Cwe 20

🧬 CWE Related 125
slug: cwe-20

Explanation

CWE-20は「ユーザーから受け取ったデータが、想定された形式・範囲・型かをきちんとチェックせずに使ってしまう欠陥」のことです。 非常に広い概念で、SQLi・XSS・コマンドインジェクションなど多くの攻撃の前段階となります。 「入力は信用するな (Trust Boundaries の概念)」がセキュリティ設計の基本原則です。
📌 Example
多くのCISA KEV登録CVEがこのCWEに分類されており、2024年だけで100件以上の悪用事例があります。

🔖 Related tags

🛡 Vulnerabilities tagged with this 1,695

ID Title
CVE-2025-50494 Vulnerability in phpgurukul (CVE-2025-50494)
CVE-2025-6558 KEV [KEV] Vulnerability in Google chromium (CVE-2025-6558)
CVE-2025-53471 Vulnerability in CVE-2025-53471 (CVE-2025-53471)
CVE-2025-44526 Vulnerability in dos (CVE-2025-44526)
CVE-2025-46836 Vulnerability in c (CVE-2025-46836)
CVE-2024-21413 KEV [KEV] Vulnerability in Microsoft office-outlook (CVE-2024-21413)
CVE-2024-52337 Vulnerability in CVE-2024-52337 (CVE-2024-52337)
CVE-2024-12401 Vulnerability in github.com/cert-manager/cert-manager (CVE-2024-12401)
CVE-2024-11079 Vulnerability in CVE-2024-11079 (CVE-2024-11079)
CVE-2024-43455 Windows Remote Desktop Licensing Service Spoofing Vulnerability
CVE-2016-3714 KEV [KEV] Vulnerability in imagemagick (CVE-2016-3714)
CVE-2024-42531 Vulnerability in CVE-2024-42531 (CVE-2024-42531)
CVE-2022-23817 Vulnerability in privilege-escalation (CVE-2022-23817)
CVE-2023-31339 Vulnerability in dos (CVE-2023-31339)
CVE-2024-38189 KEV [KEV] Vulnerability in Microsoft project (CVE-2024-38189)
CVE-2024-23669 Vulnerability in fortinet (CVE-2024-23669)
CVE-2024-23668 Vulnerability in fortinet (CVE-2024-23668)
CVE-2024-2199 Vulnerability in dos (CVE-2024-2199)
CVE-2024-30040 KEV [KEV] Vulnerability in Microsoft windows (CVE-2024-30040)
CVE-2024-3400 KEV [KEV] Vulnerability in Palo alto networks palo-alto-networks (CVE-2024-3400)
CVE-2023-6879 Vulnerability in aomedia (CVE-2023-6879)
CVE-2023-41266 KEV [KEV] Vulnerability in Qlik sense (CVE-2023-41266)
CVE-2023-49081 Vulnerability in aiohttp (CVE-2023-49081)
CVE-2023-49082 Vulnerability in aiohttp (CVE-2023-49082)
CVE-2023-36563 KEV [KEV] Vulnerability in Microsoft wordpad (CVE-2023-36563)
CVE-2014-8361 KEV [KEV] Vulnerability in Realtek sdk (CVE-2014-8361)
CVE-2023-36897 Visual Studio Tools for Office Runtime Spoofing Vulnerability
CVE-2021-25489 KEV [KEV] Vulnerability in Samsung mobile-devices (CVE-2021-25489)
CVE-2023-2868 KEV [KEV] Vulnerability in Barracuda networks barracuda-networks (CVE-2023-2868)
CVE-2010-3904 KEV [KEV] Vulnerability in Linux kernel (CVE-2010-3904)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →