VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 132 of 401
  • CVE-2025-0815MedFeb 13, 2025
    risk 0.42cvss 6.5epss 0.00

    CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the product when malicious ICMPV6 packets are sent to the device.

  • CVE-2024-42410MedFeb 12, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper input validation in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2025-24970HigFeb 10, 2025
    risk 0.42cvss 7.5epss 0.02

    Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all…

  • CVE-2022-2232HigNov 14, 2024
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.

  • CVE-2024-32048MedNov 13, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Model Server software before version 2024.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

  • CVE-2024-24984MedNov 13, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

  • CVE-2024-8936MedNov 13, 2024
    risk 0.42cvss 6.5epss 0.00

    CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memory.

  • CVE-2023-1973HigNov 7, 2024
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.

  • CVE-2024-7254HigSep 19, 2024
    risk 0.42cvss 7.5epss 0.03

    Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java…

  • CVE-2024-45601HigSep 18, 2024
    risk 0.42cvss 7.5epss 0.00

    Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to…

  • CVE-2024-25009MedAug 20, 2024
    risk 0.42cvss 6.5epss 0.00

    Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in service degradation.

  • CVE-2024-32007HigJul 19, 2024
    risk 0.42cvss 7.5epss 0.01

    An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. 

  • CVE-2024-38525HigJun 28, 2024
    risk 0.42cvss 7.5epss 0.00

    dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the `nlohmann` JSON library. However, due to the way the JSON library is invoked, it…

  • CVE-2024-5533MedJun 18, 2024
    risk 0.42cvss 6.4epss 0.00

    The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.25.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject…

  • CVE-2024-4941HigJun 6, 2024
    risk 0.42cvss 7.5epss 0.01

    A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the `postprocess()` function within `gradio/components/json_component.py`, where a user-controlled string is parsed as…

  • CVE-2024-5439MedJun 5, 2024
    risk 0.42cvss 6.4epss 0.00

    The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the custom_url parameter in all versions up to, and including, 2.0.50 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject…

  • CVE-2024-3584HigMay 30, 2024
    risk 0.42cvss 7.5epss 0.01

    qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the…

  • CVE-2024-22015MedMay 16, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local access.

  • CVE-2024-2248MedMay 15, 2024
    risk 0.42cvss 6.4epss 0.00

    A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user email.

  • CVE-2024-30054MedMay 14, 2024
    risk 0.42cvss 6.5epss 0.02

    Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability