Fallos del tipo CWE-20

4749 resultados
CVE-2025-8414CRITICALZigbee Green Power Host Buffer Overflow VulnerabilityEPSS 0.2%CVE-2025-41257MEDIUMSuprema BioStar 2 Insecure Password ChangeEPSS 0.2%CVE-2026-23840CRITICALMovary vulnerable to Cross-site Scripting with `?categoryDeleted=` paramEPSS 0.2%CVE-2026-56762MEDIUMHono - Missing Cookie Name Validation in setCookie()EPSS 0.2%CVE-2022-33894HIGHImproper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of EPSS 0.2%CVE-2026-14038CRITICALInsufficient validation of untrusted input in New Tab Page in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromEPSS 0.2%CVE-2026-4982HIGHUnauthorized access to chat contentsEPSS 0.2%CVE-2024-25743HIGHIn the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGEPSS 0.2%CVE-2026-48720HIGHWarp: SSH remote output can lead to local file overwrite and persistenceEPSS 0.2%CVE-2026-20254MEDIUMInformation Disclosure through External Content Restriction Bypass in Splunk EnterpriseEPSS 0.2%CVE-2026-14021MEDIUMInsufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised thEPSS 0.2%CVE-2026-8000HIGHInsufficient validation of untrusted input in ChromeDriver in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to eEPSS 0.2%CVE-2026-45137HIGHAnchor: Program<'info, System> is not properly validatedEPSS 0.2%CVE-2021-25441Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q(10.0) and above allows untrusted applicatiEPSS 0.2%CVE-2026-12009HIGHInsufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who haEPSS 0.2%CVE-2026-23887MEDIUMGroup-Office has stored XSS vulnerability via unsanitized filenamesEPSS 0.2%CVE-2026-3620MEDIUMWord Replacer <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Replacement' ParameterEPSS 0.2%CVE-2025-55006MEDIUMFrappe Learning Holds Potential for Malicious SVG Upload in Image Upload FeatureEPSS 0.2%CVE-2021-4212MEDIUMA potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacEPSS 0.2%CVE-2026-20255MEDIUMImproper Input Validation through Classic Dashboards in Splunk EnterpriseEPSS 0.2%