Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-20 (输入验证不恰当) — Vulnerability Class 3267

3267 vulnerabilities classified as CWE-20 (输入验证不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-9060 MFlash Remote Code Execution (RCE) after authentication of a user with the "administrator" role — MFlash 9.1 Critical2025-08-15
CVE-2025-7507 elink – Embed Content <= 1.1.0 - Authenticated (Contributor+) Insufficient Input Validation — elink – Embed Content 6.4 Medium2025-08-15
CVE-2025-20148 Cisco Secure Firewall Management Center HTML Injection Vulnerability — Cisco Firepower Management Center 8.5 High2025-08-14
CVE-2025-7971 Studio 5000 Logix Designer® – Arbitrary Code Execution Vulnerability — Studio 5000 Logix Designer® 9.8AICriticalAI2025-08-14
CVE-2025-8876 Command Injection Vulnerability — N-central 9.8AICriticalAI2025-08-14
CVE-2025-27388 Arbitrary URL Loading in WebView Leading to Token Leakage Risk — OPPO HEALTH APP 4.7AIMediumAI2025-08-14
CVE-2025-4410 SetupUtility: A buffer overflow vulnerability leads to arbitrary code execution. — InsydeH2O 7.5 High2025-08-13
CVE-2025-4277 Tcg2Smm: improper input validation may lead to arbitrary code execution — InsydeH2O 7.5 High2025-08-13
CVE-2025-4276 UsbCoreDxe: improper input validation may lead to arbitrary code execution — InsydeH2O 7.5 High2025-08-13
CVE-2025-49554 Adobe Commerce | Improper Input Validation (CWE-20) — Adobe Commerce 7.5 High2025-08-12
CVE-2025-25005 Microsoft Exchange Server Tampering Vulnerability — Microsoft Exchange Server 2016 Cumulative Update 23 6.5 Medium2025-08-12
CVE-2025-40746 Siemens SIMATIC RTLS Locating Manager 输入验证错误漏洞 — SIMATIC RTLS Locating Manager 9.1 Critical2025-08-12
CVE-2025-25212 pasteboard has an improper input vulnerability — OpenHarmony 3.3 Low2025-08-11
CVE-2025-55006 Frappe Learning Holds Potential for Malicious SVG Upload in Image Upload Feature — lms 4.3 Medium2025-08-09
CVE-2025-48913 Apache CXF: Untrusted JMS configuration can lead to RCE — Apache CXF 9.8 -2025-08-08
CVE-2025-8582 Google Chrome 安全漏洞 — Chrome 4.3AIMediumAI2025-08-07
CVE-2025-54785 SuiteCRM is Vulnerable to PHP Object Injection in Reports — SuiteCRM 8.8 High2025-08-06
CVE-2025-21477 Improper Input Validation in Modem — Snapdragon 7.5 High2025-08-06
CVE-2025-54642 Huawei HarmonyOS和Huawei EMUI 安全漏洞 — HarmonyOS 6.7 Medium2025-08-06
CVE-2025-54641 Huawei HarmonyOS和Huawei EMUI 安全漏洞 — HarmonyOS 6.7 Medium2025-08-06
CVE-2025-54636 Huawei HarmonyOS和Huawei EMUI 安全漏洞 — HarmonyOS 4.4 Medium2025-08-06
CVE-2025-54614 Huawei HarmonyOS 安全漏洞 — HarmonyOS 6.2 Medium2025-08-06
CVE-2025-8571 Concrete CMS 9 through 9.4.2 and below 8.5.21 is vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page — Concrete CMS 6.1AIMediumAI2025-08-05
CVE-2025-8573 Concrete CMS 9 through 9.4.2 is vulnerable to Stored XSS from Home Folder on Members Dashboard page — Concrete CMS 4.8AIMediumAI2025-08-05
CVE-2025-7674 navify Monitoring API input validation — navify Monitoring 7.5AIHighAI2025-08-05
CVE-2024-52279 Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string — Apache Zeppelin 9.1 -2025-08-03
CVE-2025-30480 Dell PowerProtect Data Manager 输入验证错误漏洞 — PowerProtect Data Manager 6.5 Medium2025-07-30
CVE-2025-4424 SetupAutomationSmm : Arbitrary calls to SmmSetVariable with unsanitised arguments in SMI handler — InsydeH2O 6.0 Medium2025-07-30
CVE-2025-8097 WoodMart - Multipurpose WooCommerce Theme <= 8.2.6 - Improper Input Validation Leading to Unauthenticated Cart Manipulation — Woodmart 5.3 Medium2025-07-26
CVE-2025-54385 XWiki Platform's searchDocuments API allows for SQL injection — xwiki-platform 8.8 -2025-07-26

Vulnerabilities classified as CWE-20 (输入验证不恰当) represent 3267 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.