Fallos del tipo CWE-20

4743 resultados
CVE-2026-35038LOWsignalk-server: Arbitrary Prototype Read via `from` Field BypassEPSS 0.3%CVE-2026-21677HIGHiccDEV has Undefined Behavior in CIccCLUT::Init()EPSS 0.3%CVE-2026-10968HIGHInsufficient validation of untrusted input in Dawn in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compEPSS 0.3%CVE-2026-11013MEDIUMInsufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised EPSS 0.3%CVE-2026-10992MEDIUMInsufficient data validation in Animation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive EPSS 0.3%CVE-2026-21692HIGHiccDEV has Type Confusion in ToXmlCurve() at IccXML/IccLibXML/IccMpeXml.cppEPSS 0.3%CVE-2026-4519HIGHwebbrowser.open() allows leading dashes in URLsEPSS 0.3%CVE-2026-32990MEDIUMApache Tomcat: Fix for CVE-2025-66614 is incompleteEPSS 0.3%CVE-2026-32168HIGHAzure Monitor Agent Elevation of Privilege VulnerabilityEPSS 0.3%CVE-2021-0072MEDIUMImproper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in WinEPSS 0.3%CVE-2020-11850HIGHCross site scripting vulnerability in Self Service Password ResetEPSS 0.3%CVE-2026-10917HIGHInsufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised thEPSS 0.3%CVE-2026-10920HIGHInsufficient validation of untrusted input in WebShare in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compEPSS 0.3%CVE-2026-55993HIGHApache Camel Atmosphere Websocket: The inbound consumer maps externally-supplied WebSocket query parameters into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headers - enabling influencing internal behaviourEPSS 0.3%CVE-2026-44518MEDIUMliboqs: XMSS Buffer Overread BugEPSS 0.3%CVE-2022-27835HIGHImproper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write.EPSS 0.3%CVE-2026-10911HIGHInsufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised thEPSS 0.3%CVE-2025-27599MEDIUMElement X Android vulnerable to loading malicious web pages via received intentEPSS 0.3%CVE-2024-12353MEDIUMSourceCodester Phone Contact Manager System User Menu MenuDisplayStart input validationEPSS 0.3%CVE-2026-28907HIGHThe issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOEPSS 0.3%