Falhas do tipo CWE-20

4.738 resultados
CVE-2026-39998MEDIUMApache APISIX: Identity Injection via forward-auth Plugin Missing Header CleanupEPSS 0.4%CVE-2024-7005HIGHInsufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced EPSS 0.4%CVE-2025-20148HIGHCisco Secure Firewall Management Center HTML Injection VulnerabilityEPSS 0.4%CVE-2022-44756MEDIUMHCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validationEPSS 0.4%CVE-2026-9521MEDIUMfraillt bitsery std_smart_ptr.h loadFromSharedState improper validation of specified type of inputEPSS 0.4%CVE-2025-4905MEDIUMiop-apl-uw basestation3 QC.py load_qc_pickl deserializationEPSS 0.4%CVE-2018-0211A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a deniEPSS 0.4%CVE-2026-42388MEDIUMMissing input validation for catalog zonesEPSS 0.4%CVE-2025-5878MEDIUMESAPI esapi-java-legacy SQL Injection Defense Encoder.encodeForSQL special elementEPSS 0.4%CVE-2025-11936MEDIUMPotential DoS Vulnerability through Multiple KeyShareEntry with Same Group in TLS 1.3 ClientHelloEPSS 0.4%CVE-2026-42387MEDIUMInsufficient input validation in ZoneToCacheEPSS 0.4%CVE-2024-1245LOWConcrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributesEPSS 0.4%CVE-2026-31799MEDIUMTautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parametersEPSS 0.4%CVE-2024-37346MEDIUMInsufficient input validation vulnerability in the Absolute Secure Access Warehouse prior to 13.06EPSS 0.4%CVE-2021-20194There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BEPSS 0.4%CVE-2022-30784MEDIUMA crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.EPSS 0.4%CVE-2024-47866HIGHRGW DoS attack with empty HTTP header in S3 object copyEPSS 0.4%CVE-2026-45135HIGHCaddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP FilesEPSS 0.4%CVE-2022-46328HIGHSome smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.EPSS 0.4%CVE-2026-3294HIGHAuthentication Logic Vulnerability on Multiple TP-Link Range ExtendersEPSS 0.4%