VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 160 of 401
  • CVE-2015-8723MedJan 4, 2016
    risk 0.39cvss 5.5epss 0.05

    The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of…

  • CVE-2026-52801higJun 23, 2026
    risk 0.38cvss epss 0.01

    ### Summary The Gogs Mirror Settings functionality provide an alternative way from the well protected New Migration functionality for any authenticated users to import local repositories. This issue stems from a lack of validation of SaveAddress function. ### Details Here is…

  • CVE-2026-33692higJun 22, 2026
    risk 0.38cvss epss

    ## Vulnerability Details **CWE**: CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory The official `docker-compose.yml` (line 61) mounts the entire project root directory as the Apache document root: ```yaml volumes: -…

  • CVE-2026-53492higJun 19, 2026
    risk 0.38cvss epss 0.00

    ### Impact containerd's CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations…

  • CVE-2026-11199MedJun 4, 2026
    risk 0.38cvss 5.9epss 0.00

    Inappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to leak cross-origin data via malicious network traffic. (Chromium security severity: Medium)

  • CVE-2026-45135higMay 18, 2026
    risk 0.38cvss epss 0.00

    ### Summary The FastCGI transport's `splitPos()` in [`modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go`](https://github.com/caddyserver/caddy/blob/master/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go) misuses `golang.org/x/text/search` with `search.IgnoreCase` when the…

  • CVE-2026-41890MedMay 7, 2026
    risk 0.38cvss epss 0.00

    CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version 0.31.8.0, the deleteProcess() action accepts a POST parameter tables[] containing arbitrary table…

  • CVE-2025-12718MedJan 17, 2026
    risk 0.38cvss 5.8epss 0.00

    The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcf_validate_form' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for…

  • CVE-2025-47888MedMay 14, 2025
    risk 0.38cvss 5.9epss 0.00

    Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks.

  • CVE-2025-23041MedJan 14, 2025
    risk 0.38cvss 5.8epss 0.00

    Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are…

  • CVE-2024-23983MedNov 11, 2024
    risk 0.38cvss epss 0.00

    Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules.

  • CVE-2024-4787MedJun 19, 2024
    risk 0.38cvss 5.8epss 0.00

    The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'send_pdf' and the 'send_pdf_front' functions…

  • CVE-2023-22662MedMay 16, 2024
    risk 0.38cvss 5.8epss 0.00

    Improper input validation of EpsdSrMgmtConfig in UEFI firmware for some Intel(R) Server Board S2600BP products may allow a privileged user to potentially enable denial of service via local access.

  • CVE-2023-7240MedMay 7, 2024
    risk 0.38cvss 5.8epss 0.00

     An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server (Server IP/DNS field) and is triggering connection to…

  • CVE-2024-25656MedMar 18, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper input validation in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS can result in unauthenticated CPE (Customer Premises Equipment) devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the…

  • CVE-2024-27931MedMar 5, 2024
    risk 0.38cvss 5.8epss 0.00

    Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in `Deno.makeTemp*` APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system…

  • CVE-2017-6921MedJan 15, 2019
    risk 0.38cvss 5.9epss 0.02

    In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an…

  • CVE-2018-13111MedSep 21, 2018
    risk 0.38cvss 5.9epss 0.01

    There exists a partial Denial of Service vulnerability in Wanscam HW0021 IP Cameras. An attacker could craft a malicious POST request to crash the ONVIF service on such a device.

  • CVE-2018-2439MedJul 10, 2018
    risk 0.38cvss 5.9epss 0.02

    The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. Several areas of the SAP Internet…

  • CVE-2017-7770MedJun 11, 2018
    risk 0.38cvss 5.9epss 0.01

    A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This would allow a malicious site to displayed a spoofed addressbar, showing the location of an arbitrary website instead of the one…