Weaknesses of type CWE-20
4,583 resultsCVE-2021-33527CRITICALOS Command Injection in mbDIALUP <= 3.9R0.0EPSS 4.5%CVE-2023-34448HIGHGrav Server-side Template Injection (SSTI) via Twig Default FiltersEPSS 4.5%CVE-2022-2856MEDIUMInsufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitEPSS 4.5%KEVCVE-2024-31449HIGHLua library commands may lead to stack overflow and RCE in RedisEPSS 4.5%CVE-2021-38000MEDIUMInsufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitraEPSS 4.5%KEVCVE-2018-0378HIGHCisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches Precision Time Protocol Denial of Service VulnerabilityEPSS 4.5%CVE-2018-14630HIGHmoodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution.EPSS 4.4%CVE-2024-45431MEDIUMOpenSynergy BlueSDK (aka Blue SDK) through 6.x has Improper Input Validation. The specific flaw exists within the BlueSDK Bluetooth stack. TEPSS 4.4%CVE-2019-1823HIGHCisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution VulnerabilitiesEPSS 4.4%CVE-2019-1822HIGHCisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution VulnerabilitiesEPSS 4.4%CVE-2016-9579MEDIUMA flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucEPSS 4.4%CVE-2021-1138CRITICALCisco Smart Software Manager Satellite Web UI Command Injection VulnerabilitiesEPSS 4.4%CVE-2021-1140CRITICALCisco Smart Software Manager Satellite Web UI Command Injection VulnerabilitiesEPSS 4.4%CVE-2018-15454HIGHCisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service VulnerabilityEPSS 4.4%CVE-2019-1861HIGHCisco Industrial Network Director Remote Code Execution VulnerabilityEPSS 4.4%CVE-2022-3140—Macro URL arbitrary script executionEPSS 4.4%CVE-2021-1142CRITICALCisco Smart Software Manager Satellite Web UI Command Injection VulnerabilitiesEPSS 4.3%CVE-2016-8625MEDIUMcurl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and EPSS 4.3%CVE-2023-26405HIGHZDI-CAN-20712: Object Prototype pollution which leads to API Restrictions BypassEPSS 4.3%CVE-2023-26407HIGHZDI-CAN-20712: Net.HTTP.request Arbitrary Command ExecutionEPSS 4.3%