Falhas do tipo CWE-20
4.743 resultadosCVE-2025-60537MEDIUMImproper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute EPSS 0.4%CVE-2017-12252—A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attacEPSS 0.4%CVE-2025-61235CRITICALAn issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields cEPSS 0.4%CVE-2025-31135MEDIUMGo-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple timesEPSS 0.4%CVE-2026-49444HIGHn8n: Python sandbox escapeEPSS 0.4%CVE-2026-42809CRITICALApache Polaris: staged table creation could vend storage credentials for unvalidated locationsEPSS 0.4%CVE-2025-32075MEDIUMIP and user agent leaks in Extension:TabsEPSS 0.4%CVE-2025-32076MEDIUMEvil regex used to process user-provided data in VisualDataEPSS 0.4%CVE-2026-5500HIGHImproper Validation of AES-GCM Authentication Tag Length in PKCS#7 Envelope Allows Authentication BypassEPSS 0.4%CVE-2025-69232LOWfree5GC hasProtocol Compliance Violation in UPF Leading to SMF Service DisruptionEPSS 0.4%CVE-2026-0976LOWOrg.keycloak/keycloak-quarkus-server: keycloak: proxy bypass due to improper handling of matrix parameters in url pathsEPSS 0.4%CVE-2025-3590MEDIUMAdianti Framework deserializationEPSS 0.4%CVE-2026-46910CRITICALVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). SupportedEPSS 0.4%CVE-2022-28329—A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALAEPSS 0.4%CVE-2026-13925HIGHInappropriate implementation in Downloads in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user EPSS 0.4%CVE-2026-20643MEDIUMA cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security ImprovemEPSS 0.4%CVE-2026-45783HIGHlibp2p: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodesEPSS 0.4%CVE-2023-28911MEDIUMArbitrary Channel Disconnection Resulting in Denial of ServiceEPSS 0.4%CVE-2025-0764MEDIUMwpForo Forum <= 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read in updateEPSS 0.4%CVE-2025-0814MEDIUMCWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the network
services running on the product wheEPSS 0.4%