Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-20 (输入验证不恰当) — Vulnerability Class 3266

3266 vulnerabilities classified as CWE-20 (输入验证不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-20967 System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability — System Center Operations Manager 2019 8.8 High2026-03-10
CVE-2026-3288 ingress-nginx rewrite-target nginx configuration injection — ingress-nginx 8.8 High2026-03-09
CVE-2025-14558 Remote code execution via ND6 Router Advertisements — FreeBSD 9.8AICriticalAI2026-03-09
CVE-2026-24713 Apache IoTDB: JEXL Expression Injection Vulnerability — Apache IoTDB 9.1AICriticalAI2026-03-09
CVE-2026-29791 Agentgateway: Missing parameter sanitization in MCP to OpenAPI conversion — agentgateway 4.9 Medium2026-03-06
CVE-2026-0848 Arbitrary Code Execution in NLTK StanfordSegmenter via Untrusted JAR Loading — nltk/nltk 9.8 -2026-03-05
CVE-2025-7375 Unauthenticated Denial-of-Service Vulnerability in Omada EAP610 — EAP610 v3 6.5 -2026-03-05
CVE-2025-11143 Eclipse Jetty 输入验证错误漏洞 — Eclipse Jetty 3.7 Low2026-03-05
CVE-2025-41257 Suprema BioStar 2 Insecure Password Change — BioStar 2 4.8 Medium2026-03-04
CVE-2026-20020 Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 输入验证错误漏洞 — Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 6.8 Medium2026-03-04
CVE-2026-27443 S/MIME Decryption Tag Sanitization Bypass — Secure Email Gateway 7.5AIHighAI2026-03-04
CVE-2026-3204 Devolutions Server 安全漏洞 — Server 5.3AIMediumAI2026-03-03
CVE-2026-28421 Vim has a heap-buffer-overflow and a segmentation fault — vim 5.3 Medium2026-02-27
CVE-2018-25160 HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend — HTTP::Session2 9.8 -2026-02-27
CVE-2026-2880 @fastify/middie has an improper path normalization vulnerability — @fastify/middie 9.8 -2026-02-27
CVE-2026-2750 Command Injection via CLAPI generatetraps — Centreon Open Tickets on Central Server 9.1 Critical2026-02-27
CVE-2026-26935 Improper Input Validation in Kibana Leading to Denial of Service — Kibana 6.5 Medium2026-02-26
CVE-2026-27959 Koa has Host Header Injection via `ctx.hostname` — koa 7.5 High2026-02-26
CVE-2026-27818 TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist — terriajs-server 5.3AIMediumAI2026-02-26
CVE-2026-25941 FreeRDP: vuln_1_15_1 RDPGFX WIRE_TO_SURFACE_2 Out-of-Bounds Read — FreeRDP 4.3 Medium2026-02-25
CVE-2026-27702 Budibase Vulnerable to Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud) — budibase 9.9 Critical2026-02-25
CVE-2026-27607 RustFS's Missing Post Policy Validation leads to Arbitrary Object Write — rustfs 8.1 High2026-02-25
CVE-2025-14963 Trellix Endpoint Security HX 安全漏洞 — Endpoint HX Agent (xAgent) 7.0 -2026-02-24
CVE-2026-27590 Caddy: Unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FastCGI transport — caddy 9.8 -2026-02-24
CVE-2026-27585 Caddy's improper sanitization of glob characters in file matcher may lead to bypassing security protections — caddy 9.1 -2026-02-24
CVE-2026-21864 Remote DoS from malformed RESTORE command — valkey-bloom 6.5 Medium2026-02-24
CVE-2026-27642 free5GC has Improper Input Validation in UDM UEAU Service — udm 5.3 -2026-02-24
CVE-2025-69251 free5GC has Improper Input Validation in UDM, Leading to Information Exposure — udm 6.5 -2026-02-23
CVE-2025-69232 free5GC hasProtocol Compliance Violation in UPF Leading to SMF Service Disruption — go-upf 7.5AIHighAI2026-02-23
CVE-2026-27623 Valkey has Pre-Authentication DOS from malformed RESP request — valkey 7.5 High2026-02-23

Vulnerabilities classified as CWE-20 (输入验证不恰当) represent 3266 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.