Falhas do tipo CWE-20

4.713 resultados
CVE-2022-4032HIGHQuiz and Survey Master <= 8.0.4 - Unauthenticated iFrame Injection via Paragraph and Short AnswerEPSS 0.7%CVE-2022-45088CRITICALLocal File Inclusion in Smartpower WebEPSS 0.7%CVE-2020-7870MEDIUMA memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validatiEPSS 0.7%CVE-2026-47430CRITICALCordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViewsEPSS 0.7%CVE-2025-43253CRITICALThis issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. A malicious app mayEPSS 0.7%CVE-2023-27586CRITICALCairoSVG improperly processes SVG files loaded from external resourcesEPSS 0.7%CVE-2023-50709MEDIUMDenial of service attack on the cube-api endpointEPSS 0.7%CVE-2024-20721MEDIUMT5 Acrobat JS vulnerability - Exploitable crash via t5::javascript::get_page_num_wordsEPSS 0.7%CVE-2020-15197MEDIUMDenial of Service in TensorflowEPSS 0.7%CVE-2025-64990MEDIUMCommand Injection in 1E-Explorer-TachyonCore-LogoffUser InstructionEPSS 0.7%CVE-2024-21519MEDIUMThis affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restorEPSS 0.7%CVE-2023-38495HIGHCrossplane vulnerable to possible image tampering from missing image validation for PackagesEPSS 0.7%CVE-2022-21197HIGHImproper input validation for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable denial of EPSS 0.7%CVE-2021-22538MEDIUMPrivilege escalation in RBAC systemEPSS 0.7%CVE-2025-30293MEDIUMColdFusion | Improper Input Validation (CWE-20)EPSS 0.7%CVE-2024-25290HIGHAn issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to execute arbitrary code via the userName parameter of the add function.EPSS 0.7%CVE-2022-41606MEDIUMHashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can bEPSS 0.7%CVE-2023-40034HIGHRepositoty takeover in woodpecker-ciEPSS 0.7%CVE-2023-50256HIGHFroxlor username/surname AND company field BypassEPSS 0.7%CVE-2022-4427MEDIUMSQL Injection via OTRS Search APIEPSS 0.7%