Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
5790 18796 110 119 24815
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
155 3918 2534 4458 11065
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
20 2370 6273 1796 10459
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
531 5028 2210 1086 8855
CWE-787 Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.
79 3043 3588 1591 8301
CWE-200 Information Exposure
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
1494 5254 348 60 7156
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
134 3397 1399 499 5429
CWE-125 Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.
445 3257 1057 282 5041
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
62 3581 1325 39 5007
CWE-264 Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
415 2506 1191 698 4810