Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-20 (输入验证不恰当) — Vulnerability Class 3267

3267 vulnerabilities classified as CWE-20 (输入验证不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2014-125119 WinRAR < 5.00 Filename Spoofing RCE — WinRAR 7.8 -2025-07-25
CVE-2025-54365 fastapi-guard patch contains bypassable RegEx — fastapi-guard 7.5 -2025-07-23
CVE-2025-47281 Kyverno's Improper JMESPath Variable Evaluation Leads to Denial of Service — kyverno 7.7 High2025-07-23
CVE-2025-6585 WP JobHunt <= 7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Account Deletion — WP JobHunt 8.1 High2025-07-22
CVE-2025-54134 HAX CMS NodeJs's Improper Error Handling Leads to Denial of Service — issues 6.5 -2025-07-21
CVE-2025-50151 Apache Jena: Configuration files uploaded by administrative users are not check properly — Apache Jena 7.2 -2025-07-21
CVE-2025-34300 Sawtooth Software Lighthouse Studio < 9.16.14 Pre-Authentication RCE — Lighthouse Studio 9.8AICriticalAI2025-07-16
CVE-2025-6558 Google Chrome 输入验证错误漏洞 — Chrome 9.6 -2025-07-15
CVE-2025-34105 DiskBoss Enterprise Stack-Based Buffer Overflow RCE — DiskBoss Enterprise 9.8AICriticalAI2025-07-15
CVE-2025-47182 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability — Microsoft Edge (Chromium-based) 5.6 Medium2025-07-11
CVE-2025-5992 Passing values outside of expected range to QColorTransferGenericFunction can cause a denial of service — Qt 7.5AIHighAI2025-07-11
CVE-2025-53471 Emerson ValveLink Products Improper Input Validation — ValveLink SOLO 5.1 Medium2025-07-10
CVE-2024-42516 Apache HTTP Server: HTTP response splitting — Apache HTTP Server 5.3AIMediumAI2025-07-10
CVE-2025-6376 Arena® Simulation Out-Of-Bounds Write Remote Code Execution Vulnerability — Arena® 7.8AIHighAI2025-07-09
CVE-2025-6377 Arena® Simulation Out-Of-Bounds Write Remote Code Execution Vulnerability — Arena® 7.8AIHighAI2025-07-09
CVE-2025-7378 An improper input validation vulnerability was found on manipulating configuration of ADM — ADM 8.1AIHighAI2025-07-09
CVE-2025-47982 Windows Storage VSP Driver Elevation of Privilege Vulnerability — Windows 10 Version 1607 7.8 High2025-07-08
CVE-2025-49719 Microsoft SQL Server Information Disclosure Vulnerability — Microsoft SQL Server 2016 for Service Pack 2 (GDR) 7.5 High2025-07-08
CVE-2025-40593 Siemens SIMATIC CN 4100 输入验证错误漏洞 — SIMATIC CN 4100 6.5 Medium2025-07-08
CVE-2025-24005 Local Privilege Escalation via Vulnerable SSH Script — CHARX SEC-3150 7.8 High2025-07-08
CVE-2025-24002 MQTT DoS Vulnerability in German EV Charging Stations — CHARX SEC-3150 5.3 Medium2025-07-08
CVE-2025-3777 Improper Input Validation in huggingface/transformers — huggingface/transformers 9.1 -2025-07-07
CVE-2025-7060 Monitorr Installer mkdbajax.php input validation — Monitorr 4.1 Medium2025-07-04
CVE-2025-53502 HTML injection in FeaturedFeeds — Mediawiki - FeaturedFeeds Extension 6.1AIMediumAI2025-07-03
CVE-2025-6563 Cross-site scripting via dst parameter in RouterOS WiFi hotspot — RouterOS 6.1AIMediumAI2025-07-03
CVE-2025-52891 ModSecurity empty XML tag causes segmentation fault — ModSecurity 6.5 Medium2025-07-02
CVE-2025-27023 Improper Input Validation in Infinera G42 — G42 6.5 Medium2025-07-02
CVE-2025-53076 SAMSUNG rLottie 安全漏洞 — rLottie 7.5AIHighAI2025-06-30
CVE-2025-53075 SAMSUNG rLottie 安全漏洞 — rLottie 9.1AICriticalAI2025-06-30
CVE-2023-28911 Arbitrary Channel Disconnection Resulting in Denial of Service — Volkswagen MIB3 infotainment system MIB3 OI MQB 6.5 Medium2025-06-28

Vulnerabilities classified as CWE-20 (输入验证不恰当) represent 3267 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.