Weaknesses of type CWE-20

4,749 results
CVE-2022-22287LOWAbitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox.EPSS 0.2%CVE-2026-3967MEDIUMAlfresco Activiti Process Variable Serialization System SerializableType.java createObjectInputStream deserializationEPSS 0.2%CVE-2026-12787MEDIUMzhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 testConnection Endpoint deserializationEPSS 0.2%CVE-2026-13917MEDIUMInsufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who coEPSS 0.2%CVE-2026-8735MEDIUMOinone Pamirs appConfigQuery PamirsParserConfig.java JsonUtils.parseMap deserializationEPSS 0.2%CVE-2026-11235HIGHInsufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renEPSS 0.2%CVE-2026-34066MEDIUMnimiq-blockchain: Peer-triggerable panic during history syncEPSS 0.2%CVE-2026-12465HIGHObject lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer procesEPSS 0.2%CVE-2026-14115HIGHInsufficient validation of untrusted input in Cast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised theEPSS 0.2%CVE-2026-33729MEDIUMOpenFGA has an Authorization Bypass through cached keysEPSS 0.2%CVE-2021-36283HIGHDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerabiliEPSS 0.2%CVE-2026-27818HIGHTerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlistEPSS 0.2%CVE-2024-5681HIGHCWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kerneEPSS 0.2%CVE-2022-1108MEDIUMA potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could beEPSS 0.2%CVE-2020-12961A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the EPSS 0.2%CVE-2023-34431HIGHImproper input validation in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilEPSS 0.2%CVE-2024-55655LOWsigstore-python has insufficient validation of integration timestamp during verificationEPSS 0.2%CVE-2025-21126MEDIUMInDesign Desktop | Improper Input Validation (CWE-20)EPSS 0.2%CVE-2026-26952MEDIUMPi-hole Web Interface has Stored HTML Injection via Local DNS Records (CNAME/Hosts) in data-tag AttributeEPSS 0.2%CVE-2024-54011MEDIUMMissing Error/Exception HandlingEPSS 0.2%