Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-20 (输入验证不恰当) — Vulnerability Class 3266

3266 vulnerabilities classified as CWE-20 (输入验证不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-33287 LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern — liquidjs 7.5 High2026-03-26
CVE-2026-33218 NATS has pre-auth server panic via leafnode handling — nats-server 7.5 High2026-03-25
CVE-2026-33332 NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion — nicegui 7.5 -2026-03-24
CVE-2026-33769 Astro: Remote allowlist bypass via unanchored matchPathname wildcard — astro 9.1 -2026-03-24
CVE-2026-4755 CWE-20 in MolotovCherry Android-ImageMagick7 — Android-ImageMagick7 9.8 Critical2026-03-24
CVE-2026-33250 Crash when receiving specially-crafted packets — freeciv21 7.5 High2026-03-23
CVE-2025-15606 Denial of Service (DoS) in HTTPD Input Handling on TP-Link TD-W8961N — TD-W8961N v4.0 7.5 -2026-03-23
CVE-2026-3460 REST API TO MiniProgram <= 5.1.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'userid' REST API Parameter — REST API TO MiniProgram 5.3 Medium2026-03-21
CVE-2026-3641 Appmax <= 1.0.3 - Missing Authorization to Order Status Manipulation and Arbitrary Order Creation via Webhook Endpoint — Appmax 5.3 Medium2026-03-21
CVE-2026-33151 socket.io allows an unbounded number of binary attachments — socket.io 7.5 -2026-03-20
CVE-2026-4438 gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames — glibc 4.3 -2026-03-20
CVE-2026-4451 Google Chrome 安全漏洞 — Chrome 9.3 -2026-03-20
CVE-2026-4342 ingress-nginx comment-based nginx configuration injection — ingress-nginx 8.8 High2026-03-19
CVE-2026-3230 Improper key_share validation in TLS 1.3 HelloRetryRequest — wolfSSL 7.5 -2026-03-19
CVE-2026-32735 Unpacking Arbitrary Mustache Template Files via `maven-dependency-plugin` — openapi-to-java-records-mustache-templates-parent 8.1 -2026-03-18
CVE-2026-4407 Out-of-bounds array write in Xpdf 4.06 due to missing validation — Xpdf 7.8 -2026-03-18
CVE-2025-31966 Boolean-Based SQL Injection in Multiple Unica Components — Sametime 2.7 Low2026-03-17
CVE-2026-23489 Fields GLPI plugin vulnerable to RCE in dropdown generation — fields 9.1 Critical2026-03-16
CVE-2025-10461 Global file reads caused by improper URL checks in webserver — smartLink SW-HT 7.5AIHighAI2026-03-16
CVE-2025-6969 ability_ability_runtime an improper input validation vulnerability — OpenHarmony 5.0 Medium2026-03-16
CVE-2025-26474 communication_ipc an improper input validation vulnerability — OpenHarmony 3.3 Low2026-03-16
CVE-2026-1668 Input Validation Vulnerability on Multiple Omada Switches — SG2008P 3.2x 9.8 -2026-03-13
CVE-2025-60012 Apache Livy: Restrict file access — Apache Livy 6.5 -2026-03-13
CVE-2026-22204 wpDiscuz before 7.6.47 - Unsanitized Cookie Email Used as wp_mail() Recipient — wpDiscuz 3.7 Low2026-03-13
CVE-2026-31900 Black's vulnerable version parsing leads to RCE in GitHub Action — black 8.8AIHighAI2026-03-11
CVE-2026-30901 Zoom Rooms for Windows - Improper Input Validation — Zoom Rooms 7.0 High2026-03-11
CVE-2026-21282 Adobe Commerce | Improper Input Validation (CWE-20) — Adobe Commerce 5.3 Medium2026-03-11
CVE-2026-21310 Adobe Commerce | Improper Input Validation (CWE-20) — Adobe Commerce 5.3 Medium2026-03-11
CVE-2026-26310 Crash for scoped ip address in Envoy during DNS — envoy 5.9 Medium2026-03-10
CVE-2026-26106 Microsoft SharePoint Server Remote Code Execution Vulnerability — Microsoft SharePoint Enterprise Server 2016 8.8 High2026-03-10

Vulnerabilities classified as CWE-20 (输入验证不恰当) represent 3266 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.