Fallos del tipo CWE-20

4736 resultados
CVE-2025-50492HIGHImproper session invalidation in the component /edms/change-password.php of PHPGurukul e-Diary Management System v1 allows attackers to execEPSS 0.4%CVE-2023-38417MEDIUMImproper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentiaEPSS 0.4%CVE-2020-3577HIGHCisco Firepower Threat Defense Software Inline Pair/Passive Mode Denial of Service VulnerabilityEPSS 0.4%CVE-2016-2781MEDIUMchroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, whiEPSS 0.4%CVE-2025-9014MEDIUMNull Pointer Dereference Vulnerability on TL-WR841NEPSS 0.4%CVE-2017-12336A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the intEPSS 0.4%CVE-2023-6738MEDIUMPageLayer <= 1.7.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via meta fieldsEPSS 0.4%CVE-2024-1854MEDIUMEssential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.4%CVE-2026-4860MEDIUM648540858 wvp-GB28181-pro API Endpoint RedisTemplateConfig.java GenericFastJsonRedisSerializer deserializationEPSS 0.4%CVE-2021-39252MEDIUMA crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.EPSS 0.4%CVE-2024-52982HIGHAnimate | Improper Input Validation (CWE-20)EPSS 0.4%CVE-2025-5114MEDIUMeasysoft zentaopms Editor index.php edit deserializationEPSS 0.4%CVE-2025-1385HIGHFail input validation in clickhouse-library-bridge API could lead to RCE under specific configurationEPSS 0.4%CVE-2024-27241MEDIUMZoom Apps and SDKs - Improper Input ValidationEPSS 0.4%CVE-2019-12694MEDIUMCisco Firepower Threat Defense Software Command Injection VulnerabilityEPSS 0.4%CVE-2021-33287MEDIUMIn NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow cEPSS 0.4%CVE-2024-45871MEDIUMBandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting in denial of service (DOS).EPSS 0.4%CVE-2017-12255A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerabilitEPSS 0.4%CVE-2024-47934MEDIUMTXOne Networks Portable Inspector Management Program Improper Input Validation VulnerabilityEPSS 0.4%CVE-2022-40502HIGHImproper input validation in WLAN HostEPSS 0.4%