Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-20

CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,467 vulnerabilities with CWE-20

CVE-2023-36407 HIGH

Windows Hyper-V - Privilege Escalation

CVE-2023-36406 MEDIUM

Windows 11/Server 2022 Information Disclosure (21H2<22000.2600, 22H2<22621.2715, 23H2<22631.2715, Server 23H2<25398.531)

CVE-2023-36021 HIGH

Microsoft On-Prem Data Gateway - Privilege Escalation

CVE-2023-6073 MEDIUM

Volkswagen ID.3 Firmware < 3.2 - Denial of Service and Volume Setting Spoofing via REST API

CVE-2023-45167 MEDIUM

IBM AIX 7.3 - Denial of Service via Python Uncontrolled Resource Consumption

CVE-2023-5079 HIGH

Lenovo LeCloud App - Info Disclosure

CVE-2023-43570 MEDIUM

Lenovo IdeaCentre and ThinkCentre Firmware - Authenticated Arbitrary Code Execution via SMI Callback Function

CVE-2023-47107 HIGH

PILOS 2.0.0-2.2.9 - Password Reset Token Disclosure via Host Header Manipulation

CVE-2023-6012 HIGH

Lanaccess ONSAFE MonitorHM <3.7.0 - RCE

CVE-2023-46763 MEDIUM

Framework Module - Privilege Escalation

CVE-2023-39913 HIGH

Apache UIMA Java SDK < 3.5.0 - Remote Code Execution via Untrusted Java Deserialization

CVE-2023-46851 MEDIUM

Apache Allura <1.16.0 - Info Disclosure

CVE-2023-42527 MEDIUM

Samsung Android - Information Exposure via ProcessWriteFile Input Validation

CVE-2023-28574 CRITICAL

Qualcomm Diag Handler Firmware - Memory Corruption

CVE-2023-21671 CRITICAL

Qualcomm FastConnect and QCA6391/QCM6490/QCS6490/QSM8350 Firmware - Memory Corruption in Sectools Fuse

CVE-2023-5964 CRITICAL

1E Platform < 23.0 - Remote Code Execution via End-User Interaction DisplayMessage Instruction

CVE-2023-45163 CRITICAL

1E Platform < 18.1 - Remote Code Execution via CommandLinePing Instruction Input

CVE-2023-45161 CRITICAL

1e platform < 20.1 - Remote Code Execution via URL Parameter in 1E-Exchange-URLResponseTime Instruction

CVE-2023-3893 HIGH

kubernetes-csi/csi-proxy <1.1.3 and 2.0.0-alpha.0 - Privilege Escalation via Pod Creation

CVE-2023-4043 MEDIUM

Eclipse Parsson <1.1.4-1.0.5 - Info Disclosure

CVE-2023-5763 MEDIUM

Eclipse Glassfish 5.0.0-6.2.4 - Remote Code Execution via Insecure ORB Listeners

CVE-2023-41355 CRITICAL

Chunghwa Telecom NOKIA G-040W-Q - DoS

CVE-2023-42802 CRITICAL

GLPI 10.0.7-10.0.9 - Unrestricted Upload of File with Dangerous Type via Unverified Object Instantiation

CVE-2023-20255 MEDIUM

Cisco Meeting Server < 3.6.1 - Unauthenticated Denial of Service via Web Bridge API HTTP Request

CVE-2023-20063 HIGH

Cisco Firepower 6.2.3 Authenticated RCE via Expert Mode Command Injection

Previous Page 91 of 499 Next

Details

Vulnerabilities 12,467

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy