VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 60 of 401
  • CVE-2026-26156HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.

  • CVE-2026-26143HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.01

    Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.

  • CVE-2025-48612HigDec 8, 2025
    risk 0.51cvss 7.8epss 0.00

    In setDefaultKey of DefaultPaymentSettings.java, there is a possible way for an application to set the main user's default NFC payment setting due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2025-43472HigNov 4, 2025
    risk 0.51cvss 7.8epss 0.00

    A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to gain root privileges.

  • CVE-2025-43372HigSep 15, 2025
    risk 0.51cvss 7.8epss 0.00

    The issue was addressed with improved input validation. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process…

  • CVE-2025-24486HigAug 12, 2025
    risk 0.51cvss 7.8epss 0.00

    Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-24484HigAug 12, 2025
    risk 0.51cvss 7.8epss 0.00

    Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-54564HigAug 1, 2025
    risk 0.51cvss 7.8epss 0.00

    uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user.

  • CVE-2025-34021HigJun 20, 2025
    risk 0.51cvss epss 0.01

    A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate…

  • CVE-2025-31259HigMay 12, 2025
    risk 0.51cvss 7.8epss 0.00

    A privacy issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to capture a screenshot of an app entering or exiting full screen mode.

  • CVE-2025-30442HigMay 12, 2025
    risk 0.51cvss 7.8epss 0.00

    The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to gain elevated privileges.

  • CVE-2025-24274HigMay 12, 2025
    risk 0.51cvss 7.8epss 0.00

    An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. A malicious app may be able to gain root privileges.

  • CVE-2025-2223HigApr 9, 2025
    risk 0.51cvss 7.8epss 0.00

    CWE-20: Improper Input Validation vulnerability exists that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when a malicious project file is loaded by a user from the local system.

  • CVE-2024-0127HigOct 26, 2024
    risk 0.51cvss 7.8epss 0.00

    NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might…

  • CVE-2024-7340HigJul 31, 2024
    risk 0.51cvss 8.8epss 0.05

    The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server…

  • CVE-2024-23294HigMar 8, 2024
    risk 0.51cvss 7.8epss 0.00

    This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4. Processing malicious input may lead to code execution.

  • CVE-2023-3676HigOct 31, 2023
    risk 0.51cvss 8.8epss 0.12

    A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

  • CVE-2023-34448HigJun 14, 2023
    risk 0.51cvss 8.8epss 0.05

    Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions exposed by Twig's Core Extension that…

  • CVE-2022-43484HigDec 5, 2022
    risk 0.51cvss 7.8epss 0.00

    TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The…

  • CVE-2022-40277HigSep 30, 2022
    risk 0.51cvss 7.8epss 0.00

    Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the…