Weaknesses of type CWE-20
4,746 resultsCVE-2025-5552MEDIUMChestnutCMS API Endpoint exec deserializationEPSS 0.4%CVE-2020-16127LOWaccountsservice .pam_environment infinite loopEPSS 0.4%CVE-2022-23425HIGHImproper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with EPSS 0.4%CVE-2023-42508MEDIUMJFrog Artifactory Improper header input validation leads to email manipulation sent from the platformEPSS 0.4%CVE-2023-2808MEDIUMLack of URL normalization allows rendering previews for disallowed domainsEPSS 0.4%CVE-2023-0869MEDIUMCross-site scripting in outage/list.htmEPSS 0.4%CVE-2023-50733HIGHA Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark devices.EPSS 0.4%CVE-2024-36047CRITICALInfoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation.EPSS 0.4%CVE-2024-25999HIGHPHOENIX CONTACT: Privilege escalation in the OCPP agent serviceEPSS 0.4%CVE-2026-27928HIGHWindows Hello Security Feature Bypass VulnerabilityEPSS 0.4%CVE-2022-43484HIGHTERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable EPSS 0.4%CVE-2023-32820HIGHIn wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with noEPSS 0.4%CVE-2026-34712HIGHCAI Content Credentials | Improper Input Validation (CWE-20)EPSS 0.4%CVE-2021-29913MEDIUMIBM Security Verify Privilege improper input validationEPSS 0.4%CVE-2025-11958MEDIUMAn improper input validation in the Security Dashboard ignored-tasks API of Devolutions Server 2025.2.15.0 and earlier allows an authenticatEPSS 0.4%CVE-2026-8759MEDIUMxiandafu beetl SpELFunction SpELFunction.java expression language injectionEPSS 0.4%CVE-2021-41133HIGHSandbox bypass via recent VFS-manipulating syscallsEPSS 0.4%CVE-2024-1471MEDIUMHTML Injection VulnerabilityEPSS 0.4%CVE-2023-0896HIGHA default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attackEPSS 0.4%CVE-2023-2267MEDIUMImproper input validation could lead to reflection injection attacksEPSS 0.4%