Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-20 (输入验证不恰当) — Vulnerability Class 3267

3267 vulnerabilities classified as CWE-20 (输入验证不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-29814 Microsoft Partner Center Elevation of Privilege Vulnerability — Microsoft Partner Center 9.3 Critical2025-03-21
CVE-2025-29923 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment — go-redis 3.7 Low2025-03-20
CVE-2025-1385 Fail input validation in clickhouse-library-bridge API could lead to RCE under specific configuration — ClickHouse OSS 6.7 -2025-03-20
CVE-2025-1767 Kubernetes 安全漏洞 — Kubelet 6.5 Medium2025-03-13
CVE-2024-9042 Kubernetes 安全漏洞 — Kubelet 5.9 Medium2025-03-13
CVE-2024-26290 Authenticated Remote Command Injection affecting Avid NEXIS — Avid NEXIS E-series 8.4 -2025-03-12
CVE-2025-20146 Cisco IOS XR Software for ASR 9000 Series Routers Layer 3 Multicast Routing Denial of Service Vulnerability — Cisco IOS XR Software 8.6 High2025-03-12
CVE-2025-20142 Cisco IOS XR Software for ASR 9000 Series Routers L2VPN Denial of Service Vulnerability — Cisco IOS XR Software 8.6 High2025-03-12
CVE-2025-27494 Siemens SiPass Integrated 输入验证错误漏洞 — SiPass integrated AC5102 (ACC-G2) 9.1 Critical2025-03-11
CVE-2025-27493 Siemens SiPass Integrated 输入验证错误漏洞 — SiPass integrated AC5102 (ACC-G2) 8.2 High2025-03-11
CVE-2025-26702 ZTE GoldenDB 输入验证错误漏洞 — GoldenDB 4.9 Medium2025-03-11
CVE-2025-0660 Stored XSS in Folder Function by Rogue Admin — Concrete CMS 4.8 -2025-03-10
CVE-2024-38311 Apache Traffic Server: Request smuggling via pipelining after a chunked message body — Apache Traffic Server 7.5 -2025-03-06
CVE-2025-27517 Volt Allows RCE Via User-Crafted Requests — volt 9.8 -2025-03-05
CVE-2025-1080 Macro URL arbitrary script execution — LibreOffice 8.8 -2025-03-04
CVE-2025-0958 Ultimate WordPress Auction Plugin <= 4.2.9 - Missing Authorization to Arbitrary Post Deletion — Ultimate WordPress Auction Plugin 5.4 Medium2025-03-04
CVE-2024-58044 Huawei EMUI和Huawei HarmonyOS 安全漏洞 — HarmonyOS 8.4 High2025-03-04
CVE-2024-53031 Improper Input Validation in Automotive OS Platform — Snapdragon 7.8 High2025-03-03
CVE-2024-53030 Improper Input Validation in Automotive OS Platform — Snapdragon 7.8 High2025-03-03
CVE-2024-53029 Improper Input Validation in Automotive OS Platform — Snapdragon 7.8 High2025-03-03
CVE-2024-53022 Improper Input Validation in Automotive OS Platform — Snapdragon 7.8 High2025-03-03
CVE-2024-53012 Improper Input Validation in Automotive OS Platform — Snapdragon 7.8 High2025-03-03
CVE-2025-0764 wpForo Forum <= 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read in update — wpForo Forum 6.5 Medium2025-02-28
CVE-2025-0514 Executable hyperlink Windows path targets executed unconditionally on activation — LibreOffice 6.5 -2025-02-25
CVE-2024-13798 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.5 - Unauthenticated Paid Order Creation — Post Grid 5.3 Medium2025-02-22
CVE-2024-4028 Keycloak-core: stored xss in keycloak when creating a items in admin console 3.8 Low2025-02-18
CVE-2024-13691 Uncode <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary File Read in uncode_recordMedia — Uncode 6.5 Medium2025-02-18
CVE-2024-13681 Uncode <= 2.9.1.6 - Unauthenticated Arbitrary File Read in uncode_admin_get_oembed — Uncode 7.5 High2025-02-18
CVE-2025-0424 Multiple Authenticated Stored Cross-Site Scripting — bestinformed Web 5.4 -2025-02-18
CVE-2025-0423 Multiple Unauthenticated Stored Cross-Site Scripting — bestinformed Web 6.1 -2025-02-18

Vulnerabilities classified as CWE-20 (输入验证不恰当) represent 3267 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.