Weaknesses of type CWE-20

4,737 results
CVE-2023-50733HIGHA Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark devices.EPSS 0.4%CVE-2024-25999HIGHPHOENIX CONTACT: Privilege escalation in the OCPP agent serviceEPSS 0.4%CVE-2023-42508MEDIUMJFrog Artifactory Improper header input validation leads to email manipulation sent from the platformEPSS 0.4%CVE-2024-36047CRITICALInfoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation.EPSS 0.4%CVE-2022-43484HIGHTERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable EPSS 0.4%CVE-2021-29913MEDIUMIBM Security Verify Privilege improper input validationEPSS 0.4%CVE-2026-34712HIGHCAI Content Credentials | Improper Input Validation (CWE-20)EPSS 0.4%CVE-2023-32820HIGHIn wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with noEPSS 0.4%CVE-2024-1471MEDIUMHTML Injection VulnerabilityEPSS 0.4%CVE-2025-11958MEDIUMAn improper input validation in the Security Dashboard ignored-tasks API of Devolutions Server 2025.2.15.0 and earlier allows an authenticatEPSS 0.4%CVE-2021-41133HIGHSandbox bypass via recent VFS-manipulating syscallsEPSS 0.4%CVE-2026-8759MEDIUMxiandafu beetl SpELFunction SpELFunction.java expression language injectionEPSS 0.4%CVE-2023-2267MEDIUMImproper input validation could lead to reflection injection attacksEPSS 0.4%CVE-2023-0896HIGHA default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attackEPSS 0.4%CVE-2025-54250MEDIUMAdobe Experience Manager | Improper Input Validation (CWE-20)EPSS 0.4%CVE-2026-44319HIGHfree5GC: NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)EPSS 0.4%CVE-2018-25160MEDIUMHTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backendEPSS 0.4%CVE-2025-50490HIGHImproper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attacEPSS 0.4%CVE-2026-39998MEDIUMApache APISIX: Identity Injection via forward-auth Plugin Missing Header CleanupEPSS 0.4%CVE-2024-7005HIGHInsufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced EPSS 0.4%