Fallos del tipo CWE-20

4735 resultados
CVE-2024-37777HIGHO2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function.EPSS 0.5%CVE-2024-45236HIGHAn issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync oEPSS 0.5%CVE-2025-1734MEDIUMStreams HTTP wrapper does not fail for headers with invalid name and no colonEPSS 0.5%CVE-2024-4003MEDIUMEssential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.5%CVE-2020-26193HIGHDell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilEPSS 0.5%CVE-2022-37395HIGHA Huawei device has an input verification vulnerability. Successful exploitation of this vulnerability may lead to DoS attacks.Affected prodEPSS 0.5%CVE-2026-2391MEDIUMqs's arrayLimit bypass in comma parsing allows denial of serviceEPSS 0.5%CVE-2023-29454MEDIUMPersistent XSS in the user formEPSS 0.5%CVE-2022-39376LOWImproper input validation on emails links in GLPIEPSS 0.5%CVE-2026-33936MEDIUMpython-ecdsa: Denial of Service via improper DER length validation in crafted private keysEPSS 0.5%CVE-2022-34885HIGHAn improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbEPSS 0.5%CVE-2022-23814MEDIUMFailure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confideEPSS 0.5%CVE-2025-66918HIGHedoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting (XSS) in admin/add-session.php via the "title" parameter.EPSS 0.5%CVE-2025-47281HIGHKyverno's Improper JMESPath Variable Evaluation Leads to Denial of ServiceEPSS 0.5%CVE-2024-9348HIGHDocker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build viewEPSS 0.5%CVE-2022-48356The facial recognition module has a vulnerability in input parameter verification. Successful exploitation of this vulnerability may cause fEPSS 0.5%CVE-2026-25514HIGHFacturaScripts has SQL Injection vulnerability in Autocomplete ActionsEPSS 0.5%CVE-2026-25513HIGHFacturaScripts has SQL Injection vulnerability in API ORDER BY ClauseEPSS 0.5%CVE-2025-3413MEDIUMopplus springboot-admin SysGeneratorController.java code deserializationEPSS 0.5%CVE-2026-7195HIGHCWE-20: Improper Input Validation in web services in Progress SitefinityEPSS 0.5%