Fallos del tipo CWE-20

4743 resultados
CVE-2025-10433MEDIUM1Panel-dev MaxKB debug deserializationEPSS 0.3%CVE-2024-5439MEDIUMBlocksy <= 2.0.50 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2026-34525MEDIUMAIOHTTP: Duplicate Host header acceptedEPSS 0.3%CVE-2026-34445HIGHONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.EPSS 0.3%CVE-2025-10950MEDIUMgeyang ml-logger Ping server.py log_handler deserializationEPSS 0.3%CVE-2025-10965MEDIUMLazyAGI LazyLLM server.py lazyllm_call deserializationEPSS 0.3%CVE-2025-10974MEDIUMgiantspatula SewKinect Endpoint calculate pickle.loads deserializationEPSS 0.3%CVE-2025-10975MEDIUMGuanxingLu vlarl ZeroMQ reasoning_server.py run_reasoning_server deserializationEPSS 0.3%CVE-2026-46585HIGHApache Camel Lucene: The query control headers used non-Camel-prefixed names (QUERY, RETURN_LUCENE_DOCS) that bypass the HTTP header filter, allowing an HTTP client to inject the full-text search queryEPSS 0.3%CVE-2026-33758CRITICALOpenBao has Reflected XSS in its OIDC authentication error messageEPSS 0.3%CVE-2025-58175MEDIUMGeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity ResolutionEPSS 0.3%CVE-2025-15035MEDIUMArbitrary File Deletion Vulnerability in TP-Link Archer AXE75EPSS 0.3%CVE-2024-4353MEDIUMStored XSS in Generate Board Name Input FieldEPSS 0.3%CVE-2020-3166MEDIUMCisco FXOS Software CLI Arbitrary File Read and Write VulnerabilityEPSS 0.3%CVE-2026-10969HIGHInsufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromisEPSS 0.3%CVE-2024-24984MEDIUMImproper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated useEPSS 0.3%CVE-2026-11045MEDIUMInsufficient validation of untrusted input in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the EPSS 0.3%CVE-2026-11027MEDIUMInsufficient validation of untrusted input in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised theEPSS 0.3%CVE-2024-32048MEDIUMImproper input validation in the Intel(R) Distribution of OpenVINO(TM) Model Server software before version 2024.0 may allow an unauthenticaEPSS 0.3%CVE-2021-26331AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbiEPSS 0.3%