Weaknesses of type CWE-20

4,743 results
CVE-2021-25682HIGHapport improperly parses /proc/pid/statusEPSS 0.5%CVE-2024-1246LOWConcrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import FeatureEPSS 0.5%CVE-2021-0214MEDIUMJunos OS: Denial of Service in ppmd upon receipt of malformed packetEPSS 0.5%CVE-2026-48204CRITICALApache Camel: Camel-MongoDB-GridFS: The gridfs.* control headers used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to switch the GridFS operation - including destructive file deletion - in the default configurationEPSS 0.5%CVE-2021-39261MEDIUMA crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22.EPSS 0.5%CVE-2023-20134MEDIUMCisco Webex Meetings Web UI VulnerabilitiesEPSS 0.5%CVE-2023-34983MEDIUMImproper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthEPSS 0.5%CVE-2019-15971MEDIUMCisco Email Security Appliance MP3 Content Filter Bypass VulnerabilityEPSS 0.5%CVE-2026-46453MEDIUMApache Camel: Camel-Elasticsearch-Rest-Client: Exchange header constants without the Camel prefix bypass inbound HTTP header filtering, allowing untrusted clients to override the Elasticsearch query and operationEPSS 0.5%CVE-2025-27023MEDIUMImproper Input Validation in Infinera G42EPSS 0.5%CVE-2024-32646MEDIUMvyper performs double eval of the slice args when buffer from adhoc locationsEPSS 0.5%CVE-2025-3250MEDIUMelunez eladmin Maintenance Management Module testConnect deserializationEPSS 0.5%CVE-2024-32645MEDIUMvyper performs incorrect topic logging in raw_logEPSS 0.5%CVE-2022-41908MEDIUM`CHECK` fail via inputs in `PyFunc` in TensorflowEPSS 0.4%CVE-2025-48944MEDIUMvLLM Tool Schema allows DoS via Malformed pattern and type FieldsEPSS 0.4%CVE-2026-13794HIGHInsufficient validation of untrusted input in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker whEPSS 0.4%CVE-2023-4586HIGHHotrod-client: hot rod client does not enable hostname validation when using tls that lead to a mitm attackEPSS 0.4%CVE-2017-7517LOWAn input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespacesEPSS 0.4%CVE-2025-34157CRITICALCoolify Stored Cross-Site Scripting (XSS) in Project Name FieldEPSS 0.4%CVE-2025-61582HIGHTs3 Manager: Unauthenticated Denial of Service possible through specially crafted Unicode inputEPSS 0.4%