Weaknesses of type CWE-20
4,743 resultsCVE-2025-24002MEDIUMMQTT DoS Vulnerability in German EV Charging StationsEPSS 0.4%CVE-2019-15959MEDIUMCisco Small Business SPA500 Series IP Phones Local Script Execution VulnerabilityEPSS 0.4%CVE-2022-39017HIGHXSS in all comments fields in M-Files HubshareEPSS 0.4%CVE-2026-48188CRITICALSQL Injection via MySQL Quote MethodEPSS 0.4%CVE-2025-66960HIGHAn issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads EPSS 0.4%CVE-2022-36859MEDIUMImproper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victimEPSS 0.4%CVE-2023-21631HIGHImproper Input Validation in ModemEPSS 0.4%CVE-2026-11046HIGHInsufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised thEPSS 0.4%CVE-2025-13587MEDIUMTwo Factor (2FA) Authentication via Email <= 1.9.8 - Two-Factor Authentication Bypass via tokenEPSS 0.4%CVE-2024-22271HIGHSpring Cloud Function Web DOS VulnerabilityEPSS 0.4%CVE-2024-2513MEDIUMWP Chat App <= 3.6.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Image AttributeEPSS 0.4%CVE-2025-8708LOWAntabot White-Jotter com.gm.wj.config.ShiroConfiguration ShiroConfiguration.java CookieRememberMeManager deserializationEPSS 0.4%CVE-2026-6409HIGHDenial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted inputEPSS 0.4%CVE-2025-6545CRITICALpbkdf2 silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos supported by Node.jsEPSS 0.4%CVE-2022-1798HIGHPath Traversal vulnerability in KubevirtEPSS 0.4%CVE-2025-27388HIGHArbitrary URL Loading in WebView Leading to Token Leakage RiskEPSS 0.4%CVE-2024-2226MEDIUMOtter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.4%CVE-2023-47210MEDIUMImproper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user tEPSS 0.4%CVE-2025-22235HIGHSpring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposedEPSS 0.4%CVE-2025-58716HIGHWindows Speech Runtime Elevation of Privilege VulnerabilityEPSS 0.4%