Falhas do tipo CWE-20

4.746 resultados
CVE-2025-63095MEDIUMImproper input validation in the BitstreamWriter::write_bits() function of Tempus Ex hello-video-codec v0.1.0 allows attackers to cause a DeEPSS 0.3%CVE-2023-39137An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing.EPSS 0.3%CVE-2026-32735LOWUnpacking Arbitrary Mustache Template Files via `maven-dependency-plugin`EPSS 0.3%CVE-2021-20268An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF scrEPSS 0.3%CVE-2026-3470LOWA vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowiEPSS 0.3%CVE-2026-54133CRITICALjmespath.php has CompilerRuntime code injection via unescaped function namesEPSS 0.3%CVE-2022-21180MEDIUMImproper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local acEPSS 0.3%CVE-2025-66786HIGHOpenAirInterface CN5G AMF<=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send maliEPSS 0.3%CVE-2023-3456Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service cEPSS 0.3%CVE-2024-2751MEDIUMExclusive Addons for Elementor <= 2.6.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBoxEPSS 0.3%CVE-2024-1534MEDIUMBooster for WooCommerce <= 7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via ShortocdeEPSS 0.3%CVE-2021-1233MEDIUMCisco SD-WAN Information Disclosure VulnerabilityEPSS 0.3%CVE-2025-8097MEDIUMWoodMart - Multipurpose WooCommerce Theme <= 8.2.6 - Improper Input Validation Leading to Unauthenticated Cart ManipulationEPSS 0.3%CVE-2026-22047HIGHiccDEV has heap-buffer-overflow in SIccCalcOp::Describe() at IccProfLib/IccMpeCalc.cppEPSS 0.3%CVE-2026-45642LOWMicrosoft Azure Attestation service and Device Health Attestation Service Spoofing VulnerabilityEPSS 0.3%CVE-2026-13921MEDIUMInsufficient validation of untrusted input in DeviceBoundSessionCredentials in Google Chrome prior to 150.0.7871.47 allowed a remote attackeEPSS 0.3%CVE-2026-13926MEDIUMInsufficient validation of untrusted input in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised EPSS 0.3%CVE-2026-14023MEDIUMInsufficient validation of untrusted input in SanitizerAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same EPSS 0.3%CVE-2023-7012HIGHInsufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to instaEPSS 0.3%CVE-2025-3068HIGHInappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege esEPSS 0.3%