Fallos del tipo CWE-20

4748 resultados
CVE-2018-25160MEDIUMHTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backendEPSS 0.4%CVE-2025-50490HIGHImproper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attacEPSS 0.4%CVE-2025-54250MEDIUMAdobe Experience Manager | Improper Input Validation (CWE-20)EPSS 0.4%CVE-2026-44319HIGHfree5GC: NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)EPSS 0.4%CVE-2024-7005HIGHInsufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced EPSS 0.4%CVE-2026-46726HIGHApache Camel Vertx Websocket: The inbound consumer maps externally-supplied WebSocket query and path parameters into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headersEPSS 0.4%CVE-2023-6781MEDIUMOrbit Fox Companion <= 2.10.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom fieldsEPSS 0.4%CVE-2026-39998MEDIUMApache APISIX: Identity Injection via forward-auth Plugin Missing Header CleanupEPSS 0.4%CVE-2026-55993HIGHApache Camel Atmosphere Websocket: The inbound consumer maps externally-supplied WebSocket query parameters into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headers - enabling influencing internal behaviourEPSS 0.4%CVE-2022-44756MEDIUMHCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validationEPSS 0.4%CVE-2025-20148HIGHCisco Secure Firewall Management Center HTML Injection VulnerabilityEPSS 0.4%CVE-2025-4905MEDIUMiop-apl-uw basestation3 QC.py load_qc_pickl deserializationEPSS 0.4%CVE-2026-9521MEDIUMfraillt bitsery std_smart_ptr.h loadFromSharedState improper validation of specified type of inputEPSS 0.4%CVE-2025-11936MEDIUMPotential DoS Vulnerability through Multiple KeyShareEntry with Same Group in TLS 1.3 ClientHelloEPSS 0.4%CVE-2021-20194There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BEPSS 0.4%CVE-2026-42387MEDIUMInsufficient input validation in ZoneToCacheEPSS 0.4%CVE-2018-0211A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a deniEPSS 0.4%CVE-2026-42388MEDIUMMissing input validation for catalog zonesEPSS 0.4%CVE-2026-31799MEDIUMTautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parametersEPSS 0.4%CVE-2024-37346MEDIUMInsufficient input validation vulnerability in the Absolute Secure Access Warehouse prior to 13.06EPSS 0.4%