Weaknesses of type CWE-20
4,753 resultsCVE-2026-48109HIGHMessagePack-CSharp: LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad inputEPSS 0.3%CVE-2026-28917MEDIUMThe issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOEPSS 0.3%CVE-2026-13889MEDIUMSide-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak crossEPSS 0.3%CVE-2023-1250HIGHCode execution through ACL creationEPSS 0.3%CVE-2022-2145MEDIUMCloudlfare WARP Arbitrary File OverwriteEPSS 0.3%CVE-2026-26953MEDIUMPi-hole Web Interface has Stored HTML Injection via X-Forwarded-For Header in Active Sessions TableEPSS 0.3%CVE-2022-30713HIGHImproper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.EPSS 0.3%CVE-2025-40846HIGHHaloITSM open redirect via the returnUrlEPSS 0.3%CVE-2026-13893MEDIUMInsufficient validation of untrusted input in WebUI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin dEPSS 0.3%CVE-2026-13777HIGHInsufficient validation of untrusted input in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentiallyEPSS 0.3%CVE-2026-13797CRITICALInsufficient validation of untrusted input in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromisEPSS 0.3%CVE-2024-27896HIGHInput verification vulnerability in the log module.
Impact: Successful exploitation of this vulnerability can affect integrity.EPSS 0.3%CVE-2026-30078HIGHOpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the mEPSS 0.3%CVE-2024-52592MEDIUMMissing validation allows spoofed poll updates in MisskeyEPSS 0.3%CVE-2020-35509MEDIUMA flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticatoEPSS 0.3%CVE-2025-15606HIGHDenial of Service (DoS) in HTTPD Input Handling on TP-Link TD-W8961NEPSS 0.3%CVE-2026-0403LOWInsufficient input validation in NETGEAR Orbi routersEPSS 0.3%CVE-2026-9969HIGHInsufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary EPSS 0.3%CVE-2025-0658HIGHAutomated Logic and Carrier Zone Controllers malformed packets denial of serviceEPSS 0.3%CVE-2026-8527HIGHInsufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrEPSS 0.3%