Weaknesses of type CWE-20

4,758 results
CVE-2023-29495HIGHImproper input validation for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalatioEPSS 0.2%CVE-2024-33659MEDIUMBiosGuard Buffer Overflow and TOCTOU VulnerabilityEPSS 0.2%CVE-2026-21487MEDIUMiccDEV has Out-of-bounds Read, Use of Out-of-range Pointer Offset and Improper Input ValidationEPSS 0.2%CVE-2025-11143LOWThe Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs EPSS 0.2%CVE-2026-11273MEDIUMInsufficient validation of untrusted input in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a userEPSS 0.2%CVE-2025-55301MEDIUMThe Scratch Channel Allows Username ModificationEPSS 0.2%CVE-2026-1225LOWMalicious logback.xml configuration file allows instantiation of arbitrary classesEPSS 0.2%CVE-2023-30559MEDIUMWireless Card Firmware Improperly SignedEPSS 0.2%CVE-2025-46836MEDIUMnet-tools Stack-based Buffer Overflow vulnerabilityEPSS 0.2%CVE-2023-31339MEDIUMImproper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform EPSS 0.2%CVE-2024-52880HIGHAn issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before versioEPSS 0.2%CVE-2024-37027MEDIUMImproper Input validation in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentiallEPSS 0.2%CVE-2026-35380MEDIUMuutils coreutils cut Local Logic Error and Data Integrity Issue in Delimiter ParsingEPSS 0.2%CVE-2024-8518LOWCWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft 2 application when a specially crafted proEPSS 0.2%CVE-2026-44658LOWZen Browser: RSS Live-Folder Item URLs Are Not Scheme-Restricted Before Trusted Tab CreationEPSS 0.2%CVE-2023-24465MEDIUMCommunication Wi-Fi  subsystem has a null pointer reference vulnerability when receving external data.EPSS 0.2%CVE-2026-43895MEDIUMjq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifactsEPSS 0.2%CVE-2025-68134HIGHEVerest's use of assert functions can potentially lead to denial of serviceEPSS 0.2%CVE-2026-21503MEDIUMiccDEV has Undefined Behavior - Null Pointer Passed to memcpy() in CIccTagSparseMatrixArrayEPSS 0.2%CVE-2026-13434MEDIUMVirt-controller-rhel9: kubevirt: kubevirt: multus default-network annotation injection via unvalidated tenant networkname when externalnetresourceinjection is enabledEPSS 0.2%