Weaknesses of type CWE-20
4,749 resultsCVE-2023-1732MEDIUMImproper random reading in CIRCLEPSS 0.4%CVE-2026-28797HIGHRAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" ComponentEPSS 0.4%CVE-2021-25471LOWA lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile EPSS 0.4%CVE-2023-49610HIGHMachineSense FeverWarn Improper Input ValidationEPSS 0.4%CVE-2024-41849MEDIUMAdobe Experience Manager | Improper Input Validation (CWE-20)EPSS 0.4%CVE-2026-49098MEDIUMApache Camel: Camel-Kafka: The kafka.OVERRIDE_TOPIC (and other kafka.*) Exchange header constants used non-Camel-prefixed names that bypass the upstream HTTP header filter, allowing an HTTP client to redirect Kafka messages to an arbitrary topicEPSS 0.4%CVE-2025-11135MEDIUMpmTicket Project-Management-Software Cookie class.database.php loadLanguage deserializationEPSS 0.4%CVE-2025-3116HIGHCWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an
authenticated malicious user sends specialEPSS 0.4%CVE-2022-34758MEDIUMA CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had acEPSS 0.4%CVE-2026-14104HIGHInsufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arEPSS 0.4%CVE-2024-51392HIGHAn issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker to escalate privileges via the url parameter of the getPDF.php componentEPSS 0.4%CVE-2024-37406HIGHIn Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domEPSS 0.4%CVE-2023-4553MEDIUMUnauthenticated Access to AppBuilder Configuration FilesEPSS 0.4%CVE-2023-4435HIGHImproper Input Validation in hamza417/inureEPSS 0.4%CVE-2024-20334MEDIUMA vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attaEPSS 0.4%CVE-2025-3622MEDIUMXorbits Inference model.py load deserializationEPSS 0.4%CVE-2026-28860HIGHThe issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOSEPSS 0.4%CVE-2025-59161LOWIn Element Web and Element Desktop, a malicious room can hide an unrelated room and cause it to be left when the malicious room is leftEPSS 0.4%CVE-2025-34124HIGHHeroes of Might and Magic III .h3m Map File Buffer OverflowEPSS 0.4%CVE-2023-45745HIGHImproper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enablEPSS 0.4%