Weaknesses of type CWE-20
4,753 resultsCVE-2025-27537MEDIUMImproper input validation for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an autheEPSS 0.2%CVE-2026-11682HIGHInappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker who had compromised the reEPSS 0.2%CVE-2023-31008HIGHNVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vuEPSS 0.2%CVE-2023-22379MEDIUMImproper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information dEPSS 0.2%CVE-2022-4574MEDIUM
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated prEPSS 0.2%CVE-2026-36175MEDIUMAn issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access viaEPSS 0.2%CVE-2026-7931MEDIUMInsufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker to perform UI spoEPSS 0.2%CVE-2026-8007HIGHInsufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised theEPSS 0.2%CVE-2026-14089MEDIUMInsufficient validation of untrusted input in PopupBlocker in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromEPSS 0.2%CVE-2023-21501HIGHImproper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitraryEPSS 0.2%CVE-2023-2961LOWA segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability.EPSS 0.2%CVE-2026-14020MEDIUMInsufficient validation of untrusted input in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised thEPSS 0.2%CVE-2026-7998MEDIUMInsufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised tEPSS 0.2%CVE-2026-5919MEDIUMInsufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromisEPSS 0.2%CVE-2026-15122HIGHInsufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had cEPSS 0.2%CVE-2026-21690MEDIUMiccDEV has Type Confusion in CIccTagXmlTagData::ToXml()EPSS 0.2%CVE-2026-11199MEDIUMInappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to leak EPSS 0.2%CVE-2026-49214MEDIUMguzzlehttp/psr7 has CRLF Injection via URI Host ComponentEPSS 0.2%CVE-2024-27378MEDIUMAn issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_EPSS 0.2%CVE-2022-4573MEDIUM
An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privilegEPSS 0.2%