Weaknesses of type CWE-20

4,753 results
CVE-2025-61652LOWAction API discussiontoolspageinfo does not check for authorizeRead for the pageEPSS 0.3%CVE-2026-14055CRITICALInsufficient validation of untrusted input in Device Trust in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who EPSS 0.3%CVE-2026-14078HIGHInsufficient validation of untrusted input in WebRTC in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege EPSS 0.3%CVE-2026-44425MEDIUMShellHub: Crash-DoS via field injection in filter and sort-by parametersEPSS 0.3%CVE-2026-14106CRITICALInsufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compEPSS 0.3%CVE-2026-11066CRITICALInsufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially performEPSS 0.3%CVE-2024-3938MEDIUMThe "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it caEPSS 0.3%CVE-2026-0051MEDIUMIn multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a system crash due to improper input validation. This EPSS 0.3%CVE-2025-13826HIGHIncorrect input validation on the Zervit portable HTTP/Web serverEPSS 0.3%CVE-2026-13603CRITICALSSRF with API key leak in pretix-oppwaEPSS 0.3%CVE-2026-14411CRITICALInsufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially performEPSS 0.3%CVE-2021-35531Remote Code Execution in TXpert Hub CoreTec 4EPSS 0.3%CVE-2026-14009HIGHInappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corrEPSS 0.3%CVE-2026-4451HIGHInsufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromiEPSS 0.3%CVE-2025-53075MEDIUMImproper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2.EPSS 0.3%CVE-2026-11659CRITICALInteger overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape vEPSS 0.3%CVE-2026-20256MEDIUMImproper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk EnterpriseEPSS 0.3%CVE-2026-29135MEDIUMWebmail Password Tag Sanitization BypassEPSS 0.3%CVE-2023-45167MEDIUMIBM AIX denial of serviceEPSS 0.3%CVE-2024-36284MEDIUMImproper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enaEPSS 0.3%