Weaknesses of type CWE-20
4,743 resultsCVE-2024-1244CRITICALRemote code execution and local privilege escalation due to UNC access and NetNTLMv2 hash theftEPSS 0.3%CVE-2026-7712MEDIUMMindsDB Pickle pickle.loads deserializationEPSS 0.3%CVE-2026-13829HIGHInsufficient validation of untrusted input in Settings in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had EPSS 0.3%CVE-2026-43935HIGHe107: Host Header Injection in e107 password reset enables phishingEPSS 0.3%CVE-2026-13889MEDIUMSide-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak crossEPSS 0.3%CVE-2026-28917MEDIUMThe issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOEPSS 0.3%CVE-2026-48109HIGHMessagePack-CSharp: LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad inputEPSS 0.3%CVE-2023-1250HIGHCode execution through ACL creationEPSS 0.3%CVE-2026-26953MEDIUMPi-hole Web Interface has Stored HTML Injection via X-Forwarded-For Header in Active Sessions TableEPSS 0.3%CVE-2022-2145MEDIUMCloudlfare WARP Arbitrary File OverwriteEPSS 0.3%CVE-2022-30713HIGHImproper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.EPSS 0.3%CVE-2025-40846HIGHHaloITSM open redirect via the returnUrlEPSS 0.3%CVE-2026-13797CRITICALInsufficient validation of untrusted input in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromisEPSS 0.3%CVE-2026-13777HIGHInsufficient validation of untrusted input in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentiallyEPSS 0.3%CVE-2026-13893MEDIUMInsufficient validation of untrusted input in WebUI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin dEPSS 0.3%CVE-2024-27896HIGHInput verification vulnerability in the log module.
Impact: Successful exploitation of this vulnerability can affect integrity.EPSS 0.3%CVE-2024-52592MEDIUMMissing validation allows spoofed poll updates in MisskeyEPSS 0.3%CVE-2025-15606HIGHDenial of Service (DoS) in HTTPD Input Handling on TP-Link TD-W8961NEPSS 0.3%CVE-2026-30078HIGHOpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the mEPSS 0.3%CVE-2020-35509MEDIUMA flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticatoEPSS 0.3%