Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-20 (输入验证不恰当) — Vulnerability Class 3267

3267 vulnerabilities classified as CWE-20 (输入验证不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-29811 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability — Windows 11 version 22H2 7.8 High2025-04-08
CVE-2025-27737 Windows Security Zone Mapping Security Feature Bypass Vulnerability — Windows 10 Version 1507 8.6 High2025-04-08
CVE-2025-27731 Microsoft OpenSSH for Windows Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.8 High2025-04-08
CVE-2025-27489 Azure Local Elevation of Privilege Vulnerability — Azure Stack HCI OS 7.8 High2025-04-08
CVE-2025-26647 Windows Kerberos Elevation of Privilege Vulnerability — Windows Server 2008 R2 Service Pack 1 8.8 High2025-04-08
CVE-2025-24058 Windows DWM Core Library Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.8 High2025-04-08
CVE-2025-24074 Microsoft DWM Core Library Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.8 High2025-04-08
CVE-2025-24073 Microsoft DWM Core Library Elevation of Privilege Vulnerability — Windows 10 Version 1507 7.8 High2025-04-08
CVE-2025-29821 Microsoft Dynamics Business Central Information Disclosure Vulnerability — Microsoft Dynamics 365 Business Central 2023 Wave 2 5.5 Medium2025-04-08
CVE-2025-30151 Shopware allows Denial Of Service via password length — shopware 7.5 High2025-04-08
CVE-2025-31488 Plain Craft Launcher's custom homepage can use Internet Explorer to load web pages with the help of controls such as WebBrowser — PCL2 7.1AIHighAI2025-04-06
CVE-2025-31477 Improper Scope Validation in the open Endpoint of tauri-plugin-shell — plugins-workspace 9.8AICriticalAI2025-04-02
CVE-2025-3070 Google Chrome 输入验证错误漏洞 — Chrome 8.8 -2025-04-02
CVE-2025-31135 Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times — go-guerrilla 5.3 Medium2025-04-01
CVE-2025-31132 Raven allows Remote Code Execution due to improper validation — raven 8.1 High2025-04-01
CVE-2023-0881 DDoS in Ubuntu package linux-bluefield — Ubuntu package linux-bluefield 7.5 High2025-03-31
CVE-2025-1736 Stream HTTP wrapper header check might omit basic auth header — PHP 5.3 -2025-03-30
CVE-2025-1734 Streams HTTP wrapper does not fail for headers with invalid name and no colon — PHP 7.5 -2025-03-30
CVE-2025-1217 Header parser of http stream wrapper does not handle folded headers — PHP 7.5 -2025-03-29
CVE-2025-30355 Synapse vulnerable to federation denial of service via malformed events — synapse 7.1 High2025-03-27
CVE-2025-20227 Information Disclosure through external content warning modal dialog box bypass in Splunk Enterprise Dashboard Studio — Splunk Enterprise 4.3 Medium2025-03-26
CVE-2025-1440 Advanced iFrame <= 2024.5 - Unauthenticated Settings Update — Advanced iFrame 5.3 Medium2025-03-26
CVE-2025-1514 Active Products Tables for WooCommerce <= 1.0.6.7 - Unauthenticated Arbitrary Filter Call — Active Products Tables for WooCommerce. Use constructor to create tables 7.3 High2025-03-26
CVE-2025-30213 Frappe has Possibility of Remote Code Execution due to improper validation — frappe 8.8AIHighAI2025-03-25
CVE-2025-24514 ingress-nginx controller - configuration injection via unsanitized auth-url annotation — ingress-nginx 8.8 High2025-03-24
CVE-2025-24513 ingress-nginx controller - auth secret file path traversal vulnerability — ingress-nginx 4.8 Medium2025-03-24
CVE-2025-1098 ingress-nginx controller - configuration injection via unsanitized mirror annotations — ingress-nginx 8.8 High2025-03-24
CVE-2025-1097 ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation — ingress-nginx 8.8 High2025-03-24
CVE-2025-23204 GraphQl securityAfterResolver not called — core 4.4 Medium2025-03-24
CVE-2024-13666 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 5.2.12 - IP-Spoofing — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 5.3 Medium2025-03-22

Vulnerabilities classified as CWE-20 (输入验证不恰当) represent 3267 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.