Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-922 | Insecure Storage of Sensitive Information The software stores sensitive information without properly limiting read or write access by unauthorized actors. | 43 | 58 | 16 | 3 | 120 | |
CWE-294 | Authentication Bypass by Capture-replay A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). | 8 | 62 | 35 | 13 | 118 | |
CWE-17 | Code Weaknesses in this category are typically introduced during code development, including specification, design, and implementation. | 12 | 73 | 22 | 8 | 115 | |
CWE-425 | Direct Request ('Forced Browsing') The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files. | 3 | 73 | 27 | 11 | 114 | |
CWE-1284 | Improper Validation of Specified Quantity in Input The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. | 3 | 36 | 53 | 12 | 104 | |
CWE-285 | Improper Authorization The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. | 6 | 60 | 20 | 15 | 101 | |
CWE-354 | Improper Validation of Integrity Check Value The software does not validate or incorrectly validates the integrity check values or checksums of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission. | 10 | 59 | 17 | 7 | 93 | |
CWE-697 | Incorrect Comparison The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses. | 3 | 50 | 33 | 7 | 93 | |
CWE-829 | Inclusion of Functionality from Untrusted Control Sphere The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. | 3 | 44 | 31 | 14 | 92 | |
CWE-494 | Download of Code Without Integrity Check The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. | 3 | 39 | 37 | 12 | 91 |