Falhas do tipo CWE-20

4.751 resultados
CVE-2026-44811HIGHWindows DWM Core Library Elevation of Privilege VulnerabilityEPSS 0.3%CVE-2024-21975HIGHImproper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary cEPSS 0.3%CVE-2022-26862MEDIUMPrior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vuEPSS 0.3%CVE-2026-21683HIGHiccDEV has Type Confusion in icStatusCMM::CIccEvalCompare::EvaluateProfile()EPSS 0.3%CVE-2022-26864MEDIUMPrior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vuEPSS 0.3%CVE-2026-1782MEDIUMMetForm Pro <= 3.9.7 - Unauthenticated Payment Amount Manipulation via 'mf-calculation'EPSS 0.3%CVE-2025-24255HIGHA file access issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS VentEPSS 0.3%CVE-2021-0176MEDIUMImproper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in WinEPSS 0.3%CVE-2022-26863MEDIUMPrior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vuEPSS 0.3%CVE-2026-12246HIGHOut of bounds stack write with crafted APL RREPSS 0.3%CVE-2026-13961MEDIUMInsufficient validation of untrusted input in DevTools in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convEPSS 0.3%CVE-2026-13877MEDIUMInsufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised thEPSS 0.3%CVE-2026-23839CRITICALMovary vulnerable to Cross-site Scripting with `?categoryUpdated=` paramEPSS 0.3%CVE-2026-27607HIGHRustFS's Missing Post Policy Validation leads to Arbitrary Object WriteEPSS 0.3%CVE-2025-5174MEDIUMerdogant pypickle pypickle.py load deserializationEPSS 0.3%CVE-2026-25723HIGHClaude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write RestrictionsEPSS 0.3%CVE-2026-5659MEDIUMpytries datrie trie File datrie.pyx Trie.__setstate__ deserializationEPSS 0.3%CVE-2026-11255HIGHInsufficient validation of untrusted input in Storage Access API in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had cEPSS 0.3%CVE-2021-0076MEDIUMImproper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operatiEPSS 0.3%CVE-2022-28190MEDIUMNVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where imprEPSS 0.3%