Falhas do tipo CWE-20

4.743 resultados
CVE-2024-22271HIGHSpring Cloud Function Web DOS VulnerabilityEPSS 0.4%CVE-2026-6409HIGHDenial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted inputEPSS 0.4%CVE-2024-2513MEDIUMWP Chat App <= 3.6.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Image AttributeEPSS 0.4%CVE-2025-6545CRITICALpbkdf2 silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos supported by Node.jsEPSS 0.4%CVE-2025-26477MEDIUMDell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could poEPSS 0.4%CVE-2025-27388HIGHArbitrary URL Loading in WebView Leading to Token Leakage RiskEPSS 0.4%CVE-2022-1798HIGHPath Traversal vulnerability in KubevirtEPSS 0.4%CVE-2025-9467MEDIUMPossibility to bypass file upload validation on the server-sideEPSS 0.4%CVE-2024-2226MEDIUMOtter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.4%CVE-2025-22235HIGHSpring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposedEPSS 0.4%CVE-2025-58716HIGHWindows Speech Runtime Elevation of Privilege VulnerabilityEPSS 0.4%CVE-2023-47210MEDIUMImproper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user tEPSS 0.4%CVE-2026-22559HIGHAn Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is sociaEPSS 0.4%CVE-2026-7803CRITICALFlow Validation Bypass via Empty Component Type FieldEPSS 0.4%CVE-2017-12286A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from EPSS 0.4%CVE-2024-52593MEDIUMMissing validation allows spoofed "origin" links in MisskeyEPSS 0.4%CVE-2026-25722HIGHClaude Code Vulnerable to Command Injection via Directory Change Bypasses Write ProtectionEPSS 0.4%CVE-2025-26702MEDIUMImproper Input Validation vulnerability in ZTE GoldenDB allows Input Data Manipulation.This issue affects GoldenDB: from 6.1.03 through 6.1.EPSS 0.4%CVE-2025-31135MEDIUMGo-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple timesEPSS 0.4%CVE-2025-60537MEDIUMImproper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute EPSS 0.4%