Fallos del tipo CWE-20

4736 resultados
CVE-2026-33287HIGHLiquidJS has Exponential Memory Amplification through its replace_first Filter $& PatternEPSS 0.5%CVE-2025-1113MEDIUMtaisan tarzan-cms Add Theme admin#themes upload deserializationEPSS 0.5%CVE-2025-9287CRITICALMissing type checks leading to hash rewind and passing on crafted dataEPSS 0.5%CVE-2025-15566HIGHingress-nginx auth-proxy-set-headers nginx configuration injectionEPSS 0.5%CVE-2020-3206MEDIUMCisco IOS XE Software Catalyst 9800 Series Wireless Controllers Denial of Service VulnerabilityEPSS 0.5%CVE-2024-37917HIGHPexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a EPSS 0.5%CVE-2023-4550HIGHUnauthenticated Arbitrary File ReadEPSS 0.5%CVE-2023-29456MEDIUMInefficient URL schema validationEPSS 0.5%CVE-2021-33155MEDIUMImproper input validation in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 mayEPSS 0.5%CVE-2024-37794HIGHImproper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT2 input file.EPSS 0.5%CVE-2025-27494CRITICALA vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < VEPSS 0.5%CVE-2025-6709HIGHPre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC AuthenticationEPSS 0.5%CVE-2021-0267HIGHJunos OS: Receipt of a crafted DHCP packet will cause the jdhcpd DHCP service to core.EPSS 0.5%CVE-2024-50343LOWIncorrect response from Validator when input ends with `\n` in symfony/validatorEPSS 0.5%CVE-2025-21370HIGHWindows Virtualization-Based Security (VBS) Enclave Elevation of Privilege VulnerabilityEPSS 0.5%CVE-2024-25656MEDIUMImproper input validation in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS can result in unauthenticated CPE (Customer PremisEPSS 0.5%CVE-2023-23409MEDIUMClient Server Run-Time Subsystem (CSRSS) Information Disclosure VulnerabilityEPSS 0.5%CVE-2025-66921HIGHA Cross-site scripting (XSS) vulnerability in Create/Update Item(s) Module in Open Source Point of Sale v3.4.1 allows remote attackers to inEPSS 0.5%CVE-2025-66923HIGHA Cross-site scripting (XSS) vulnerability in Create/Update Customer(s) in Open Source Point of Sale v3.4.1 allows remote attackers to injecEPSS 0.5%CVE-2023-32463LOW Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticateEPSS 0.5%