VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 86 of 401
  • CVE-2024-28127HigFeb 12, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2024-24582HigFeb 12, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access.

  • CVE-2023-49615HigFeb 12, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2023-34440HigFeb 12, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2024-0112HigFeb 12, 2025
    risk 0.49cvss 7.5epss 0.00

    NVIDIA Jetson AGX Orin™ and NVIDIA IGX Orin software contain a vulnerability where an attacker can cause an improper input validation issue by escalating certain permissions to a limited degree. A successful exploit of this vulnerability might lead to code execution, denial of…

  • CVE-2024-37358HigFeb 6, 2025
    risk 0.49cvss 8.6epss 0.01

    Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2…

  • CVE-2025-1026HigFeb 5, 2025
    risk 0.49cvss 8.6epss 0.01

    Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files. **Note:** This is a bypass of…

  • CVE-2025-21614HigJan 6, 2025
    risk 0.49cvss 7.5epss 0.01

    go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted…

  • CVE-2024-21549HigDec 20, 2024
    risk 0.49cvss 8.6epss 0.01

    Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a…

  • CVE-2024-21544HigDec 13, 2024
    risk 0.49cvss 8.6epss 0.01

    Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation in the setUrl method. An attacker can exploit this vulnerability by using leading whitespace (%20) before the file:// protocol, resulting in Local…

  • CVE-2024-31158HigNov 13, 2024
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in UEFI firmware in some Intel(R) Server Board S2600BP Family may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2024-31154HigNov 13, 2024
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in UEFI firmware for some Intel(R) Server S2600BPBR may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2024-28028HigNov 13, 2024
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2024-45117HigOct 10, 2024
    risk 0.49cvss 7.6epss 0.01

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the…

  • CVE-2024-25590HigOct 3, 2024
    risk 0.49cvss 7.5epss 0.01

    An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service.

  • CVE-2024-37406HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domain confusion.

  • CVE-2024-21871HigSep 16, 2024
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2024-21829HigSep 16, 2024
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2024-21521HigJul 10, 2024
    risk 0.49cvss 7.5epss 0.01

    All versions of the package @discordjs/opus are vulnerable to Denial of Service (DoS) due to providing an input object with a property toString to several different functions. Exploiting this vulnerability could lead to a system crash.

  • CVE-2024-38095HigJul 9, 2024
    risk 0.49cvss 7.5epss 0.03

    .NET and Visual Studio Denial of Service Vulnerability