Vulnerabilities (CVE)

Filtered by CWE-20
Total 10371 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-1088 2025-06-18 N/A 2.7 LOW
In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.
CVE-2024-39780 2025-06-18 N/A 7.8 HIGH
A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load() function in the 'set' and 'get' verbs, and allows for the creation of arbitrary Python objects. Through this flaw, a local or remote user can craft and execute arbitrary Python code.
CVE-2025-49081 1 Absolute 1 Secure Access 2025-06-17 N/A 4.9 MEDIUM
There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the availability of the Secure Access administrative UI by writing invalid data to the warehouse over the network. The attack complexity is low, there are no attack requirements, privileges required are high, and there is no user interaction required. There is no impact on confidentiality or integrity; the impact on availability is high.
CVE-2024-32371 1 Hsclabs 1 Mailinspector 2025-06-17 N/A 7.5 HIGH
An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0.
CVE-2024-55567 2025-06-17 N/A 7.5 HIGH
Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
CVE-2023-26159 1 Follow-redirects 1 Follow Redirects 2025-06-17 N/A 7.3 HIGH
Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.
CVE-2024-21507 1 Sidorares 1 Mysql2 2025-06-17 N/A 6.5 MEDIUM
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.
CVE-2023-50694 1 Dom96 1 Httpbeast 2025-06-17 N/A 9.8 CRITICAL
An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to send a malicious crafted request due to insufficient parsing in the parser.nim component.
CVE-2024-33792 1 Netis-systems 2 Mex605, Mex605 Firmware 2025-06-17 N/A 9.8 CRITICAL
netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page.
CVE-2023-45648 2 Apache, Debian 2 Tomcat, Debian Linux 2025-06-16 N/A 5.3 MEDIUM
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
CVE-2025-47096 1 Adobe 1 Experience Manager 2025-06-16 N/A 3.5 LOW
Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Low privileges are required.
CVE-2025-5497 1 Phpwcms 1 Phpwcms 2025-06-13 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been declared as critical. This vulnerability affects unknown code of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. The manipulation of the argument cnt_text leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2025-4905 1 Washington 1 Basestation 2025-06-12 4.3 MEDIUM 5.3 MEDIUM
A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl of the file basestation3/QC.py. The manipulation of the argument qc_file leads to deserialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The code maintainer tagged the issue as closed. But there is no new commit nor release in the GitHub repository available so far.
CVE-2025-0037 2025-06-12 N/A 6.6 MEDIUM
In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality.
CVE-2025-3898 2025-06-12 N/A 6.5 MEDIUM
CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver.
CVE-2025-3116 2025-06-12 N/A 6.5 MEDIUM
CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller.
CVE-2025-1041 2025-06-12 N/A 9.9 CRITICAL
An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.
CVE-2025-4680 2025-06-12 N/A N/A
Improper Input Validation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects upKeeper Instant Privilege Access: before 1.4.0.
CVE-2025-0051 2025-06-12 N/A N/A
Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.
CVE-2025-47968 2025-06-12 N/A 7.8 HIGH
Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.