Weaknesses of type CWE-20
4,753 resultsCVE-2017-2614MEDIUMWhen updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password ifEPSS 0.3%CVE-2024-38811HIGHCode-execution vulnerabilityEPSS 0.3%CVE-2026-11022MEDIUMInsufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromisedEPSS 0.3%CVE-2022-21933MEDIUMASUS VivoMini/Mini PC - improper input validationEPSS 0.3%CVE-2024-6254MEDIUMBrizy – Page Builder <= 2.5.1 - Cross-Site Request ForgeryEPSS 0.3%CVE-2026-41670HIGHAdmidio: SAML Response Sent to Unvalidated Assertion Consumer Service URL from AuthnRequestEPSS 0.3%CVE-2026-11016MEDIUMInsufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised EPSS 0.3%CVE-2026-10912MEDIUMInsufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromisEPSS 0.3%CVE-2021-1454MEDIUMCisco IOS XE SD-WAN Software Parameter Injection VulnerabilitiesEPSS 0.3%CVE-2023-42981MEDIUMProcessing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was adEPSS 0.3%CVE-2026-11086HIGHInappropriate implementation in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer procEPSS 0.3%CVE-2026-14087HIGHHeap buffer overflow in WebNN in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer EPSS 0.3%CVE-2026-58292HIGHMicrosoft Edge (Chromium-based) Remote Code Execution VulnerabilityEPSS 0.3%CVE-2026-22700HIGHRustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKEEPSS 0.3%CVE-2025-66866MEDIUMAn issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafEPSS 0.3%CVE-2026-36501HIGHAn issue in the Externalizable.readExternal() component of Controller v12.0.5 allows attackers to cause a Denial of Service (DoS) via a crafEPSS 0.3%CVE-2025-64759HIGHHomarr is Vulnerable to Stored Cross-Site Scripting (XSS) and Possible Privilege Escalation via Malicious SVG UploadEPSS 0.3%CVE-2026-49475HIGHFreeSWITCH: Out-of-bounds memory access in core STUN attribute parsingEPSS 0.3%CVE-2024-39606MEDIUMImproper input validation in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unEPSS 0.3%CVE-2025-59886HIGHImproper input validation at one of the endpoints of Eaton xComfort ECI's
web interface, could lead into an attacker with network access tEPSS 0.3%