Weaknesses of type CWE-20

4,737 results
CVE-2021-39259MEDIUMA crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3GEPSS 0.4%CVE-2024-36390HIGHMileSight DeviceHub - CWE-20 Improper Input ValidationEPSS 0.4%CVE-2019-14904A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the EPSS 0.4%CVE-2021-39262MEDIUMA crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.EPSS 0.4%CVE-2021-39260MEDIUMA crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.EPSS 0.4%CVE-2021-44769MEDIUMTLS Certificate Generation Function Improper Input ValidationEPSS 0.4%CVE-2022-33211CRITICALImproper Input Validation in MODEMEPSS 0.4%CVE-2026-8959CRITICALSandbox escape due to incorrect boundary conditions in the Widget: Win32 componentEPSS 0.4%CVE-2025-5498MEDIUMslackero phpwcms Custom Source Tab cnt21.readform.inc.php is_file deserializationEPSS 0.4%CVE-2024-32989LOWInsufficient verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affecEPSS 0.4%CVE-2024-20274MEDIUMCisco Secure Firewall Management Center HTML Injection VulnerabilityEPSS 0.4%CVE-2026-0878HIGHSandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL componentEPSS 0.4%CVE-2025-23268HIGHNVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker may cause an improper input validation issue. EPSS 0.4%CVE-2026-24505HIGHDell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with EPSS 0.4%CVE-2021-3442A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripEPSS 0.4%CVE-2017-12223A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local atEPSS 0.4%CVE-2021-39251MEDIUMA crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.EPSS 0.4%CVE-2023-41316MEDIUMHTML Injection with email in TolgeeEPSS 0.4%CVE-2021-33285MEDIUMIn NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap bufferEPSS 0.4%CVE-2022-25818MEDIUMImproper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution.EPSS 0.4%