Falhas do tipo CWE-20
4.749 resultadosCVE-2026-21682HIGHiccDEV has heap-buffer-overflow in CIccXmlArrayType::ParseText()EPSS 0.3%CVE-2026-45492MEDIUMMicrosoft Edge (Chromium-based) Security Feature Bypass VulnerabilityEPSS 0.3%CVE-2026-13806HIGHInsufficient validation of untrusted input in Accessibility in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had comproEPSS 0.3%CVE-2026-42553HIGHCinny: Access token disclosure via invalidated emoji pack avatar URL in service workerEPSS 0.3%CVE-2021-1448HIGHCisco Firepower Threat Defense Software Command Injection VulnerabilityEPSS 0.3%CVE-2021-45916LOWSUN & MOON RISE CO., LTD. Shockwall - Improper Input ValidationEPSS 0.3%CVE-2024-20034HIGHIn battery, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege withEPSS 0.3%CVE-2026-21688HIGHiccDEV has Type Confusion in SIccCalcOp::ArgsPushed() at IccProfLib/IccMpeCalc.cppEPSS 0.3%CVE-2026-13891HIGHInsufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromisEPSS 0.3%CVE-2025-43533MEDIUMThe issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS SeEPSS 0.3%CVE-2026-24811CRITICALAn improper pointer arithmetic in root-project/root at builtins/zlib/inffast.cEPSS 0.3%CVE-2026-11047CRITICALInappropriate implementation in Base in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the reEPSS 0.3%CVE-2021-0156HIGHImproper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation oEPSS 0.3%CVE-2025-3162MEDIUMInternLM LMDeploy PT File utils.py load_weight_ckpt deserializationEPSS 0.3%CVE-2023-22329LOWImproper input validation in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of EPSS 0.3%CVE-2024-28028HIGHImproper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially eEPSS 0.3%CVE-2026-23489CRITICALFields GLPI plugin vulnerable to RCE in dropdown generationEPSS 0.3%CVE-2025-0660MEDIUMStored XSS in Folder Function by Rogue AdminEPSS 0.3%CVE-2026-10966CRITICALInappropriate implementation in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox esEPSS 0.3%CVE-2026-3641MEDIUMAppmax <= 1.0.3 - Missing Authorization to Order Status Manipulation and Arbitrary Order Creation via Webhook EndpointEPSS 0.3%