Fallos del tipo CWE-20
4737 resultadosCVE-2024-2867MEDIUMPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.4 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.4%CVE-2025-71003HIGHAn input validation vulnerability in the flow.arange() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via aEPSS 0.4%CVE-2023-5421LOW Possible XSS execution in customer information EPSS 0.4%CVE-2025-9207MEDIUMTI WooCommerce Wishlist <= 2.10.0 - Unauthenticated HTML InjectionEPSS 0.4%CVE-2024-39780HIGHUse of unsafe yaml load in dynparamEPSS 0.4%CVE-2026-34685LOWAdobe Commerce | Improper Input Validation (CWE-20)EPSS 0.4%CVE-2025-30649HIGHJunos OS: MX240, MX480, MX960 with SPC3: An attacker sending specific packets will cause a CPU utilization DoS.EPSS 0.4%CVE-2023-46047HIGHAn issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: EPSS 0.4%CVE-2026-26062HIGHFleet server may terminate unexpectedly when handling certain gRPC requestsEPSS 0.4%CVE-2023-24304HIGHImproper input validation in the PDF.dll plugin of IrfanView v4.60 allows attackers to execute arbitrary code via opening a crafted PDF fileEPSS 0.4%CVE-2026-45556CRITICALRoxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`EPSS 0.4%CVE-2023-48425CRITICALU-Boot vulnerability resulting in persistent Code Execution EPSS 0.4%CVE-2025-34072CRITICALAnthropic Slack MCP Server Data Exfiltration via Link UnfurlingEPSS 0.4%CVE-2026-41654MEDIUMWeblate is Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_urlEPSS 0.4%CVE-2025-20389MEDIUMImproper Input Validation in "label" column field in Splunk Secure Gateway AppEPSS 0.4%CVE-2026-39868CRITICALThis issue was addressed with improved input validation. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app mayEPSS 0.4%CVE-2024-33996MEDIUMmoodle: broken access control when setting calendar event typeEPSS 0.4%CVE-2025-15375MEDIUMEyouCMS arcpagelist Ajax.php unserialize deserializationEPSS 0.4%CVE-2026-35081HIGHArbitrary process termination vulnerability in method ugw-logstopEPSS 0.4%CVE-2023-4552MEDIUMJava Database Connectivity (JDBC) URL ManipulationEPSS 0.4%