Weaknesses of type CWE-20
4,693 resultsCVE-2021-42854CRITICALDirectory Traversal Read/Write/Delete at PluginServletEPSS 1.5%CVE-2021-42853CRITICALDirectory Traversal Delete/Read at AgentDiagnosticServletEPSS 1.5%CVE-2018-3777—Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests.EPSS 1.5%CVE-2018-12478MEDIUMobs-service-replace_using_package_version allows to specify arbitrary input filesEPSS 1.5%CVE-2022-43546CRITICALA vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER MEPSS 1.5%CVE-2020-15228LOWEnvironment Variable Injection in GitHub ActionsEPSS 1.5%CVE-2022-20797MEDIUMCisco Secure Network Analytics Remote Code Execution VulnerabilityEPSS 1.5%CVE-2025-0938MEDIUMURL parser allowed square brackets in domain namesEPSS 1.5%CVE-2017-12173MEDIUMIt was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and wEPSS 1.5%CVE-2024-23263HIGHA logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS EPSS 1.5%CVE-2023-24856HIGHMicrosoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityEPSS 1.5%CVE-2014-125119HIGHWinRAR < 5.00 Filename Spoofing RCEEPSS 1.5%CVE-2019-1789HIGHClamAV Denial of Service VulnerabilityEPSS 1.5%CVE-2026-4342HIGHingress-nginx comment-based nginx configuration injectionEPSS 1.5%CVE-2019-1909MEDIUMCisco IOS XR Software Border Gateway Protocol Denial of Service VulnerabilityEPSS 1.5%CVE-2019-12701MEDIUMCisco Firepower Management Center Software File and Malware Policy Bypass VulnerabilityEPSS 1.5%CVE-2022-47185HIGHApache Traffic Server: Invalid Range header causes a crashEPSS 1.5%CVE-2019-1786HIGHClam AntiVirus PDF Out-of-Bounds Read VulnerabilityEPSS 1.5%CVE-2008-2173HIGHUnspecified vulnerability in Yamaha routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE meEPSS 1.5%CVE-2022-43439CRITICALA vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions < V2.50), POWER METER SICAM Q100 (7KG9501-0EPSS 1.5%