Weaknesses of type CWE-20

4,753 results
CVE-2026-9210MEDIUMCertain NETGEAR routers allow authenticated administrators to gain unintended control of the routerEPSS 0.2%CVE-2025-43299MEDIUMA denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, macOS Sequoia 15.7, macOSEPSS 0.2%CVE-2026-11207CRITICALInsufficient validation of untrusted input in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perfEPSS 0.2%CVE-2026-7968LOWInsufficient validation of untrusted input in CORS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised theEPSS 0.2%CVE-2026-44337MEDIUMPraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queriesEPSS 0.2%CVE-2024-21949MEDIUMImproper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading toEPSS 0.2%CVE-2026-11112CRITICALInsufficient validation of untrusted input in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had EPSS 0.2%CVE-2026-11070CRITICALInsufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who haEPSS 0.2%CVE-2026-7966LOWInsufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had comproEPSS 0.2%CVE-2026-11198CRITICALInsufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perforEPSS 0.2%CVE-2026-11079HIGHInsufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of EPSS 0.2%CVE-2023-42776LOWImproper input validation in some Intel(R) SGX DCAP software for Windows before version 1.19.100.3 may allow an authenticateed user to potenEPSS 0.2%CVE-2025-0178MEDIUMWatchGaurd Firebox Host Header Injection VulnerabilityEPSS 0.2%CVE-2026-56325LOWCapgo - App ID Confusion via ILIKE Wildcard in Preview Subdomain LookupEPSS 0.2%CVE-2026-31805MEDIUMDiscourse has a poll authorization bypass via post_id array parameterEPSS 0.2%CVE-2025-31259HIGHA privacy issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS EPSS 0.2%CVE-2025-12741HIGHArbitrary File Write in Denodo dialect of Looker allows Remote Code ExecutionEPSS 0.2%CVE-2025-12740HIGHRemote Command Execution in Looker via IBM DB2 JDBC driveEPSS 0.2%CVE-2025-61084HIGHMDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle brackets (<>) in the From: header of SMTP DATA. EPSS 0.2%CVE-2023-2264MEDIUMImproper input validition could lead to code injectionEPSS 0.2%