探索与 Input Validation 漏洞相关的 CVE,并按公开年份筛选。本列表默认优先展示最新披露,并支持按 CVSS 与 EPSS 风险分数进一步筛选。
覆盖最新漏洞披露与趋势,帮助安全团队快速识别高风险问题与被利用可能性。
当前为 Input Validation 类型、2021 年公开的 CVE。 查看完整 CVE 列表
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2021-43861 | Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 to receive a patch. There are no known workarounds aside from upgrading. | 7.2 | 0.91% | 2021-12-30 | 2026-06-17 |
| CVE-2021-44832 | Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. | 6.6 | 97.91% | 2021-12-28 | 2026-06-17 |
| CVE-2021-43548 | Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. | 6.5 | 0.37% | 2021-12-27 | 2026-06-17 |
| CVE-2021-45711 | An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f. | 7.5 | 1.34% | 2021-12-26 | 2026-06-17 |
| CVE-2021-45687 | An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used (which is not the the default), a Deserialize operation may lack sufficient validation, leading to memory corruption or a panic. | 9.8 | 1.12% | 2021-12-26 | 2026-06-17 |
| CVE-2021-41788 | MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and other devices, mishandle attempts at Wi-Fi authentication flooding. (Affected Chipsets MT7603E, MT7612, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0). | 6.5 | 1.76% | 2021-12-25 | 2026-06-17 |
| CVE-2021-44548 | An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB S | 9.8 | 5.09% | 2021-12-23 | 2026-06-17 |
| CVE-2021-45462 | In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. | 7.5 | 4.41% | 2021-12-22 | 2026-06-17 |
| CVE-2021-4059 | Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 | 1.26% | 2021-12-22 | 2026-06-17 |
| CVE-2021-38015 | Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | 8.8 | 0.59% | 2021-12-22 | 2026-06-17 |
| CVE-2021-44422 | An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker can leverage this vulnerability to execute code in the context of the current process. | 7.8 | 0.87% | 2021-12-21 | 2026-06-17 |
| CVE-2021-41561 | Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions. | 7.5 | 3.05% | 2021-12-20 | 2026-06-17 |
| CVE-2021-45105 | Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. | 5.9 | 100.00% | 2021-12-18 | 2026-06-17 |
| CVE-2021-37863 | Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post. | 3.5 | 0.83% | 2021-12-17 | 2026-06-17 |
| CVE-2021-1021 | In snoozeNotificationInt of NotificationManagerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195031703 | 7.3 | 0.12% | 2021-12-15 | 2026-06-16 |
| CVE-2021-1020 | In snoozeNotification of NotificationListenerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195111725 | 7.3 | 0.12% | 2021-12-15 | 2026-06-16 |
| CVE-2021-0933 | In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetooth device, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-172251622 | 8.0 | 0.43% | 2021-12-15 | 2026-06-16 |
| CVE-2021-0928 | In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-188675581 | 7.8 | 0.37% | 2021-12-15 | 2026-06-16 |
| CVE-2021-0921 | In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195962697 | 7.8 | 0.13% | 2021-12-15 | 2026-06-16 |
| CVE-2021-4117 | yetiforcecrm is vulnerable to Business Logic Errors | 4.3 | 0.71% | 2021-12-15 | 2026-06-17 |