Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-1188 Insecure Default Initialization of Resource
The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
 3 33 63 47 146
CWE-922 Insecure Storage of Sensitive Information
The software stores sensitive information without properly limiting read or write access by unauthorized actors.
 31 75 30 6 142
CWE-19 Data Processing Errors
Weaknesses in this category are typically found in functionality that processes data.
 1 45 75 20 141
CWE-425 Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
 2 54 58 26 140
CWE-640 Weak Password Recovery Mechanism for Forgotten Password
The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
 1 22 66 50 139
CWE-255 Credentials Management
Weaknesses in this category are related to the management of credentials.
 4 28 46 49 127
CWE-459 Incomplete Cleanup
The software does not properly clean up and remove temporary or supporting resources after they have been used.
 8 75 33 5 121
CWE-134 Use of Externally-Controlled Format String
The software uses a function that accepts a format string as an argument, but the format string originates from an external source.
 4 15 66 34 119
CWE-294 Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
 2 45 60 11 118
CWE-824 Access of Uninitialized Pointer
The program accesses or uses a pointer that has not been initialized.
 5 30 68 8 111