Fallos del tipo CWE-20

4737 resultados
CVE-2025-22235HIGHSpring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposedEPSS 0.4%CVE-2024-2226MEDIUMOtter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.4%CVE-2024-52593MEDIUMMissing validation allows spoofed "origin" links in MisskeyEPSS 0.4%CVE-2017-12286A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from EPSS 0.4%CVE-2026-25722HIGHClaude Code Vulnerable to Command Injection via Directory Change Bypasses Write ProtectionEPSS 0.4%CVE-2026-7803CRITICALFlow Validation Bypass via Empty Component Type FieldEPSS 0.4%CVE-2025-26702MEDIUMImproper Input Validation vulnerability in ZTE GoldenDB allows Input Data Manipulation.This issue affects GoldenDB: from 6.1.03 through 6.1.EPSS 0.4%CVE-2025-60537MEDIUMImproper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute EPSS 0.4%CVE-2025-61235CRITICALAn issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields cEPSS 0.4%CVE-2025-31135MEDIUMGo-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple timesEPSS 0.4%CVE-2025-29150MEDIUMBlueCMS 1.6 suffers from Arbitrary File Deletion via the id parameter in an /publish.php?act=del request.EPSS 0.4%CVE-2024-2650MEDIUMEssential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.4%CVE-2017-12252A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attacEPSS 0.4%CVE-2026-49444HIGHn8n: Python sandbox escapeEPSS 0.4%CVE-2026-42809CRITICALApache Polaris: staged table creation could vend storage credentials for unvalidated locationsEPSS 0.4%CVE-2025-32076MEDIUMEvil regex used to process user-provided data in VisualDataEPSS 0.4%CVE-2025-32075MEDIUMIP and user agent leaks in Extension:TabsEPSS 0.4%CVE-2025-69232LOWfree5GC hasProtocol Compliance Violation in UPF Leading to SMF Service DisruptionEPSS 0.4%CVE-2026-5500HIGHImproper Validation of AES-GCM Authentication Tag Length in PKCS#7 Envelope Allows Authentication BypassEPSS 0.4%CVE-2026-20643MEDIUMA cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security ImprovemEPSS 0.4%