VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 52 of 401
  • CVE-2025-13826HigApr 21, 2026
    risk 0.53cvss epss 0.00

    Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the…

  • CVE-2026-40317CriApr 18, 2026
    risk 0.53cvss 9.3epss 0.00

    NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 12 (JumpToUser) accepts an arbitrary entry point address from user-space registers without validation, allowing any Ring 3 user-mode process to jump to kernel…

  • CVE-2026-5915HigApr 8, 2026
    risk 0.53cvss 8.1epss 0.00

    Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-32759HigMar 20, 2026
    risk 0.53cvss 8.1epss 0.02

    File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions on the 2.x branch prior to 2.33.8, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer…

  • CVE-2025-25210HigFeb 10, 2026
    risk 0.53cvss 8.2epss 0.00

    Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation…

  • CVE-2025-0248HigNov 25, 2025
    risk 0.53cvss 8.1epss 0.00

    HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input. A remote, unauthenticated attacker can specially craft a URL to execute script in a victim's Web browser within the security context of the…

  • CVE-2025-64759HigNov 19, 2025
    risk 0.53cvss 8.1epss 0.00

    Homarr is an open-source dashboard. Prior to version 1.43.3, stored XSS vulnerability exists, allowing the execution of arbitrary JavaScript in a user's browser, with minimal or no user interaction required, due to the rendering of a malicious uploaded SVG file. This could be…

  • CVE-2025-58353HigSep 4, 2025
    risk 0.53cvss 8.2epss 0.00

    Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as r`eplace(/javascript:/gi, '')`. Because the package uses multi-character…

  • CVE-2025-6585HigJul 22, 2025
    risk 0.53cvss 8.1epss 0.00

    The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the cs_remove_profile_callback() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers,…

  • CVE-2023-43758HigFeb 12, 2025
    risk 0.53cvss 8.2epss 0.00

    Improper input validation in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2024-21925HigFeb 11, 2025
    risk 0.53cvss 8.2epss 0.00

    Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.

  • CVE-2024-0179HigFeb 11, 2025
    risk 0.53cvss 8.2epss 0.00

    SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution.

  • CVE-2024-36282HigNov 13, 2024
    risk 0.53cvss 8.2epss 0.00

    Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2024-0126HigOct 26, 2024
    risk 0.53cvss 8.2epss 0.00

    NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure,…

  • CVE-2024-49361HigOct 18, 2024
    risk 0.53cvss epss 0.01

    ACON is a widely-used library of tools for machine learning that focuses on adaptive correlation optimization. A potential vulnerability has been identified in the input validation process, which could lead to arbitrary code execution if exploited. This issue could allow an…

  • CVE-2023-38654HigMay 16, 2024
    risk 0.53cvss 8.2epss 0.00

    Improper input validation for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

  • CVE-2023-5397HigApr 17, 2024
    risk 0.53cvss 8.1epss 0.01

    Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.

  • CVE-2024-22199CriJan 11, 2024
    risk 0.53cvss 9.3epss 0.00

    This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the…

  • CVE-2023-36897HigAug 8, 2023
    risk 0.53cvss 8.1epss 0.02

    Visual Studio Tools for Office Runtime Spoofing Vulnerability

  • CVE-2023-22491HigJan 13, 2023
    risk 0.53cvss 8.1epss 0.01

    Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in…