Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-20 (输入验证不恰当) — Vulnerability Class 3267

3267 vulnerabilities classified as CWE-20 (输入验证不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-42661 JFrog Artifactory Improper input validation leads to arbitrary file write — Artifactory 7.2 High2024-03-07
CVE-2024-1534 Booster for WooCommerce <= 7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools 6.4 Medium2024-03-07
CVE-2024-27932 Deno's improper suffix match testing for DENO_AUTH_TOKENS — deno 4.6 Medium2024-03-06
CVE-2024-27918 Coder's OIDC authentication allows email with partially matching domain to register — coder 8.2 High2024-03-06
CVE-2024-27931 Insufficient permission checking in `Deno.makeTemp*` APIs — deno 5.8 Medium2024-03-05
CVE-2023-33104 Improper input Validation in Multi-Mode Call Processor — Snapdragon 7.5 High2024-03-04
CVE-2023-33103 Improper Input Validation in Multi-Mode Call Processor — Snapdragon 7.5 High2024-03-04
CVE-2023-28578 Improper Input Validation in Services — Snapdragon 9.3 Critical2024-03-04
CVE-2024-25016 IBM MQ denial of service — MQ 7.5 High2024-03-03
CVE-2023-50737 An input validation vulnerability in the SE Menu allows an attacker to execute arbitrary code. — various 9.1 Critical2024-02-28
CVE-2023-51747 SMTP smuggling in Apache James — Apache James server 7.5 -2024-02-27
CVE-2024-27093 Minder trusts client-provided mapping from repo name to upstream ID — minder 4.6 Medium2024-02-26
CVE-2024-27092 Content spoofing - real Hoppscotch emails — hoppscotch 5.4 Medium2024-02-26
CVE-2024-23320 Apache DolphinScheduler: Arbitrary js execution as root for authenticated users — Apache DolphinScheduler 5.4 -2024-02-23
CVE-2024-26151 Potentially untrusted input is rendered as HTML in final output — mjml-python 8.2 High2024-02-22
CVE-2024-1714 Access Request for Entitlement Values with Leading/Trailing Whitespace — IdentityIQ 7.1 High2024-02-21
CVE-2024-25974 Stored Cross-Site Scripting (XSS) within the Media Center — OpenOlat LMS 5.4AIMediumAI2024-02-20
CVE-2024-25973 Multiple Stored Cross-Site Scripting Vulnerabilities — OpenOlat LMS 5.4AIMediumAI2024-02-20
CVE-2024-1638 Bluetooth characteristic LESC security requirement not enforced without additional flags — Zephyr 8.2 High2024-02-19
CVE-2023-52372 Huawei EMUI 安全漏洞 — HarmonyOS 4.9AIMediumAI2024-02-18
CVE-2023-52368 Huawei EMUI 安全漏洞 — HarmonyOS--AI2024-02-18
CVE-2023-6937 Improper (D)TLS key boundary enforcement — wolfSSL 5.3 Medium2024-02-15
CVE-2023-32484 Dell EMC Enterprise SONiC 输入验证错误漏洞 — Enterprise SONiC OS 9.8 Critical2024-02-15
CVE-2023-32462 Dell OS10 Networking Switches 输入验证错误漏洞 — Dell SmartFabric OS10 9.8 Critical2024-02-15
CVE-2024-20733 [ZS-VR-23-360] Adobe Acrobat Reader Parsing OTF font Denial-of-Service Vulnerability — Acrobat Reader 5.5 Medium2024-02-15
CVE-2024-1471 HTML Injection Vulnerability — Security Center 5.9 Medium2024-02-14
CVE-2024-24696 Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation — Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows 6.8 Medium2024-02-13
CVE-2024-24695 Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation — Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows 6.8 Medium2024-02-13
CVE-2024-1378 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console — Enterprise Server 9.1 Critical2024-02-13
CVE-2024-1374 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console — Enterprise Server 9.1 Critical2024-02-13

Vulnerabilities classified as CWE-20 (输入验证不恰当) represent 3267 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.