CWE-20 · Improper Input Validation

12564 CVEs classified under CWE-20 (Improper Input Validation). Browse by severity and year.

Top CVEs for CWE-20
CVESeverityScorePublishedSummary
CVE-2026-48281Critical10.02026-06-30ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the…
CVE-2026-48277Critical10.02026-06-30ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the…
CVE-2026-48055Critical10.02026-06-17Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability…
CVE-2026-34910Critical10.02026-05-22A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
CVE-2026-33587Critical10.02026-05-07Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker contain…
CVE-2026-0848Critical10.02026-03-05NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads…
CVE-2026-21858Critical10.02026-01-08n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server…
CVE-2025-20393Critical10.02025-12-17A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an u…
CVE-2023-41917Critical10.02024-07-02Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell comm…
CVE-2024-22476Critical10.02024-05-16Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation o…
CVE-2024-3400Critical10.02024-04-12A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS…
CVE-2023-51438Critical10.02024-01-09A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions…
CVE-2023-7163Critical10.02023-12-28A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could…
CVE-2023-42802Critical10.02023-11-02GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one…
CVE-2023-45128Critical10.02023-10-16Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allow…
CVE-2022-47190Critical10.02023-03-31Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary c…
CVE-2023-28100Critical10.02023-03-16Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 conta…
CVE-2021-44228Critical10.02021-12-10Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameter…
CVE-2021-21322Critical10.02021-03-02fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is…
CVE-2021-21321Critical10.02021-03-02fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0…