CWE-20
Improper Input Validation
Description
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9
CVEs mapped to this weakness (8,003)
page 6 of 401| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5226 | Cri | 0.65 | 10.0 | 0.03 | Mar 29, 2017 | When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox. | ||
| CVE-2016-7406 | Cri | 0.65 | 9.8 | 0.10 | Mar 3, 2017 | Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument. | ||
| CVE-2016-6267 | Hig | 0.65 | 8.8 | 0.55 | Jan 30, 2017 | SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3)… | ||
| CVE-2016-5743 | Cri | 0.65 | 9.8 | 0.10 | Jul 22, 2016 | Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1… | ||
| CVE-2016-3082 | Cri | 0.65 | 9.8 | 0.21 | Apr 26, 2016 | XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter. | ||
| CVE-2015-7545 | Cri | 0.65 | 9.8 | 0.20 | Apr 13, 2016 | The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in… | ||
| CVE-2016-2170 | Cri | 0.65 | 9.8 | 0.13 | Apr 12, 2016 | Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | ||
| CVE-2016-0132 | Cri | 0.65 | 9.8 | 0.22 | Mar 9, 2016 | Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka ".NET XML Validation Security Feature Bypass." | ||
| CVE-2006-1547 | Hig | 0.65 | 7.5 | 0.55 | KEV | Mar 30, 2006 | ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides… | |
| CVE-2026-54133 | Cri | 0.64 | 9.8 | 0.00 | Jun 12, 2026 | jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when… | ||
| CVE-2026-50628 | Cri | 0.64 | 9.8 | 0.01 | Jun 12, 2026 | A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to… | ||
| CVE-2026-47370 | — | Cri | 0.64 | 9.9 | 0.01 | Jun 12, 2026 | A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances. | |
| CVE-2026-47369 | Cri | 0.64 | 9.9 | 0.00 | Jun 12, 2026 | A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances. | ||
| CVE-2026-47367 | Cri | 0.64 | 9.9 | 0.01 | Jun 12, 2026 | A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device. | ||
| CVE-2026-45558 | Cri | 0.64 | 9.9 | 0.00 | Jun 10, 2026 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints (POST /api/service/haproxy/<server_id>/section/<section_type> and the PUT / global / defaults variants) accept a JSON option… | ||
| CVE-2026-45556 | Cri | 0.64 | 9.9 | 0.00 | Jun 10, 2026 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf//<server_ip>/rule/<rule_id>/save accepts a config_file_name form field that is passed straight through to… | ||
| CVE-2026-40411 | Cri | 0.64 | 9.9 | 0.01 | May 22, 2026 | Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network. | ||
| CVE-2026-42233 | Cri | 0.64 | 9.8 | 0.00 | May 4, 2026 | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query… | ||
| CVE-2026-41268 | Cri | 0.64 | 9.8 | 0.14 | Apr 23, 2026 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution (RCE) vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE::… | ||
| CVE-2026-32604 | Cri | 0.64 | 9.9 | 0.01 | Apr 20, 2026 | Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources… |
- risk 0.65cvss 10.0epss 0.03
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.
- risk 0.65cvss 9.8epss 0.10
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
- risk 0.65cvss 8.8epss 0.55
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3)…
- risk 0.65cvss 9.8epss 0.10
Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1…
- risk 0.65cvss 9.8epss 0.21
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.
- risk 0.65cvss 9.8epss 0.20
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in…
- risk 0.65cvss 9.8epss 0.13
Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
- risk 0.65cvss 9.8epss 0.22
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka ".NET XML Validation Security Feature Bypass."
- risk 0.65cvss 7.5epss 0.55
ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides…
- risk 0.64cvss 9.8epss 0.00
jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when…
- risk 0.64cvss 9.8epss 0.01
A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to…
- risk 0.64cvss 9.9epss 0.01
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.
- risk 0.64cvss 9.9epss 0.00
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.
- risk 0.64cvss 9.9epss 0.01
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device.
- risk 0.64cvss 9.9epss 0.00
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints (POST /api/service/haproxy/<server_id>/section/<section_type> and the PUT / global / defaults variants) accept a JSON option…
- risk 0.64cvss 9.9epss 0.00
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf//<server_ip>/rule/<rule_id>/save accepts a config_file_name form field that is passed straight through to…
- risk 0.64cvss 9.9epss 0.01
Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.
- risk 0.64cvss 9.8epss 0.00
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query…
- risk 0.64cvss 9.8epss 0.14
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution (RCE) vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE::…
- risk 0.64cvss 9.9epss 0.01
Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources…