Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-1188 Insecure Default Initialization of Resource
The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
 3 32 63 47 145
CWE-922 Insecure Storage of Sensitive Information
The software stores sensitive information without properly limiting read or write access by unauthorized actors.
 31 75 31 6 143
CWE-19 Data Processing Errors
Weaknesses in this category are typically found in functionality that processes data.
 1 45 75 20 141
CWE-640 Weak Password Recovery Mechanism for Forgotten Password
The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
 1 22 65 50 138
CWE-425 Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
 2 51 58 25 136
CWE-255 Credentials Management
Weaknesses in this category are related to the management of credentials.
 4 28 46 49 127
CWE-134 Use of Externally-Controlled Format String
The software uses a function that accepts a format string as an argument, but the format string originates from an external source.
 4 15 66 34 119
CWE-294 Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
 2 45 60 11 118
CWE-459 Incomplete Cleanup
The software does not properly clean up and remove temporary or supporting resources after they have been used.
 8 69 28 5 110
CWE-824 Access of Uninitialized Pointer
The program accesses or uses a pointer that has not been initialized.
 5 29 67 8 109