VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 153 of 401
  • CVE-2026-30760HigMay 28, 2026
    risk 0.40cvss 7.3epss 0.00

    An issue in SourceBans Material Admin before v.1.1.6 (3ecd95e) allows attackers to manipulate arbitrary user data in the web app via a crafted XAJAX call.

  • CVE-2026-9521HigMay 26, 2026
    risk 0.40cvss 7.3epss 0.00

    A security vulnerability has been detected in fraillt bitsery up to 5.2.4. Affected is the function loadFromSharedState in the library include/bitsery/ext/std_smart_ptr.h. Such manipulation leads to improper validation of specified type of input. It is possible to launch the…

  • CVE-2026-27891HigMay 18, 2026
    risk 0.40cvss 7.2epss 0.01

    FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a…

  • CVE-2026-34688MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a…

  • CVE-2026-34679MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a…

  • CVE-2026-34670MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a…

  • CVE-2026-34669MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a…

  • CVE-2026-34668MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a…

  • CVE-2026-34666MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a…

  • CVE-2026-31251HigMay 11, 2026
    risk 0.40cvss 7.3epss 0.00

    CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its gRPC server component. When the server starts, it loads the speech synthesis model from a user-specified directory using torch.load()…

  • CVE-2026-7953MedMay 6, 2026
    risk 0.40cvss 6.1epss 0.00

    Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via malicious network traffic. (Chromium security severity: Medium)

  • CVE-2025-10164HigSep 9, 2025
    risk 0.40cvss 7.3epss 0.00

    A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /update_weights_from_tensor. The manipulation of the argument serialized_named_tensors results in deserialization. The attack can be launched remotely. The…

  • CVE-2025-5878HigJun 29, 2025
    risk 0.40cvss 7.3epss 0.00

    A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The attack may be initiated remotely and an…

  • CVE-2025-3837MedApr 21, 2025
    risk 0.40cvss epss 0.00

    An improper input validation vulnerability is identified in the End of Life (EOL) OVA based connect component which is deployed for installation purposes in the customer internal network. This EOL component was deprecated in September 2023 with end of support extended till…

  • CVE-2024-39606MedFeb 12, 2025
    risk 0.40cvss 6.1epss 0.00

    Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

  • CVE-2024-6284HigJul 3, 2024
    risk 0.40cvss 7.3epss 0.00

    In https://github.com/google/nftables  IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses). This issue affects:  https://pkg.go.dev/github.com/google/nftabl…

  • CVE-2023-51444HigMar 20, 2024
    risk 0.40cvss 7.2epss 0.02

    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with permissions to modify coverage…

  • CVE-2023-50378MedMar 1, 2024
    risk 0.40cvss 6.1epss 0.01

    Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8    Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads. Users are…

  • CVE-2023-51441HigJan 6, 2024
    risk 0.40cvss 7.2epss 0.01

    ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP…

  • CVE-2023-49081HigNov 30, 2023
    risk 0.40cvss 7.2epss 0.01

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability…