探索與 Input Validation 漏洞相關的 CVE,並依公開年份篩選。本清單預設優先展示最新揭露,並支援依 CVSS 與 EPSS 風險分數進一步篩選。
涵蓋最新漏洞揭露與趨勢,協助安全團隊快速識別高風險問題與被利用可能性。
目前為 Input Validation 類型、2020 年公開的 CVE。 檢視完整 CVE 清單
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2018-19945 | A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerability in the following versions: QTS 4.3.6.0895 build 20190328 (and later) QTS 4.3.4.0899 build 20190322 (and later) This issue does not affect QTS 4.4.x or QTS 4.5.x. | 9.1 | 0.40% | 2020-12-31 | 2024-11-21 |
| CVE-2016-9026 | Exponent CMS before 2.6.0 has improper input validation in fileController.php. | 9.8 | 0.52% | 2020-12-31 | 2024-11-21 |
| CVE-2016-9025 | Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php. | 9.8 | 0.61% | 2020-12-31 | 2024-11-21 |
| CVE-2016-9023 | Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php. | 9.8 | 0.52% | 2020-12-31 | 2024-11-21 |
| CVE-2016-9022 | Exponent CMS before 2.6.0 has improper input validation in usersController.php. | 9.8 | 0.52% | 2020-12-31 | 2024-11-21 |
| CVE-2016-9021 | Exponent CMS before 2.6.0 has improper input validation in storeController.php. | 9.8 | 0.52% | 2020-12-31 | 2024-11-21 |
| CVE-2020-26291 | URI.js is a javascript URL mutation library (npm package urijs). In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash (`\`) character followed by an at (`@`) character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior. For example the URL `https://expected-example.com\@observed-example.co | 6.5 | 0.58% | 2020-12-31 | 2024-11-21 |
| CVE-2020-35789 | NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user. | 8.8 | 0.55% | 2020-12-30 | 2024-11-21 |
| CVE-2020-35616 | An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations. | 7.5 | 0.00% | 2020-12-28 | 2024-11-21 |
| CVE-2020-14273 | HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server. | 7.5 | 0.69% | 2020-12-28 | 2024-11-21 |
| CVE-2020-9137 | There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful exploit will cause privilege escalation. | 6.7 | 0.04% | 2020-12-24 | 2024-11-21 |
| CVE-2020-27727 | On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, when an authenticated administrative user installs RPMs using the iAppsLX REST installer, the BIG-IP system does not sufficiently validate user input, allowing the user read access to the filesystem. | 4.9 | 0.27% | 2020-12-24 | 2024-11-21 |
| CVE-2020-2504 | If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. | 5.8 | 0.35% | 2020-12-24 | 2024-11-21 |
| CVE-2020-27338 | An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the DHCPv6 client component allows an unauthenticated remote attacker to cause an Out of Bounds Read, and possibly a Denial of Service via adjacent network access. | 5.9 | 0.15% | 2020-12-22 | 2024-11-21 |
| CVE-2020-27337 | An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the IPv6 component allows an unauthenticated remote attacker to cause an Out of Bounds Write, and possibly a Denial of Service via network access. | 7.3 | 0.38% | 2020-12-22 | 2025-09-30 |
| CVE-2020-27336 | An issue was discovered in Treck IPv6 before 6.0.1.68. Improper input validation in the IPv6 component when handling a packet sent by an unauthenticated remote attacker could result in an out-of-bounds read of up to three bytes via network access. | 3.7 | 0.27% | 2020-12-22 | 2025-09-30 |
| CVE-2020-24679 | A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted. | 7.5 | 0.76% | 2020-12-22 | 2024-11-21 |
| CVE-2020-14231 | A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user. | 8.8 | 0.63% | 2020-12-22 | 2024-11-21 |
| CVE-2019-11781 | Improper input validation in portal component in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier, allows remote attackers to trick victims into modifying their account via crafted links, leading to privilege escalation. | 8.8 | 0.23% | 2020-12-22 | 2024-11-21 |
| CVE-2018-15632 | Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials. | 9.1 | 0.58% | 2020-12-22 | 2024-11-21 |