Falhas do tipo CWE-20

4.752 resultados
CVE-2023-35136MEDIUMAn improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX serEPSS 0.2%CVE-2026-11105MEDIUMInsufficient validation of untrusted input in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised thEPSS 0.2%CVE-2026-7345HIGHInsufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromiseEPSS 0.2%CVE-2021-3719MEDIUMA potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some EPSS 0.2%CVE-2026-21686HIGHiccDEV has Undefined Behavior in CIccTagLutAtoB::Validate()EPSS 0.2%CVE-2023-20528LOWInsufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leadinEPSS 0.2%CVE-2026-21691MEDIUMiccDEV has Type Confusion in CIccTag:IsTypeCompressed()EPSS 0.2%CVE-2026-39417MEDIUMMaxKB: RCE via MCP stdio command injection in workflow engineEPSS 0.2%CVE-2026-7915MEDIUMInsufficient data validation in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker to bypass navigation rEPSS 0.2%CVE-2026-8735MEDIUMOinone Pamirs appConfigQuery PamirsParserConfig.java JsonUtils.parseMap deserializationEPSS 0.2%CVE-2026-34066MEDIUMnimiq-blockchain: Peer-triggerable panic during history syncEPSS 0.2%CVE-2026-12787MEDIUMzhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 testConnection Endpoint deserializationEPSS 0.2%CVE-2026-13917MEDIUMInsufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who coEPSS 0.2%CVE-2026-12465HIGHObject lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer procesEPSS 0.2%CVE-2026-3967MEDIUMAlfresco Activiti Process Variable Serialization System SerializableType.java createObjectInputStream deserializationEPSS 0.2%CVE-2026-11235HIGHInsufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renEPSS 0.2%CVE-2026-33729MEDIUMOpenFGA has an Authorization Bypass through cached keysEPSS 0.2%CVE-2026-14115HIGHInsufficient validation of untrusted input in Cast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised theEPSS 0.2%CVE-2024-5681HIGHCWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kerneEPSS 0.2%CVE-2026-27818HIGHTerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlistEPSS 0.2%