Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-20 (输入验证不恰当) — Vulnerability Class 3266

3266 vulnerabilities classified as CWE-20 (输入验证不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-41044 Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia — Apache ActiveMQ 7.2AIHighAI2026-04-24
CVE-2026-40466 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI — Apache ActiveMQ Broker 8.8AIHighAI2026-04-24
CVE-2026-41268 Flowise: Flowise Parameter Override Bypass Remote Command Execution — Flowise 9.8AICriticalAI2026-04-23
CVE-2026-34066 nimiq-blockchain: Peer-triggerable panic during history sync — nimiq-blockchain 5.3 Medium2026-04-22
CVE-2026-33471 nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation — nimiq-block 9.6 Critical2026-04-22
CVE-2026-35380 uutils coreutils cut Local Logic Error and Data Integrity Issue in Delimiter Parsing — coreutils 5.5 Medium2026-04-22
CVE-2026-35377 uutils coreutils env Local Denial of Service via Improper Handling of Backslashes in Split-String Mode — coreutils 3.3 Low2026-04-22
CVE-2026-35369 uutils coreutils kill System-wide Process Termination and Denial of Service via Argument Misinterpretation — coreutils 5.5 Medium2026-04-22
CVE-2026-35347 uutils coreutils comm Silent Data Loss or Denial of Service via Improper Input Validation — coreutils 4.4 Medium2026-04-22
CVE-2026-40871 mailcow: dockerized vulnerable to Second Order SQL Injection in quarantine category via API — mailcow-dockerized 7.2 High2026-04-21
CVE-2025-13826 Incorrect input validation on the Zervit portable HTTP/Web server — portable HTTP/Web server 7.5AIHighAI2026-04-21
CVE-2026-6675 Responsive Blocks <= 2.2.0 - Unauthenticated Open Email Relay via REST API 'email_to' Parameter — Responsive Blocks – Page Builder for Blocks & Patterns 5.3 Medium2026-04-21
CVE-2026-39386 Neko has Self-service Privilege Escalation for Authenticated Users — neko 8.8 High2026-04-21
CVE-2026-32604 Spinnaker vulnerable to RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths — spinnaker 10.0 Critical2026-04-20
CVE-2026-24505 Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 — PowerProtect Data Domain 7.2 High2026-04-20
CVE-2026-24504 Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 — PowerProtect Data Domain 7.2 High2026-04-20
CVE-2026-33436 Stirling-PDF: Reflected XSS through crafted filename in file upload functionality — Stirling-PDF 3.1 Low2026-04-17
CVE-2026-6409 Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input — Protobuf-php (Pecl) 7.5AIHighAI2026-04-16
CVE-2026-22615 Eaton Intelligent Power Protector 安全漏洞 — IPP Software 6.0 Medium2026-04-16
CVE-2026-40176 Composer is vulnerable to Command Injection via Malicious Perforce Repository — composer 7.8 High2026-04-15
CVE-2026-1782 MetForm Pro <= 3.9.7 - Unauthenticated Payment Amount Manipulation via 'mf-calculation' — MetForm Pro 5.3 Medium2026-04-15
CVE-2026-6328 XQUIC Improper STREAM Frame Validation in Initial/Handshake Packets — XQUIC 7.5 -2026-04-15
CVE-2026-39399 NuGet Gallery: Arbitrary Blob Overwrite via Nuspec Confusion and URI Fragment Truncation — NuGetGallery 9.6 Critical2026-04-14
CVE-2026-27299 Adobe Framemaker | Improper Input Validation (CWE-20) — Adobe Framemaker 6.3 Medium2026-04-14
CVE-2026-35031 Jellyfin: Potential RCE via subtitle upload path traversal + .strm chain — jellyfin 10.0 Critical2026-04-14
CVE-2026-27282 ColdFusion | Improper Input Validation (CWE-20) — ColdFusion 7.5 High2026-04-14
CVE-2026-27304 ColdFusion | Improper Input Validation (CWE-20) — ColdFusion 9.3 Critical2026-04-14
CVE-2026-27306 ColdFusion | Improper Input Validation (CWE-20) — ColdFusion 8.4 High2026-04-14
CVE-2026-24893 openITCOCKPIT has Authenticated Command Injection Leading to Remote Code Execution via Host Address Macro Expansion — openITCOCKPIT 8.8 High2026-04-14
CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability — Microsoft SharePoint Enterprise Server 2016 6.5 Medium2026-04-14

Vulnerabilities classified as CWE-20 (输入验证不恰当) represent 3266 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.