Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-1188 | Insecure Default Initialization of Resource The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure. | 3 | 32 | 63 | 47 | 145 | |
CWE-922 | Insecure Storage of Sensitive Information The software stores sensitive information without properly limiting read or write access by unauthorized actors. | 31 | 75 | 31 | 6 | 143 | |
CWE-19 | Data Processing Errors Weaknesses in this category are typically found in functionality that processes data. | 1 | 45 | 75 | 20 | 141 | |
CWE-640 | Weak Password Recovery Mechanism for Forgotten Password The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. | 1 | 22 | 65 | 50 | 138 | |
CWE-425 | Direct Request ('Forced Browsing') The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files. | 2 | 51 | 58 | 25 | 136 | |
CWE-255 | Credentials Management Weaknesses in this category are related to the management of credentials. | 4 | 28 | 46 | 49 | 127 | |
CWE-134 | Use of Externally-Controlled Format String The software uses a function that accepts a format string as an argument, but the format string originates from an external source. | 4 | 15 | 66 | 34 | 119 | |
CWE-294 | Authentication Bypass by Capture-replay A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). | 2 | 45 | 60 | 11 | 118 | |
CWE-459 | Incomplete Cleanup The software does not properly clean up and remove temporary or supporting resources after they have been used. | 8 | 69 | 28 | 5 | 110 | |
CWE-824 | Access of Uninitialized Pointer The program accesses or uses a pointer that has not been initialized. | 5 | 29 | 67 | 8 | 109 |