Fallos del tipo CWE-20

4753 resultados
CVE-2026-54299HIGHAstro: Host-header full-read SSRF in core prerendered error-page fetch (prerenderedErrorPageFetch default + unvalidated createRequestFromNodeRequest URL)EPSS 0.2%CVE-2026-33284LOWGlobalLeaks has insufficient URL validation in user support APIEPSS 0.2%CVE-2025-54368MEDIUMuv is vulnerable to ZIP payload obfuscation through parsing differentialsEPSS 0.2%CVE-2025-32071MEDIUMWikibase CommonsInlineImageFormatter: i18n XSSEPSS 0.2%CVE-2024-22390MEDIUMImproper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of service.EPSS 0.2%CVE-2026-8528MEDIUMInsufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had comprEPSS 0.2%CVE-2025-32067MEDIUMi18n XSS vulnerability in message growthexperimentsEPSS 0.2%CVE-2026-8538MEDIUMInsufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised theEPSS 0.2%CVE-2022-48189MEDIUMAn SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privEPSS 0.2%CVE-2024-31153MEDIUMImproper input validation for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentiaEPSS 0.2%CVE-2023-42977HIGHA path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be abEPSS 0.2%CVE-2026-11213CRITICALInsufficient validation of untrusted input in Reading Mode in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromEPSS 0.2%CVE-2026-21272HIGHDreamweaver Desktop | Improper Input Validation (CWE-20)EPSS 0.2%CVE-2023-38719MEDIUMIBM Db2 denial of serviceEPSS 0.2%CVE-2025-52451HIGHImproper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-from-file-upload modEPSS 0.2%CVE-2026-11237HIGHInsufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised thEPSS 0.2%CVE-2025-31966LOWBoolean-Based SQL Injection in Multiple Unica ComponentsEPSS 0.2%CVE-2026-13990MEDIUMInsufficient validation of untrusted input in DataTransfer in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who EPSS 0.2%CVE-2026-20685MEDIUMAn attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved vaEPSS 0.2%CVE-2026-5915HIGHInsufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bEPSS 0.2%