CWE-20
Improper Input Validation
MITRENo catalog description on file. The MITRE CWE site has the canonical reference.
Recent CVEs
showing 50 of 300- CVE-2026-45013High· 8.1EPSS 0%1 d ago
ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 have a password reset flow that constructs the reset URL using `req.hostname`, which is derived directly from the attacker-controlled HTT
npm - CVE-2026-12016High· 8.3EPSS 0%1 d ago
Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severit
- CVE-2026-12017Low· 3.1EPSS 0%1 d ago
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-47430—EPSS 0%1 d ago
Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews.
npm - CVE-2026-46669High· 7.5EPSS 0%1 d ago
OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's try_honest_pairing_check function invokes Theorem 3 of https://eprint.iacr.org/2024/640.
- CVE-2026-50632High· 8.1EPSS 0%1 d ago
A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS f
- CVE-2026-50633High· 8.1EPSS 0%1 d ago
A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to manipulate the JCA deployment descriptor (ra.xml) or runtime activation parameters. Use
- CVE-2026-12025Medium· 5.3EPSS 0%1 d ago
Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity
- CVE-2026-12034High· 8.3EPSS 0%1 d ago
Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious
- CVE-2026-12009High· 8.3EPSS 0%1 d ago
Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2026-44811High· 7.8EPSS 0%1 d ago
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- CVE-2026-48569High· 7.1EPSS 0%1 d ago
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
- CVE-2021-30900High· 7.8KEVEPSS 0%1 d ago
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
- CVE-2023-41266High· 8.2KEVEPSS 94%1 d ago
Qlik Sense Path Traversal Vulnerability
- CVE-2018-0125Critical· 9.8KEVEPSS 29%1 d ago
Cisco VPN Routers Remote Code Execution Vulnerability
- CVE-2015-2291High· 7.8KEVEXPLOITEPSS 6%1 d ago
Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability
- CVE-2022-42827High· 7.8KEVEPSS 0%1 d ago
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
- CVE-2022-32917High· 7.8KEVEPSS 1%1 d ago
Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability
- CVE-2026-34197High· 8.8KEVEXPLOITEPSS 83%1 d ago
Apache ActiveMQ Improper Input Validation Vulnerability
- CVE-2009-0927High· 8.8KEVEXPLOITEPSS 94%1 d ago
Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability
- CVE-2016-7262High· 7.8KEVEPSS 88%1 d ago
Microsoft Office Security Feature Bypass Vulnerability
- CVE-2019-11708Critical· 10.0KEVEXPLOITEPSS 69%1 d ago
Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability
- CVE-2024-30040High· 8.8KEVEPSS 29%1 d ago
Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability
- CVE-2018-0172High· 8.6KEVEPSS 6%1 d ago
Cisco IOS and IOS XE Software Improper Input Validation Vulnerability
- CVE-2022-32894High· 7.8KEVEPSS 0%1 d ago
Apple iOS and macOS Out-of-Bounds Write Vulnerability
- CVE-2017-12240Critical· 9.8KEVEPSS 11%1 d ago
Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability
- CVE-2015-2545High· 7.8KEVEPSS 93%1 d ago
Microsoft Office Malformed EPS File Vulnerability
- CVE-2007-3010Critical· 9.8KEVEXPLOITEPSS 94%1 d ago
Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability
- CVE-2017-9791Critical· 9.8KEVEXPLOITEPSS 94%1 d ago
Apache Struts 1 Improper Input Validation Vulnerability
maven - CVE-2022-22674Medium· 5.5KEVEPSS 0%1 d ago
Apple macOS Out-of-Bounds Read Vulnerability
- CVE-2013-2251Critical· 9.8KEVEXPLOITEPSS 94%1 d ago
Apache Struts Improper Input Validation Vulnerability
- CVE-2017-12235High· 7.5KEVEPSS 5%1 d ago
Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability
- CVE-2025-6558High· 8.8KEVEPSS 0%1 d ago
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability
- CVE-2017-12319Medium· 5.9KEVEPSS 1%1 d ago
Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability
- CVE-2017-8759High· 7.8KEVEXPLOITEPSS 94%1 d ago
Microsoft .NET Framework Remote Code Execution Vulnerability
- CVE-2017-9822High· 8.8KEVEXPLOITEPSS 94%1 d ago
DotNetNuke (DNN) Remote Code Execution Vulnerability
- CVE-2018-20062Critical· 9.8KEVEXPLOITEPSS 94%1 d ago
ThinkPHP "noneCms" Remote Code Execution Vulnerability
- CVE-2017-0146High· 8.8KEVEXPLOITEPSS 93%1 d ago
Microsoft Windows SMB Remote Code Execution Vulnerability
- CVE-2016-3714High· 8.4KEVEXPLOITEPSS 94%1 d ago
ImageMagick Improper Input Validation Vulnerability
- CVE-2013-3896Medium· 5.5KEVEXPLOITEPSS 85%1 d ago
Microsoft Silverlight Information Disclosure Vulnerability
- CVE-2021-36742High· 7.8KEVEPSS 1%1 d ago
Trend Micro Multiple Products Improper Input Validation Vulnerability
- CVE-2016-8562High· 7.5KEVEPSS 19%1 d ago
Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability
- CVE-2024-3400Critical· 10.0KEVEXPLOITEPSS 94%1 d ago
Palo Alto Networks PAN-OS Command Injection Vulnerability
- CVE-2023-2868Critical· 9.4KEVEXPLOITEPSS 89%1 d ago
Barracuda Networks ESG Appliance Improper Input Validation Vulnerability
- CVE-2023-36563Medium· 6.5KEVEPSS 3%1 d ago
Microsoft WordPad Information Disclosure Vulnerability
- CVE-2022-29499Critical· 9.8KEVEPSS 89%1 d ago
Mitel MiVoice Connect Data Validation Vulnerability
- CVE-2024-38189High· 8.8KEVEPSS 44%1 d ago
Microsoft Project Remote Code Execution Vulnerability
- CVE-2018-8414High· 8.8KEVEPSS 89%1 d ago
Microsoft Windows Shell Remote Code Execution Vulnerability
- CVE-2010-3904High· 7.8KEVEXPLOITEPSS 2%1 d ago
Linux Kernel Improper Input Validation Vulnerability
- CVE-2021-27104Critical· 9.8KEVEPSS 6%1 d ago
Accellion FTA OS Command Injection Vulnerability
CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.