Weaknesses of type CWE-20

4,737 results
CVE-2026-46726HIGHApache Camel Vertx Websocket: The inbound consumer maps externally-supplied WebSocket query and path parameters into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headersEPSS 0.4%CVE-2023-6781MEDIUMOrbit Fox Companion <= 2.10.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom fieldsEPSS 0.4%CVE-2022-44756MEDIUMHCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validationEPSS 0.4%CVE-2025-20148HIGHCisco Secure Firewall Management Center HTML Injection VulnerabilityEPSS 0.4%CVE-2025-4905MEDIUMiop-apl-uw basestation3 QC.py load_qc_pickl deserializationEPSS 0.4%CVE-2026-9521MEDIUMfraillt bitsery std_smart_ptr.h loadFromSharedState improper validation of specified type of inputEPSS 0.4%CVE-2024-1245LOWConcrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributesEPSS 0.4%CVE-2026-42388MEDIUMMissing input validation for catalog zonesEPSS 0.4%CVE-2024-37346MEDIUMInsufficient input validation vulnerability in the Absolute Secure Access Warehouse prior to 13.06EPSS 0.4%CVE-2026-42387MEDIUMInsufficient input validation in ZoneToCacheEPSS 0.4%CVE-2018-0211A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a deniEPSS 0.4%CVE-2026-31799MEDIUMTautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parametersEPSS 0.4%CVE-2025-11936MEDIUMPotential DoS Vulnerability through Multiple KeyShareEntry with Same Group in TLS 1.3 ClientHelloEPSS 0.4%CVE-2025-5878MEDIUMESAPI esapi-java-legacy SQL Injection Defense Encoder.encodeForSQL special elementEPSS 0.4%CVE-2021-20194There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BEPSS 0.4%CVE-2024-47866HIGHRGW DoS attack with empty HTTP header in S3 object copyEPSS 0.4%CVE-2022-30784MEDIUMA crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.EPSS 0.4%CVE-2026-45135HIGHCaddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP FilesEPSS 0.4%CVE-2026-3294HIGHAuthentication Logic Vulnerability on Multiple TP-Link Range ExtendersEPSS 0.4%CVE-2026-33285HIGHLiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process CrashEPSS 0.4%