Categories
| CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
|---|---|---|---|---|---|---|---|
| CWE-1188 | Insecure Default Initialization of Resource The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure. | 3 | 30 | 63 | 46 | 142 | |
| CWE-19 | Data Processing Errors Weaknesses in this category are typically found in functionality that processes data. | 1 | 45 | 75 | 20 | 141 | |
| CWE-922 | Insecure Storage of Sensitive Information The software stores sensitive information without properly limiting read or write access by unauthorized actors. | 30 | 71 | 30 | 6 | 137 | |
| CWE-425 | Direct Request ('Forced Browsing') The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files. | 2 | 51 | 57 | 26 | 136 | |
| CWE-640 | Weak Password Recovery Mechanism for Forgotten Password The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. | 1 | 22 | 64 | 48 | 135 | |
| CWE-255 | Credentials Management Weaknesses in this category are related to the management of credentials. | 4 | 28 | 46 | 49 | 127 | |
| CWE-134 | Use of Externally-Controlled Format String The software uses a function that accepts a format string as an argument, but the format string originates from an external source. | 4 | 15 | 66 | 34 | 119 | |
| CWE-294 | Authentication Bypass by Capture-replay A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). | 2 | 45 | 59 | 11 | 117 | |
| CWE-459 | Incomplete Cleanup The software does not properly clean up and remove temporary or supporting resources after they have been used. | 8 | 64 | 32 | 5 | 109 | |
| CWE-1284 | Improper Validation of Specified Quantity in Input The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. | 2 | 34 | 59 | 13 | 108 |