探索與 Input Validation 漏洞相關的 CVE,並依公開年份篩選。本清單預設優先展示最新揭露,並支援依 CVSS 與 EPSS 風險分數進一步篩選。
涵蓋最新漏洞揭露與趨勢,協助安全團隊快速識別高風險問題與被利用可能性。
目前為 Input Validation 類型、2026 年公開的 CVE。 檢視完整 CVE 清單
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2026-58292 | Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | 7.5 | 無 | 2026-07-03 | 2026-07-03 |
| CVE-2026-57985 | Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | 7.6 | 無 | 2026-07-03 | 2026-07-03 |
| CVE-2026-22547 | Gitea versions before 1.25.5 lack validation constraints for repository creation fields, including length-limited template fields and trust model or object format values. | 無 | 無 | 2026-07-03 | 2026-07-03 |
| CVE-2026-14631 | webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught exception in the host-validation path and crashes the dev server. Impact is limited to availability of the development server, no data disclosure, no code execution. Patches: upgrade to webpack-dev-serve | 5.3 | 無 | 2026-07-03 | 2026-07-03 |
| CVE-2026-13341 | A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests. | 7.4 | 無 | 2026-07-03 | 2026-07-03 |
| CVE-2022-4990 | ** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass security validation and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation. | 7.3 | 無 | 2026-07-02 | 2026-07-02 |
| CVE-2022-4989 | ** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to access unintended memory regions via crafted IOCTL requests, leading to privilege escalation. | 8.5 | 無 | 2026-07-02 | 2026-07-02 |
| CVE-2026-55952 | The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tls_handshake_1_3:handle_pre_shared_key/3, an OfferedPreSharedKeys record with a mismatched number of identities and binders is forwarded directly to tls_server_session_ticket:use/4, which crashes the session ticket handler process. An unauthenticated remote attacker can send | 8.2 | 0.46% | 2026-07-02 | 2026-07-02 |
| CVE-2026-44935 | Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants. | 9.9 | 0.57% | 2026-07-02 | 2026-07-03 |
| CVE-2026-54405 | A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi Network Application to execute a Denial of Service (DoS) attack on the application. | 7.5 | 0.26% | 2026-07-02 | 2026-07-02 |
| CVE-2026-54402 | A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device. | 9.9 | 0.79% | 2026-07-02 | 2026-07-02 |
| CVE-2026-50748 | A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device. | 9.9 | 0.79% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57623 | Unauthenticated Arbitrary Code Execution in W3 Total Cache <= 2.9.4 versions. | 9.0 | 0.33% | 2026-07-02 | 2026-07-02 |
| CVE-2026-14429 | Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | 8.3 | 0.22% | 2026-07-01 | 2026-07-03 |
| CVE-2026-14428 | Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | 8.3 | 0.26% | 2026-07-01 | 2026-07-03 |
| CVE-2026-14414 | Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | 5.3 | 0.22% | 2026-07-01 | 2026-07-02 |
| CVE-2026-14412 | Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | 8.3 | 0.22% | 2026-07-01 | 2026-07-03 |
| CVE-2026-14411 | Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | 9.6 | 0.25% | 2026-07-01 | 2026-07-03 |
| CVE-2026-14401 | Insufficient validation of untrusted input in ANGLE in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | 8.3 | 0.22% | 2026-07-01 | 2026-07-03 |
| CVE-2026-14382 | Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | 9.6 | 0.28% | 2026-07-01 | 2026-07-03 |