Weaknesses of type CWE-176
26 resultsCVE-2024-24691CRITICALZoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input ValidationEPSS 1.7%CVE-2023-39213CRITICALImproper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticateEPSS 1.3%CVE-2024-47611MEDIUMXZ Utils on Microsoft Windows platform are vulnerable to argument injectionEPSS 0.7%CVE-2024-43093HIGHIn shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitEPSS 0.7%KEVCVE-2006-10002CRITICALXML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashesEPSS 0.6%CVE-2026-4114MEDIUMImproper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP aEPSS 0.6%CVE-2023-41889MEDIUMLate-Unicode normalization vulnerability in SHIRASAGIEPSS 0.6%CVE-2026-45062HIGHFrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP FilesEPSS 0.6%CVE-2023-52081MEDIUMewen-lbh/ffcss late-Unicode normalization vulnerabilityEPSS 0.5%CVE-2020-8929MEDIUMCiphertext integrity weakness in TinkEPSS 0.5%CVE-2026-7040HIGHText::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have heap overflow when processing some malformed UTF-8 charactersEPSS 0.4%CVE-2026-4116HIGHImproper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/CEPSS 0.4%CVE-2026-25480MEDIUMFileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)EPSS 0.4%CVE-2025-71316CRITICALSQLite sqldiff remote code execution via argument injectionEPSS 0.4%CVE-2023-31169MEDIUMImproper Handling of Unicode EncodingEPSS 0.4%CVE-2026-44288MEDIUMprotobufjs: Overlong UTF-8 decodingEPSS 0.3%CVE-2017-20190—Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiEPSS 0.3%CVE-2025-59547MEDIUMDNN's CKEditor File Uploader functionality vulnerable through Unicode obfuscationEPSS 0.2%CVE-2026-20202MEDIUMImproper Input Validation during User Account Creation in Splunk EnterpriseEPSS 0.2%CVE-2025-55129MEDIUMHackerOne community member Kassem S.(kassem_s94) has reported that username handling in Revive Adserver was still vulnerable to impersonatioEPSS 0.2%