Weaknesses of type CWE-20

4,757 results
CVE-2025-52620MEDIUMHCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-3677MEDIUMlm-sys fastchat apply_delta.py apply_delta_low_cpu_mem deserializationEPSS 0.2%CVE-2024-40458HIGHAn issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets.EPSS 0.2%CVE-2023-26587HIGHImproper input validation for the Intel(R) Easy Streaming Wizard software may allow an authenticated user to potentially enable escalation oEPSS 0.2%CVE-2023-21498MEDIUMImproper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to oEPSS 0.2%CVE-2024-52051HIGHA vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17EPSS 0.2%CVE-2024-21863MEDIUMDsoftbus has an improper input validation vulnerabilityEPSS 0.2%CVE-2023-33014HIGHImproper Input Validation in ServicesEPSS 0.2%CVE-2022-34657MEDIUMImproper input validation in firmware for some Intel(R) PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enablEPSS 0.2%CVE-2024-33611MEDIUMImproper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow a privileged user to poEPSS 0.2%CVE-2026-44379MEDIUMMISP: Improper UUID validation in MISP CollectionsEPSS 0.2%CVE-2026-0903MEDIUMInappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous fEPSS 0.2%CVE-2025-12908MEDIUMInsufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perfEPSS 0.2%CVE-2026-11701MEDIUMInappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a cEPSS 0.2%CVE-2026-53537LOWPython-Multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parametersEPSS 0.2%CVE-2021-25413Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to acEPSS 0.2%CVE-2022-28126MEDIUMImproper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to poEPSS 0.2%CVE-2026-51598MEDIUMAn input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build 230306 Rel.79931n) allows an unauthenticateEPSS 0.2%CVE-2023-34086HIGHImproper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via lEPSS 0.2%CVE-2026-28421MEDIUMVim has a heap-buffer-overflow and a segmentation faultEPSS 0.2%