Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-20 (输入验证不恰当) — Vulnerability Class 3266

3266 vulnerabilities classified as CWE-20 (输入验证不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2020-37216 Hirschmann HiOS EtherNet/IP Stack Denial of Service — Hirschmann HiOS 7.5 High2026-04-03
CVE-2026-34762 Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber — core 2.7 Low2026-04-02
CVE-2026-34760 vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models — vllm 5.9 Medium2026-04-02
CVE-2026-35038 signalk-server: Arbitrary Prototype Read via `from` Field Bypass — signalk-server 6.5AIMediumAI2026-04-02
CVE-2026-32629 phpMyFAQ: Stored XSS via Unsanitized Email Field in Admin FAQ Editor — phpMyFAQ 6.1AIMediumAI2026-04-02
CVE-2026-29144 Unicode Subject Tags — Secure Email Gateway 5.3AIMediumAI2026-04-02
CVE-2026-29143 S/MIME Decryption Impersonation — Secure Email Gateway 8.2AIHighAI2026-04-02
CVE-2026-29137 Long Subject Untagging — Secure Email Gateway 5.3AIMediumAI2026-04-02
CVE-2026-29141 Bounded Subject Tag Sanitization — Secure Email Gateway 5.3AIMediumAI2026-04-02
CVE-2026-29135 Webmail Password Tag Sanitization Bypass — Secure Email Gateway 8.2AIHighAI2026-04-02
CVE-2026-29133 UID Regex Bypass — Secure Email Gateway 9.1AICriticalAI2026-04-02
CVE-2026-34525 AIOHTTP: Duplicate Host header accepted — aiohttp 5.8 -2026-04-01
CVE-2026-34445 ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings. — onnx 8.6 High2026-04-01
CVE-2026-20093 Cisco Integrated Management Controller Authentication Bypass Vulnerability — Cisco Enterprise NFV Infrastructure Software 9.8 Critical2026-04-01
CVE-2026-34442 FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScout — freescout 5.4 Medium2026-03-31
CVE-2026-34383 Admidio: CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter — admidio 4.3 Medium2026-03-31
CVE-2026-3470 SonicWALL Email Security 输入验证错误漏洞 — Email Security 6.5AIMediumAI2026-03-31
CVE-2026-3469 SonicWALL Email Security 输入验证错误漏洞 — Email Security 4.9AIMediumAI2026-03-31
CVE-2026-33029 Nginx UI: DoS via Negative Integer Input in Logrotate Interval — nginx-ui 6.5 -2026-03-30
CVE-2026-4987 SureForms <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id' — SureForms – Contact Form, Payment Form & Other Custom Form Builder 7.5 High2026-03-28
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys — python-ecdsa 5.3 Medium2026-03-27
CVE-2026-33882 Statamic's Markdown preview endpoint exposes sensitive user data — cms 6.5 Medium2026-03-27
CVE-2026-33758 OpenBao has Reflected XSS in its OIDC authentication error message — openbao 6.1 -2026-03-27
CVE-2026-33284 GlobalLeaks has insufficient URL validation in user support API — globaleaks-whistleblowing-software 6.5 -2026-03-27
CVE-2026-4982 Unauthorized access to chat contents — Venueless 3.1 -2026-03-27
CVE-2025-59032 Open-Xchange OX Dovecot Pro 安全漏洞 — OX Dovecot Pro 7.5 High2026-03-27
CVE-2025-59028 Open-Xchange OX Dovecot Pro 安全漏洞 — OX Dovecot Pro 5.3 Medium2026-03-27
CVE-2026-33729 OpenFGA has an Authorization Bypass through cached keys — openfga 3.7 -2026-03-27
CVE-2025-55270 HCL Aftermarket DPC is affected by Improper Input Validation — Aftermarket DPC 3.5 Low2026-03-26
CVE-2026-33285 LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash — liquidjs 7.5 High2026-03-26

Vulnerabilities classified as CWE-20 (输入验证不恰当) represent 3266 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.