Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-20 (输入验证不恰当) — Vulnerability Class 3266

3266 vulnerabilities classified as CWE-20 (输入验证不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-22567 ZIA Admin UI Input Validation Bug — ZIA Admin UI 7.6 High2026-02-23
CVE-2026-22568 Unauthorized information retrieval in ZIA Admin UI — ZIA Admin UI 5.5 Medium2026-02-23
CVE-2026-27170 OpenSift: SSRF risk in URL ingestion endpoint — OpenSift 7.1 High2026-02-20
CVE-2026-26953 Pi-hole Web Interface has Stored HTML Injection via X-Forwarded-For Header in Active Sessions Table — web 5.4 Medium2026-02-19
CVE-2026-26952 Pi-hole Web Interface has Stored HTML Injection via Local DNS Records (CNAME/Hosts) in data-tag Attribute — web 5.4 Medium2026-02-19
CVE-2026-26314 Go Ethereum affected by DoS via malicious p2p message — go-ethereum 7.5 -2026-02-19
CVE-2026-26063 CediPay Affected by Improper Input Validation in Payment Processing — CediPay 8.2AIHighAI2026-02-19
CVE-2025-13587 Two Factor (2FA) Authentication via Email <= 1.9.8 - Two-Factor Authentication Bypass via token — Two Factor (2FA) Authentication via Email 6.5 Medium2026-02-19
CVE-2026-24734 Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass — Apache Tomcat Native 7.5AIHighAI2026-02-17
CVE-2026-24733 Apache Tomcat: Security constraint bypass with HTTP/0.9 — Apache Tomcat 7.5AIHighAI2026-02-17
CVE-2025-66614 Apache Tomcat: Client certificate verification bypass due to virtual host mapping — Apache Tomcat 9.8AICriticalAI2026-02-17
CVE-2026-2391 qs's arrayLimit bypass in comma parsing allows denial of service 3.7 Low2026-02-12
CVE-2026-21229 Power BI Remote Code Execution Vulnerability — Power BI Report Server 8.0 High2026-02-10
CVE-2026-21247 Windows Hyper-V Remote Code Execution Vulnerability — Windows 10 Version 1607 7.3 High2026-02-10
CVE-2026-21258 Microsoft Excel Information Disclosure Vulnerability — Microsoft 365 Apps for Enterprise 5.5 Medium2026-02-10
CVE-2026-25892 Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint — adminer 7.5 High2026-02-09
CVE-2026-25631 Domain allowlist bypass enables credential exfiltration — n8n 6.5AIMediumAI2026-02-06
CVE-2026-25723 Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions — claude-code 9.4AICriticalAI2026-02-06
CVE-2026-25722 Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection — claude-code 7.5AIHighAI2026-02-06
CVE-2025-15566 ingress-nginx auth-proxy-set-headers nginx configuration injection — ingress-nginx 8.8 High2026-02-06
CVE-2025-12131 Truncated 802.15.4 packet leads to denial of service — Simplicity SDK 6.5AIMediumAI2026-02-05
CVE-2026-25514 FacturaScripts has SQL Injection vulnerability in Autocomplete Actions — facturascripts 6.5AIMediumAI2026-02-04
CVE-2026-24512 ingress-nginx auth-method nginx configuration injection — ingress-nginx 8.8 High2026-02-03
CVE-2026-1580 ingress-nginx auth-method nginx configuration injection — ingress-nginx 8.8 High2026-02-03
CVE-2026-22220 Improper Input Validation Leading to DoS on TP-Link Archer BE230 — Archer BE230 v1.2 4.5AIMediumAI2026-02-03
CVE-2026-24936 An improper input validation vulnerability was found in ADM while joining a AD Domain. — ADM 9.8AICriticalAI2026-02-03
CVE-2026-25128 fast-xml-parser has RangeError DoS Numeric Entities Bug — fast-xml-parser 7.5 High2026-01-30
CVE-2024-4027 Undertow: outofmemoryerror in httpservletrequestimpl.getparameternames() can cause remote dos attacks — OpenShift Serverless 7.5 High2026-01-30
CVE-2026-25126 PolarLearn's unvalidated vote direction allows vote count manipulation — PolarLearn 7.1 High2026-01-29
CVE-2026-25117 pwn.college DOJO vulnerable to sandbox escape leading to arbitrary javascript execution — dojo 7.6AIHighAI2026-01-29

Vulnerabilities classified as CWE-20 (输入验证不恰当) represent 3266 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.