CWE-20 (输入验证不恰当) — Vulnerability Class 3266

3266 vulnerabilities classified as CWE-20 (输入验证不恰当). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-62455	Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability — Windows 10 Version 1607	7.8	High	2025-12-09
CVE-2025-64666	Microsoft Exchange Server Elevation of Privilege Vulnerability — Microsoft Exchange Server 2016 Cumulative Update 23	7.5	High	2025-12-09
CVE-2025-62571	Windows Installer Elevation of Privilege Vulnerability — Windows 10 Version 1607	7.8	High	2025-12-09
CVE-2025-12946	Improper input validation in NETGEAR Nighthawk routers — RS700	9.0^AI	Critical^AI	2025-12-09
CVE-2025-12945	Improper input validation in NETGEAR Nighthawk router R7000P — R7000P	7.2^AI	High^AI	2025-12-09
CVE-2025-2296	Un-verified kernel bypass Secure Boot mechanism in direct boot mode — EDK2	7.8^AI	High^AI	2025-12-09
CVE-2025-40935	Siemens RUGGEDCOM 输入验证错误漏洞 — RUGGEDCOM RMC8388 V5.X	4.3	Medium	2025-12-09
CVE-2025-40831	Siemens SINEC Security Monitor 输入验证错误漏洞 — SINEC Security Monitor	6.5	Medium	2025-12-09
CVE-2025-13428	RCE in SecOps SOAR server via user-provided Python packages — Google Cloud SecOps SOAR	8.8^AI	High^AI	2025-12-09
CVE-2025-26489	Improper input validation in Netconf service in Infinera MTC-9 — MTC-9	6.5	Medium	2025-12-08
CVE-2025-26488	Improper input validation in XML Management service in Infinera MTC-9 — MTC-9	7.5	High	2025-12-08
CVE-2024-3884	Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded — Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7	7.5	High	2025-12-03
CVE-2025-20389	Improper Input Validation in "label" column field in Splunk Secure Gateway App — Splunk Enterprise	4.3	Medium	2025-12-03
CVE-2025-66400	mdast-util-to-hast unsanitized class attribute — mdast-util-to-hast	5.3^AI	Medium^AI	2025-12-01
CVE-2025-26858	Socomec DIRIS Digiware M-70 安全漏洞 — DIRIS Digiware M-70	8.6	High	2025-12-01
CVE-2025-66225	OrangeHRM is Vulnerable to Account Takeover Through Unvalidated Username in Password Reset Workflow — orangehrm	9.8	-	2025-11-29
CVE-2025-53939	Kiteworks Core is vulnerable to Improper Input Validation — security-advisories	6.3	Medium	2025-11-29
CVE-2025-66201	LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability — LibreChat	8.1	-	2025-11-29
CVE-2025-13762	Client-Side Denial of Service Condition in SWS Extension prior to version 2.2.30305 — CyberArk Secure Web Sessions Extension	7.5	-	2025-11-27
CVE-2025-0658	Automated Logic and Carrier Zone Controllers malformed packets denial of service — Zone Controllers	7.5	-	2025-11-27
CVE-2025-66259	Authenticated Root Remote Code Execution through improper filtering of HTTP post request parameters — Mozart FM Transmitter	7.2^AI	High^AI	2025-11-26
CVE-2025-33191	NVIDIA DGX Spark 输入验证错误漏洞 — DGX Spark	5.7	Medium	2025-11-25
CVE-2025-0248	HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability, — iNotes	8.1	High	2025-11-25
CVE-2025-12741	Arbitrary File Write in Denodo dialect of Looker allows Remote Code Execution — Looker	8.8^AI	High^AI	2025-11-24
CVE-2025-12740	Remote Command Execution in Looker via IBM DB2 JDBC drive — Looker	8.8^AI	High^AI	2025-11-24
CVE-2025-12889	TLS 1.2 Client Can Downgrade Digest Used — wolfSSL	7.5	-	2025-11-21
CVE-2025-11936	Potential DoS Vulnerability through Multiple KeyShareEntry with Same Group in TLS 1.3 ClientHello — wolfSSL	7.5	-	2025-11-21
CVE-2025-11933	DoS Vulnerability in wolfSSL TLS 1.3 CKS Extension — wolfSSL	7.5	-	2025-11-21
CVE-2025-11934	Improper Validation of Signature Algorithm Used in TLS 1.3 CertificateVerify — wolfSSL	5.3	-	2025-11-21
CVE-2025-62164	VLLM deserialization vulnerability leading to DoS and potential RCE — vllm	8.8	High	2025-11-21

Vulnerabilities classified as CWE-20 (输入验证不恰当) represent 3266 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-20 (输入验证不恰当) — Vulnerability Class 3266