Weaknesses of type CWE-20

4,753 results
CVE-2025-32067MEDIUMi18n XSS vulnerability in message growthexperimentsEPSS 0.2%CVE-2023-22662MEDIUMImproper input validation of EpsdSrMgmtConfig in UEFI firmware for some Intel(R) Server Board S2600BP products may allow a privileged user tEPSS 0.2%CVE-2026-54299HIGHAstro: Host-header full-read SSRF in core prerendered error-page fetch (prerenderedErrorPageFetch default + unvalidated createRequestFromNodeRequest URL)EPSS 0.2%CVE-2025-32071MEDIUMWikibase CommonsInlineImageFormatter: i18n XSSEPSS 0.2%CVE-2025-32069MEDIUMWikitext stored XSS on filepages due to dangerous WBMI serializationEPSS 0.2%CVE-2026-22567HIGHZIA Admin UI Input Validation BugEPSS 0.2%CVE-2026-33284LOWGlobalLeaks has insufficient URL validation in user support APIEPSS 0.2%CVE-2025-32070MEDIUMXSSes in AJAXPollEPSS 0.2%CVE-2025-32073MEDIUMSystem message XSS in HTMLTagsEPSS 0.2%CVE-2026-8528MEDIUMInsufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had comprEPSS 0.2%CVE-2024-22390MEDIUMImproper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of service.EPSS 0.2%CVE-2025-54368MEDIUMuv is vulnerable to ZIP payload obfuscation through parsing differentialsEPSS 0.2%CVE-2026-11213CRITICALInsufficient validation of untrusted input in Reading Mode in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromEPSS 0.2%CVE-2023-42977HIGHA path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be abEPSS 0.2%CVE-2026-21272HIGHDreamweaver Desktop | Improper Input Validation (CWE-20)EPSS 0.2%CVE-2022-48189MEDIUMAn SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privEPSS 0.2%CVE-2026-8538MEDIUMInsufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised theEPSS 0.2%CVE-2025-31966LOWBoolean-Based SQL Injection in Multiple Unica ComponentsEPSS 0.2%CVE-2026-11237HIGHInsufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised thEPSS 0.2%CVE-2025-52451HIGHImproper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-from-file-upload modEPSS 0.2%