoofing via Improper Input Validation
CVSS 5.3
CVE-2023-46285 HIGH
Siemens Opcenter Quality < V2312 - Denial of Service via Crafted Message to 4004/tcp
CVSS 7.5
CVE-2023-49796 MEDIUM
mindsdb < 23.11.4.1 - Limited File Write via file.py
CVSS 5.3
CVE-2023-48425 CRITICAL
Google Chromecast Firmware < 2023-10-01 - Persistent Code Execution via U-Boot Input Validation
CVSS 9.8
CVE-2023-48311 HIGH
dockerspawner 0.11.0-12.x - Unauthenticated Arbitrary Docker Image Execution via Missing allowed_images Configuration
CVSS 8.0
CVE-2023-6245 HIGH
Candid 0.9.0-0.9.9 - Denial of Service via Empty Data Type Parsing
CVSS 7.5
CVE-2023-5058 HIGH
Phoenix SecureCore 4 - DoS/Code Execution
CVSS 7.8
CVE-2023-49958 HIGH
Dallmann-consulting Open Charge Point... - Improper Input Validation
CVSS 7.5
CVE-2023-39539 HIGH
AMI AptioV - Unrestricted Upload of Dangerous File Type via PNG Logo
CVSS 7.5
CVE-2023-39538 HIGH
AMI AptioV - Unrestricted Upload of BMP Logo File via Local Access
CVSS 7.5
CVE-2023-49248 MEDIUM
Huawei EMUI and HarmonyOS - Unauthorized File Access in Settings App
CVSS 5.5
Details
Vulnerabilities 12,466
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits