VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 131 of 401
  • CVE-2025-59537HigOct 1, 2025
    risk 0.42cvss 7.5epss 0.01

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious API requests which can crash the API server and cause denial of service to…

  • CVE-2025-57810HigAug 26, 2025
    risk 0.42cvss 7.5epss 0.01

    jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can…

  • CVE-2025-7507MedAug 15, 2025
    risk 0.42cvss 6.4epss 0.00

    The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that can be supplied through the elink shortcode. This makes it possible for authenticated attackers,…

  • CVE-2025-25005MedAug 12, 2025
    risk 0.42cvss 6.5epss 0.01

    Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.

  • CVE-2025-54365HigJul 23, 2025
    risk 0.42cvss 7.5epss 0.01

    fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch…

  • CVE-2025-53502MedJul 3, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Input Validation vulnerability in Wikimedia Foundation Mediawiki - FeaturedFeeds Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - FeaturedFeeds Extension: 1.39.X, 1.42.X, 1.43.X.

  • CVE-2023-28911MedJun 28, 2025
    risk 0.42cvss 6.5epss 0.00

    A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary channel disconnection. An attacker can leverage this vulnerability to cause a…

  • CVE-2025-52894HigJun 25, 2025
    risk 0.42cvss 7.5epss 0.00

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations,…

  • CVE-2025-3898MedJun 10, 2025
    risk 0.42cvss 6.5epss 0.00

    CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver.

  • CVE-2025-3116MedJun 10, 2025
    risk 0.42cvss 6.5epss 0.00

    CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller.

  • CVE-2025-20031MedMay 13, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper input validation for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2025-40556MedMay 13, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in BACnet ATEC 550-440 (All versions), BACnet ATEC 550-441 (All versions), BACnet ATEC 550-445 (All versions), BACnet ATEC 550-446 (All versions). Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an…

  • CVE-2025-24510MedMay 13, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in MS/TP Point Pickup Module (All versions). Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the same BACnet network to send a specially crafted MSTP message that results in a…

  • CVE-2025-31217MedMay 12, 2025
    risk 0.42cvss 6.5epss 0.01

    The issue was addressed with improved input validation. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

  • CVE-2025-31215MedMay 12, 2025
    risk 0.42cvss 6.5epss 0.01

    The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-29448HigMay 7, 2025
    risk 0.42cvss 7.5epss 0.00

    Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking availability.

  • CVE-2025-32079MedApr 11, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments allows HTTP DoS.This issue affects Mediawiki - GrowthExperiments: from 1.39 through 1.43.

  • CVE-2025-30151HigApr 8, 2025
    risk 0.42cvss 7.5epss 0.00

    Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also…

  • CVE-2025-1767MedMar 13, 2025
    risk 0.42cvss 6.5epss 0.01

    This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using…

  • CVE-2025-0816MedFeb 13, 2025
    risk 0.42cvss 6.5epss 0.00

    CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the product when malicious IPV6 packets are sent to the device.