Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-281 | Improper Preservation of Permissions The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended. | 17 | 99 | 49 | 7 | 172 | |
CWE-428 | Unquoted Search Path or Element The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. | 3 | 72 | 84 | 3 | 162 | |
CWE-824 | Access of Uninitialized Pointer The program accesses or uses a pointer that has not been initialized. | 13 | 74 | 65 | 7 | 159 | |
CWE-917 | Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. | 0 | 15 | 14 | 123 | 152 | |
CWE-521 | Weak Password Requirements The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts. | 9 | 63 | 47 | 32 | 151 | |
CWE-88 | Argument Injection or Modification The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string. | 5 | 45 | 62 | 37 | 149 | |
CWE-667 | Improper Locking The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. | 10 | 92 | 44 | 3 | 149 | |
CWE-640 | Weak Password Recovery Mechanism for Forgotten Password The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. | 4 | 87 | 41 | 11 | 143 | |
CWE-610 | Externally Controlled Reference to a Resource in Another Sphere The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere. | 28 | 54 | 44 | 10 | 136 | |
CWE-1188 | Insecure Default Initialization of Resource The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure. | 8 | 42 | 36 | 39 | 125 |