Fallos del tipo CWE-20
4693 resultadosCVE-2021-29431HIGHSSRF in Sydent due to missing validation of hostnamesEPSS 1.2%CVE-2025-27212CRITICALAn Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi AccesEPSS 1.2%CVE-2022-46363HIGHApache CXF directory listing / code exfiltrationEPSS 1.2%CVE-2026-27953HIGHormar has a Pydantic Validation Bypass via Kwargs Injection in Model ConstructorEPSS 1.2%CVE-2021-20222—A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highesEPSS 1.2%CVE-2021-31372HIGHJunos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root.EPSS 1.2%CVE-2023-2454HIGHschema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attackeEPSS 1.2%CVE-2022-24905MEDIUMArgo CD login screen allows message spoofing if SSO is enabledEPSS 1.2%CVE-2021-39193MEDIUMTransaction validity oversight in pallet-ethereumEPSS 1.2%CVE-2021-4125—It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as EPSS 1.2%CVE-2023-35619MEDIUMMicrosoft Outlook for Mac Spoofing VulnerabilityEPSS 1.2%CVE-2018-10908MEDIUMIt was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafEPSS 1.2%CVE-2022-24846CRITICALUnchecked JNDI lookups in GeoWebCacheEPSS 1.2%CVE-2023-28330MEDIUMMoodle: authenticated arbitrary file read through malformed backup fileEPSS 1.2%CVE-2022-39353CRITICALxmldom allows multiple root nodes in a DOMEPSS 1.2%CVE-2025-34099CRITICALVICIdial vicidial_sales_viewer.php Unauthenticated Command Injection via Basic Auth PasswordEPSS 1.2%CVE-2022-29897CRITICALRemote Code Execution in all versions of various RAD-ISM-900-EN-* devices by PHOENIX CONTACTEPSS 1.2%CVE-2025-12543CRITICALUndertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrfEPSS 1.2%CVE-2020-7823HIGHDaviewIndy Multiple VulnerabilitiesEPSS 1.2%CVE-2024-29831HIGHApache DolphinScheduler: RCE by arbitrary js executionEPSS 1.2%