Weaknesses of type CWE-20

4,753 results
CVE-2026-23841CRITICALMovary vulnerable to Cross-site Scripting with `?categoryCreated=` paramEPSS 0.2%CVE-2026-24856HIGHiccDEV has UB runtime error in <icTagTypeSignature>EPSS 0.2%CVE-2026-22204MEDIUMwpDiscuz before 7.6.47 - Unsanitized Cookie Email Used as wp_mail() RecipientEPSS 0.2%CVE-2025-46266MEDIUMUnauthenticated Transmission of Data in NomadBranch.exeEPSS 0.2%CVE-2026-11239HIGHInappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the rendereEPSS 0.2%CVE-2026-45393HIGHLocal privilege escalation to SYSTEM in Cribl Edge for WindowsEPSS 0.2%CVE-2026-0406MEDIUMInsufficient input validation in NETGEAR Nighthawk router XR1000v2EPSS 0.2%CVE-2026-11151HIGHInsufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had comEPSS 0.2%CVE-2026-11149HIGHInsufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromisEPSS 0.2%CVE-2021-25509MEDIUMA missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the WiEPSS 0.2%CVE-2023-27519MEDIUMImproper input validation in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable escalationEPSS 0.2%CVE-2025-12131MEDIUMTruncated 802.15.4 packet leads to denial of serviceEPSS 0.2%CVE-2025-15222LOWDromara Sa-Token SaSerializerTemplateForJdkUseBase64.java ObjectInputStream.readObject deserializationEPSS 0.2%CVE-2025-24510HIGHA vulnerability has been identified in MS/TP Point Pickup Module (All versions). Affected devices improperly handle specific incoming BACnetEPSS 0.2%CVE-2026-7905HIGHInsufficient validation of untrusted input in Media in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had comEPSS 0.2%CVE-2026-7916HIGHInsufficient data validation in InterestGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renEPSS 0.2%CVE-2023-20960HIGHIn launchDeepLinkIntentToRight of SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities due to improper inpuEPSS 0.2%CVE-2023-6381LOWImproper input validation in Newsletter Software SuperMailerEPSS 0.2%CVE-2024-23678HIGHDeserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk PartitionEPSS 0.2%CVE-2025-14606LOWtiny-rdm Tiny RDM Pickle Decoding pickle_convert.go pickle.loads deserializationEPSS 0.2%