Weaknesses of type CWE-20
4,754 resultsCVE-2026-49214MEDIUMguzzlehttp/psr7 has CRLF Injection via URI Host ComponentEPSS 0.2%CVE-2022-4573MEDIUM
An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privilegEPSS 0.2%CVE-2024-27378MEDIUMAn issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_EPSS 0.2%CVE-2026-4438MEDIUMgethostbyaddr and gethostbyaddr_r return invalid DNS hostnamesEPSS 0.2%CVE-2023-40394LOWThe issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be abEPSS 0.2%CVE-2025-5173MEDIUMHumanSignal label-studio-ml-backend PT File neural_nets.py load deserializationEPSS 0.2%CVE-2025-35990HIGHImproper input validation for some Intel Endpoint Management Assistant (EMA) software before version 1.14.5 within Ring 3: User ApplicationsEPSS 0.2%CVE-2025-30442HIGHThe issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7EPSS 0.2%CVE-2023-44110—Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability.EPSS 0.2%CVE-2026-5887MEDIUMInsufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to bypaEPSS 0.2%CVE-2022-30542HIGHImproper input validation in the firmware for some Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System EPSS 0.2%CVE-2022-42477MEDIUMAn improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may EPSS 0.2%CVE-2024-21871HIGHImproper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privEPSS 0.2%CVE-2026-14137MEDIUMInsufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who coEPSS 0.2%CVE-2024-0127HIGHNVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of thEPSS 0.2%CVE-2026-7993MEDIUMInsufficient validation of untrusted input in Payments in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had EPSS 0.2%CVE-2026-11251LOWInsufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised thEPSS 0.2%CVE-2026-11240LOWInsufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised tEPSS 0.2%CVE-2025-54564HIGHuploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution EPSS 0.2%CVE-2026-7947MEDIUMInsufficient validation of untrusted input in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised EPSS 0.2%