CWE-1284: Improper Validation of Specified Quantity in Input — known CVE vulnerabilities
CVEs classified under CWE-1284 (Improper Validation of Specified Quantity in Input), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-49777 — CVSS 10.0 (critical): Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious…
CVE-2024-8887 — CVSS 10.0 (critical): CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web…
CVE-2021-21960 — CVSS 10.0 (critical): A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A…
CVE-2021-21951 — CVSS 10.0 (critical): An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker…
CVE-2021-21950 — CVSS 10.0 (critical): An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker…
CVE-2026-25345 — CVSS 9.9 (critical): Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Accessing…
CVE-2026-3381 — CVSS 9.8 (critical): Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the…
CVE-2025-55398 — CVSS 9.8 (critical): An issue was discovered in mouse07410 asn1c thru 0.9.29 (2025-03-20) - a fork of vlm asn1c. In UPER (Unaligned Packed Encoding Rules)…
CVE-2022-25727 — CVSS 9.8 (critical): Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon Industrial IOT…
CVE-2022-36938 — CVSS 9.8 (critical): DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index…
CVE-2022-20385 — CVSS 9.8 (critical): a function called 'nla_parse', do not check the len of para, it will check nla_type (which can be controlled by userspace) with 'maxtype'…
CVE-2022-37134 — CVSS 9.8 (critical): D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be…
CVE-2021-43267 — CVSS 9.8 (critical): An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC)…
CVE-2021-31556 — CVSS 9.8 (critical): An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the…
CVE-2008-2374 — CVSS 9.8 (critical): src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string…
CVE-2024-9369 — CVSS 9.6 (critical): Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer…
CVE-2023-54337 — CVSS 9.1 (critical): Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the…
CVE-2025-65548 — CVSS 9.1 (critical): NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell (cashubtc/nuts) before 0.18.0 do not validate the size of…
CVE-2026-27384 — CVSS 9.0 (critical): Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality…
CVE-2026-12059 — CVSS 8.8 (high): The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to…
CVE-2025-15080: Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and…
CVE-2025-8320 — CVSS 8.8 (high): Tesla Wall Connector Content-Length Header Improper Input Validation Remote Code Execution Vulnerability. This vulnerability allows…
CVE-2025-5349 — CVSS 8.8 (high): Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
CVE-2024-42416 — CVSS 8.8 (high): The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a…
CVE-2023-25731 — CVSS 8.8 (high): Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to…
CVE-2022-36078 — CVSS 8.8 (high): Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited…
CVE-2021-21943 — CVSS 8.8 (high): A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can…
CVE-2025-8424: Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the…
CVE-2025-48507: The security state of the calling processor into Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors…
CVE-2023-42447 — CVSS 8.6 (high): blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient…
CVE-2023-42444 — CVSS 8.6 (high): phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and…
CVE-2022-4904 — CVSS 8.6 (high): A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a…
CVE-2022-4989: ** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to…
CVE-2022-24754 — CVSS 8.5 (high): PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there…
CVE-2025-0286 — CVSS 8.4 (high): Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to…
CVE-2022-36086 — CVSS 8.4 (high): linked_list_allocator is an allocator usable for no_std systems. Prior to version 0.10.2, the heap initialization methods were missing a…
CVE-2021-35132 — CVSS 8.4 (high): Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-35928 — CVSS 8.4 (high): AES Crypt is a file encryption software for multiple platforms. AES Crypt for Linux built using the source on GitHub and having the version…
CVE-2021-30350 — CVSS 8.4 (high): Lack of MBN header size verification against input buffer can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-31346 — CVSS 8.2 (high): A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions…
CVE-2026-40093 — CVSS 8.1 (high): nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation…
CVE-2023-42448 — CVSS 8.1 (high): Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, the specification states that the contestation period in…
CVE-2022-24903 — CVSS 8.1 (high): Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when…
CVE-2021-44158 — CVSS 8.0 (high): ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An…
CVE-2025-25178 — CVSS 7.8 (high): Software installed and run as a non-privileged user may conduct improper GPU system calls to cause kernel system memory corruption.
CVE-2024-45351 — CVSS 7.8 (high): A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input…
CVE-2025-0285 — CVSS 7.8 (high): Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure…