VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 59 of 401
  • CVE-2016-1328HigJul 3, 2016
    risk 0.52cvss 7.5epss 0.09

    goform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long h_sortWireless parameter, related to a "Gateway Client List Denial of Service" issue, aka Bug ID CSCux24948.

  • CVE-2016-1661HigMay 14, 2016
    risk 0.52cvss 8.0epss 0.01

    Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified…

  • CVE-2026-12191HigJun 14, 2026
    risk 0.51cvss 7.8epss 0.00

    A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. The attack is only possible with local access. The…

  • CVE-2026-45636HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

  • CVE-2026-44811HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

  • CVE-2026-10942HigJun 4, 2026
    risk 0.51cvss 7.8epss 0.00

    Inappropriate implementation in UI in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)

  • CVE-2026-0078HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In setGlobalProxy of DevicePolicyManagerService.java, there is a possible desync in persistence due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-22424HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2026-9987HigMay 28, 2026
    risk 0.51cvss 7.8epss 0.00

    Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 148.0.7778.216 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium security severity: High)

  • CVE-2026-20767HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable…

  • CVE-2026-45393HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    A vulnerability chain in Cribl Edge for Windows before 4.17.1 allows a local authenticated user to escalate privileges to NT AUTHORITY\SYSTEM. Incorrect default permissions on the Windows installer's authentication directory (CWE-276) expose a cryptographic secret used for JWT…

  • CVE-2026-45391HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.01

    A command injection vulnerability in Cribl Edge for Linux versions 3.2.0 through 4.17.0 allows a local unprivileged user to execute arbitrary commands in the context of the Cribl Edge service account.

  • CVE-2026-7997HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Insufficient validation of untrusted input in Updater in Google Chrome on Mac prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low)

  • CVE-2026-7990HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)

  • CVE-2025-14576HigApr 30, 2026
    risk 0.51cvss 7.8epss 0.00

    Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead…

  • CVE-2026-30769HigApr 29, 2026
    risk 0.51cvss 7.8epss 0.00

    An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests.

  • CVE-2026-5941HigApr 27, 2026
    risk 0.51cvss 7.8epss 0.00

    Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.

  • CVE-2026-32168HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26170HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26161HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.