Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-1188 Insecure Default Initialization of Resource
The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
 3 29 64 46 142
CWE-19 Data Processing Errors
Weaknesses in this category are typically found in functionality that processes data.
 1 45 75 20 141
CWE-425 Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
 2 51 56 25 134
CWE-640 Weak Password Recovery Mechanism for Forgotten Password
The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
 1 22 64 47 134
CWE-922 Insecure Storage of Sensitive Information
The software stores sensitive information without properly limiting read or write access by unauthorized actors.
 30 64 29 6 129
CWE-255 Credentials Management
Weaknesses in this category are related to the management of credentials.
 4 28 46 49 127
CWE-134 Use of Externally-Controlled Format String
The software uses a function that accepts a format string as an argument, but the format string originates from an external source.
 4 15 66 34 119
CWE-294 Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
 2 43 59 11 115
CWE-1284 Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
 2 33 59 13 107
CWE-824 Access of Uninitialized Pointer
The program accesses or uses a pointer that has not been initialized.
 5 28 63 8 104