Falhas do tipo CWE-20

4.751 resultados
CVE-2021-25441Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q(10.0) and above allows untrusted applicatiEPSS 0.2%CVE-2026-12009HIGHInsufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who haEPSS 0.2%CVE-2026-45137HIGHAnchor: Program<'info, System> is not properly validatedEPSS 0.2%CVE-2026-23887MEDIUMGroup-Office has stored XSS vulnerability via unsanitized filenamesEPSS 0.2%CVE-2026-3620MEDIUMWord Replacer <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Replacement' ParameterEPSS 0.2%CVE-2021-4211MEDIUMA potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdEPSS 0.2%CVE-2021-4210MEDIUMA potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models maEPSS 0.2%CVE-2024-28976HIGHDell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privilegeEPSS 0.2%CVE-2022-31607HIGHNVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilitieEPSS 0.2%CVE-2025-55006MEDIUMFrappe Learning Holds Potential for Malicious SVG Upload in Image Upload FeatureEPSS 0.2%CVE-2026-20255MEDIUMImproper Input Validation through Classic Dashboards in Splunk EnterpriseEPSS 0.2%CVE-2021-4212MEDIUMA potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacEPSS 0.2%CVE-2025-12944MEDIUMImproper input validation in NETGEAR DGN2200v4EPSS 0.2%CVE-2026-14066MEDIUMInsufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypEPSS 0.2%CVE-2026-34086LOWAbuseFilter misuses ::userCanBitfield, exposing access-controlled informationEPSS 0.2%CVE-2021-26321Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP.EPSS 0.2%CVE-2023-24579HIGHMcAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt.EPSS 0.2%CVE-2026-7345HIGHInsufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromiseEPSS 0.2%CVE-2022-22287LOWAbitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox.EPSS 0.2%CVE-2026-11105MEDIUMInsufficient validation of untrusted input in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised thEPSS 0.2%