Fallos del tipo CWE-20

4743 resultados
CVE-2025-8708LOWAntabot White-Jotter com.gm.wj.config.ShiroConfiguration ShiroConfiguration.java CookieRememberMeManager deserializationEPSS 0.4%CVE-2024-2513MEDIUMWP Chat App <= 3.6.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Image AttributeEPSS 0.4%CVE-2024-22271HIGHSpring Cloud Function Web DOS VulnerabilityEPSS 0.4%CVE-2025-6545CRITICALpbkdf2 silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos supported by Node.jsEPSS 0.4%CVE-2025-27388HIGHArbitrary URL Loading in WebView Leading to Token Leakage RiskEPSS 0.4%CVE-2025-26477MEDIUMDell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could poEPSS 0.4%CVE-2022-1798HIGHPath Traversal vulnerability in KubevirtEPSS 0.4%CVE-2025-58716HIGHWindows Speech Runtime Elevation of Privilege VulnerabilityEPSS 0.4%CVE-2025-9467MEDIUMPossibility to bypass file upload validation on the server-sideEPSS 0.4%CVE-2023-47210MEDIUMImproper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user tEPSS 0.4%CVE-2026-22559HIGHAn Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is sociaEPSS 0.4%CVE-2024-2226MEDIUMOtter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.4%CVE-2025-22235HIGHSpring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposedEPSS 0.4%CVE-2026-7803CRITICALFlow Validation Bypass via Empty Component Type FieldEPSS 0.4%CVE-2017-12286A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from EPSS 0.4%CVE-2025-26702MEDIUMImproper Input Validation vulnerability in ZTE GoldenDB allows Input Data Manipulation.This issue affects GoldenDB: from 6.1.03 through 6.1.EPSS 0.4%CVE-2024-52593MEDIUMMissing validation allows spoofed "origin" links in MisskeyEPSS 0.4%CVE-2026-25722HIGHClaude Code Vulnerable to Command Injection via Directory Change Bypasses Write ProtectionEPSS 0.4%CVE-2025-31135MEDIUMGo-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple timesEPSS 0.4%CVE-2025-61235CRITICALAn issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields cEPSS 0.4%