Fallos del tipo CWE-20

4583 resultados
CVE-2024-30040HIGHWindows MSHTML Platform Security Feature Bypass VulnerabilityEPSS 3.9%KEVCVE-2020-11008MEDIUMMalicious URLs can still cause Git to send a stored credential to the wrong serverEPSS 3.9%CVE-2018-0287A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remoteEPSS 3.9%CVE-2022-21668HIGHPipenv's requirements.txt parsing allows malicious index url in commentsEPSS 3.9%CVE-2016-9577HIGHA vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messaEPSS 3.8%CVE-2018-8850Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input properly, allowing an attacker to crEPSS 3.8%CVE-2019-1753HIGHCisco IOS XE Software Privilege Escalation VulnerabilityEPSS 3.8%CVE-2018-0467Cisco IOS and IOS XE Software IPv6 Hop-by-Hop Options Denial of Service VulnerabilityEPSS 3.8%CVE-2017-12277A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300EPSS 3.8%CVE-2018-0104A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute aEPSS 3.8%CVE-2019-1756HIGHCisco IOS XE Software Command Injection VulnerabilityEPSS 3.8%CVE-2021-21085HIGHAdobe Connect CSV injection via export feature could lead to code executionEPSS 3.7%CVE-2025-61812HIGHColdFusion | Improper Input Validation (CWE-20)EPSS 3.7%CVE-2025-34161CRITICALCoolify Git Repository Field Command Injection in Project Deployment WorkflowEPSS 3.7%CVE-2017-14023An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versiEPSS 3.7%CVE-2020-10922HIGHThis vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-MORE HMI EA9 Firmware versEPSS 3.7%CVE-2021-21372HIGHNimble arbitrary code execution for specially crafted package metadataEPSS 3.6%CVE-2018-0228A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remoteEPSS 3.6%CVE-2023-5143MEDIUMD-Link DAR-7000 webmailattach.php Privilege EscalationEPSS 3.6%CVE-2017-16226The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to acceEPSS 3.6%