CWE-20 · Improper Input Validation
12564 CVEs classified under CWE-20 (Improper Input Validation). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-48281 | Critical | 10.0 | 2026-06-30 | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the… |
CVE-2026-48277 | Critical | 10.0 | 2026-06-30 | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the… |
CVE-2026-48055 | Critical | 10.0 | 2026-06-17 | Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability… |
CVE-2026-34910 | Critical | 10.0 | 2026-05-22 | A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. |
CVE-2026-33587 | Critical | 10.0 | 2026-05-07 | Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker contain… |
CVE-2026-0848 | Critical | 10.0 | 2026-03-05 | NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads… |
CVE-2026-21858 | Critical | 10.0 | 2026-01-08 | n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server… |
CVE-2025-20393 | Critical | 10.0 | 2025-12-17 | A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an u… |
CVE-2023-41917 | Critical | 10.0 | 2024-07-02 | Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell comm… |
CVE-2024-22476 | Critical | 10.0 | 2024-05-16 | Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation o… |
CVE-2024-3400 | Critical | 10.0 | 2024-04-12 | A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS… |
CVE-2023-51438 | Critical | 10.0 | 2024-01-09 | A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions… |
CVE-2023-7163 | Critical | 10.0 | 2023-12-28 | A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could… |
CVE-2023-42802 | Critical | 10.0 | 2023-11-02 | GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one… |
CVE-2023-45128 | Critical | 10.0 | 2023-10-16 | Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allow… |
CVE-2022-47190 | Critical | 10.0 | 2023-03-31 | Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary c… |
CVE-2023-28100 | Critical | 10.0 | 2023-03-16 | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 conta… |
CVE-2021-44228 | Critical | 10.0 | 2021-12-10 | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameter… |
CVE-2021-21322 | Critical | 10.0 | 2021-03-02 | fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is… |
CVE-2021-21321 | Critical | 10.0 | 2021-03-02 | fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0… |