Falhas do tipo CWE-20
4.750 resultadosCVE-2026-33758CRITICALOpenBao has Reflected XSS in its OIDC authentication error messageEPSS 0.3%CVE-2025-15035MEDIUMArbitrary File Deletion Vulnerability in TP-Link Archer AXE75EPSS 0.3%CVE-2026-11027MEDIUMInsufficient validation of untrusted input in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised theEPSS 0.3%CVE-2024-24984MEDIUMImproper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated useEPSS 0.3%CVE-2026-11045MEDIUMInsufficient validation of untrusted input in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the EPSS 0.3%CVE-2026-10970HIGHInsufficient validation of untrusted input in InterestGroups in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had comprEPSS 0.3%CVE-2026-41042CRITICALApache Gravitino: Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameterEPSS 0.3%CVE-2024-4353MEDIUMStored XSS in Generate Board Name Input FieldEPSS 0.3%CVE-2026-15105MEDIUMdavenardella snap7 ReadVar Request s7_server.cpp PerformFunctionRead deserializationEPSS 0.3%CVE-2024-32048MEDIUMImproper input validation in the Intel(R) Distribution of OpenVINO(TM) Model Server software before version 2024.0 may allow an unauthenticaEPSS 0.3%CVE-2026-10969HIGHInsufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromisEPSS 0.3%CVE-2021-26331—AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbiEPSS 0.3%CVE-2020-3166MEDIUMCisco FXOS Software CLI Arbitrary File Read and Write VulnerabilityEPSS 0.3%CVE-2026-13911MEDIUMInsufficient policy enforcement in Spellcheck in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the rendEPSS 0.3%CVE-2026-4755CRITICALCWE-20 in MolotovCherry Android-ImageMagick7EPSS 0.3%CVE-2025-63783HIGHA Broken Object Level Authorization (BOLA) vulnerability was discovered in the tRPC project mutation APIs (update, delete, add/remove tag) oEPSS 0.3%CVE-2025-24501MEDIUMAn improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request.EPSS 0.3%CVE-2026-10981MEDIUMInsufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised tEPSS 0.3%CVE-2026-39410MEDIUMHono has a non-breaking space prefix bypass in cookie name handling in getCookie()EPSS 0.3%CVE-2021-46771—Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by EPSS 0.3%