Input Validation に分類される脆弱性に紐づく CVE を一覧表示します。新しい公開が先頭に来る並びで、CVSS / EPSS に基づく絞り込みにも対応しています。
直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。
公開年を問わず、Input Validation に分類される CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-20153 | As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The vulnerabilities tracked by CVE-2026-20153 are related to improper input validation that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-20. | 7.5 | 0.25% | 2026-07-15 | 2026-07-15 |
| CVE-2026-61427 | PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport without authentication by default: the CLI --api-key option defaults to None, and the server only enforces Authorization/Bearer checks when an API key is configured. When an operator runs 'praisonai mcp serve --transport http-stream' without an API key, an unauthenticated client (no Authorization header, and no Origin header, which is also permitted) can initialize a session, enumerate the available tools (tools/list), and invoke tool | 6.9 | 0.34% | 2026-07-15 | 2026-07-16 |
| CVE-2026-56398 | Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs. Authenticated users who visit the profile image endpoint receive attacker-controlled SVG content with inline disposition and no default security headers, enabling script execution in the same origin to | 8.5 | 0.30% | 2026-07-15 | 2026-07-16 |
| CVE-2026-56349 | n8n before version 2.10.0 contains an input validation vulnerability in the Guardrail node that allows attackers to bypass default guardrail instructions. End users can craft malicious inputs to circumvent guardrail protections and compromise workflow integrity. | 6.3 | 0.34% | 2026-07-15 | 2026-07-15 |
| CVE-2026-48353 | CAI Content Credentials is affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | 0.15% | 2026-07-14 | 2026-07-16 |
| CVE-2026-48352 | CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | 7.5 | 0.41% | 2026-07-14 | 2026-07-16 |
| CVE-2026-48351 | CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | 7.5 | 0.41% | 2026-07-14 | 2026-07-16 |
| CVE-2026-48334 | Illustrator is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. | 9.3 | 0.39% | 2026-07-14 | 2026-07-16 |
| CVE-2026-48312 | CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction. | 6.8 | 0.16% | 2026-07-14 | 2026-07-16 |
| CVE-2026-48302 | CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | 6.2 | 0.15% | 2026-07-14 | 2026-07-16 |
| CVE-2026-48328 | ColdFusion is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. Scope is changed. | 7.7 | 0.62% | 2026-07-14 | 2026-07-15 |
| CVE-2026-48308 | Premiere Pro is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. Scope is changed. | 5.9 | 0.16% | 2026-07-14 | 2026-07-16 |
| CVE-2026-48284 | ColdFusion is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | 9.6 | 7.94% | 2026-07-14 | 2026-07-15 |
| CVE-2026-47470 | NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability might lead to denial of service. | 6.2 | 0.12% | 2026-07-14 | 2026-07-15 |
| CVE-2026-15778 | Insufficient validation of untrusted input in Navigation in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | 0.26% | 2026-07-14 | 2026-07-15 |
| CVE-2026-15771 | Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | 5.3 | 0.30% | 2026-07-14 | 2026-07-15 |
| CVE-2026-15769 | Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | 8.3 | 0.24% | 2026-07-14 | 2026-07-15 |
| CVE-2026-50524 | Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network. | 7.5 | 0.65% | 2026-07-14 | 2026-07-14 |
| CVE-2026-13001 | The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'podlove_handle_cache_files' function in all versions up to, and including, 4.5.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | 9.8 | 1.08% | 2026-07-14 | 2026-07-14 |
| CVE-2026-45069 | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims() registered audience (aud), issuer (iss), and expiry (exp) checkers but did not pass the mandatory claims list to ClaimCheckerManager::check(), so a validly signed JWT that omitted those claims could pass verification. This issue is fixed in versions 6.4.40, 7.4.12, and 8.0.12. | 8.8 | 0.24% | 2026-07-14 | 2026-07-15 |