Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-909 | Missing Initialization of Resource The software does not initialize a critical resource. | 2 | 44 | 27 | 2 | 75 | |
CWE-131 | Incorrect Calculation of Buffer Size The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow. | 1 | 25 | 36 | 12 | 74 | |
CWE-285 | Improper Authorization The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. | 2 | 27 | 32 | 10 | 71 | |
CWE-91 | XML Injection (aka Blind XPath Injection) The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. | 0 | 13 | 37 | 19 | 69 | |
CWE-681 | Incorrect Conversion between Numeric Types When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur. | 0 | 13 | 45 | 11 | 69 | |
CWE-916 | Use of Password Hash With Insufficient Computational Effort The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive. | 1 | 22 | 33 | 12 | 68 | |
CWE-122 | Heap-based Buffer Overflow A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). | 5 | 21 | 40 | 2 | 68 | |
CWE-189 | Numeric Errors Weaknesses in this category are related to improper calculation or conversion of numbers. | 0 | 16 | 38 | 11 | 65 | |
CWE-331 | Insufficient Entropy The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others. | 1 | 20 | 26 | 14 | 61 | |
CWE-275 | Permission Issues Weaknesses in this category are related to improper assignment or handling of permissions. | 9 | 24 | 24 | 3 | 60 |