VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 84 of 401
  • CVE-2026-8007HigMay 6, 2026
    risk 0.49cvss 7.5epss 0.00

    Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2025-46115HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request

  • CVE-2026-27282HigApr 14, 2026
    risk 0.49cvss 7.5epss 0.01

    ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this…

  • CVE-2026-26154HigApr 14, 2026
    risk 0.49cvss 7.5epss 0.01

    Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.

  • CVE-2026-22565HigApr 13, 2026
    risk 0.49cvss 7.5epss 0.00

    An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding.
 Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
 UniFi Play Audio Port  (Version 1.0.24 and…

  • CVE-2025-57834HigApr 6, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem (Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400, and Modem 5410). The absence of proper input…

  • CVE-2025-57835HigApr 6, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper memory initialization results in…

  • CVE-2026-30078HigApr 6, 2026
    risk 0.49cvss 7.5epss 0.00

    OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome.

  • CVE-2020-37216HigApr 3, 2026
    risk 0.49cvss 7.5epss 0.01

    Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP…

  • CVE-2026-29135HigApr 2, 2026
    risk 0.49cvss 7.5epss 0.00

    SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization.

  • CVE-2026-34445HigApr 1, 2026
    risk 0.49cvss 8.6epss 0.00

    Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr() function to load metadata (like file paths or data lengths) directly from an ONNX model file.…

  • CVE-2026-30077HigMar 30, 2026
    risk 0.49cvss 7.5epss 0.00

    OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all decode failures result in a crash. But the crash is consistent for particular inputs. An example input in hex stream is 80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88.

  • CVE-2026-30576HigMar 27, 2026
    risk 0.49cvss 7.5epss 0.00

    A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial values to be submitted. This…

  • CVE-2026-30575HigMar 27, 2026
    risk 0.49cvss 7.5epss 0.00

    A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtqty" parameter during stock entry, allowing negative values to be processed. This causes the system to decrease the…

  • CVE-2025-15606HigMar 23, 2026
    risk 0.49cvss 7.5epss 0.00

    A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause…

  • CVE-2025-22453HigFeb 10, 2026
    risk 0.49cvss 7.5epss 0.00

    Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local…

  • CVE-2026-0919HigJan 27, 2026
    risk 0.49cvss 7.5epss 0.01

    The HTTP parser of Tapo C210 v3, C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An…

  • CVE-2025-43494HigDec 12, 2025
    risk 0.49cvss 7.5epss 0.00

    A mail header parsing issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An attacker may be able to cause a persistent…

  • CVE-2025-64666HigDec 9, 2025
    risk 0.49cvss 7.5epss 0.01

    Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

  • CVE-2025-43401HigNov 4, 2025
    risk 0.49cvss 7.5epss 0.01

    A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. A remote attacker may be able to cause a denial-of-service.