Falhas do tipo CWE-20
4.753 resultadosCVE-2026-9210MEDIUMCertain NETGEAR routers allow authenticated administrators to gain unintended control of the routerEPSS 0.2%CVE-2026-44337MEDIUMPraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queriesEPSS 0.2%CVE-2026-11112CRITICALInsufficient validation of untrusted input in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had EPSS 0.2%CVE-2023-42776LOWImproper input validation in some Intel(R) SGX DCAP software for Windows before version 1.19.100.3 may allow an authenticateed user to potenEPSS 0.2%CVE-2024-21949MEDIUMImproper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading toEPSS 0.2%CVE-2026-31805MEDIUMDiscourse has a poll authorization bypass via post_id array parameterEPSS 0.2%CVE-2023-2264MEDIUMImproper input validition could lead to code injectionEPSS 0.2%CVE-2025-31259HIGHA privacy issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS EPSS 0.2%CVE-2025-61084HIGHMDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle brackets (<>) in the From: header of SMTP DATA. EPSS 0.2%CVE-2025-12740HIGHRemote Command Execution in Looker via IBM DB2 JDBC driveEPSS 0.2%CVE-2025-12741HIGHArbitrary File Write in Denodo dialect of Looker allows Remote Code ExecutionEPSS 0.2%CVE-2026-56325LOWCapgo - App ID Confusion via ILIKE Wildcard in Preview Subdomain LookupEPSS 0.2%CVE-2025-0178MEDIUMWatchGaurd Firebox Host Header Injection VulnerabilityEPSS 0.2%CVE-2025-64747MEDIUMDirectus Vulnerable to Stored Cross-site ScriptingEPSS 0.2%CVE-2022-33709—Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch aEPSS 0.2%CVE-2026-28852MEDIUMA stack overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4EPSS 0.2%CVE-2021-1519MEDIUMCisco AnyConnect Secure Mobility Client Profile Modification VulnerabilityEPSS 0.2%CVE-2022-33708—Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch aEPSS 0.2%CVE-2024-56437MEDIUMVulnerability of input parameters not being verified in the widget framework module
Impact: Successful exploitation of this vulnerability maEPSS 0.2%CVE-2025-46340HIGHMisskey CSS Style Injection Vulnerability In `MkUrlPreview`EPSS 0.2%