VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 85 of 401
  • CVE-2025-59248HigOct 14, 2025
    risk 0.49cvss 7.5epss 0.01

    Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2011-20001HigOct 14, 2025
    risk 0.49cvss 7.5epss 0.00

    A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions < V2.0.3), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) (All versions < V2.0.3). The web server interface of affected devices improperly processes incoming…

  • CVE-2025-48392HigSep 24, 2025
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version 2.0.5, which fixes the issue.

  • CVE-2025-59532HigSep 22, 2025
    risk 0.49cvss epss 0.01

    Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started…

  • CVE-2025-6625HigAug 18, 2025
    risk 0.49cvss 7.5epss 0.00

    CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device.

  • CVE-2025-4410HigAug 13, 2025
    risk 0.49cvss 7.5epss 0.00

    A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code.

  • CVE-2025-4277HigAug 13, 2025
    risk 0.49cvss 7.5epss 0.00

    Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

  • CVE-2025-4276HigAug 13, 2025
    risk 0.49cvss 7.5epss 0.00

    UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

  • CVE-2025-49554HigAug 12, 2025
    risk 0.49cvss 7.5epss 0.01

    Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially…

  • CVE-2025-21086HigAug 12, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege.

  • CVE-2025-27211HigAug 4, 2025
    risk 0.49cvss 7.5epss 0.01

    An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network.

  • CVE-2025-43223HigJul 30, 2025
    risk 0.49cvss 7.5epss 0.01

    A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. A non-privileged user may be able to…

  • CVE-2024-53827HigMay 16, 2025
    risk 0.49cvss 7.5epss 0.00

    Ericsson Packet Core Controller (PCC) contains a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation

  • CVE-2025-24308HigMay 13, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in the UEFI firmware error handler for the Intel(R) Server D50DNP and M50FCP may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2025-21094HigMay 13, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in the UEFI firmware DXE module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2025-31240HigMay 12, 2025
    risk 0.49cvss 7.5epss 0.01

    This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. Mounting a maliciously crafted AFP network share may lead to system termination.

  • CVE-2025-31208HigMay 12, 2025
    risk 0.49cvss 7.5epss 0.01

    The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to an unexpected app termination.

  • CVE-2025-30471HigMar 31, 2025
    risk 0.49cvss 7.5epss 0.01

    A validation issue was addressed with improved logic. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A remote user may be able to cause a denial-of-service.

  • CVE-2025-1385HigMar 20, 2025
    risk 0.49cvss epss 0.00

    When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine…

  • CVE-2024-29214HigFeb 12, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in UEFI firmware CseVariableStorageSmm for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.