Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-763 Release of Invalid Pointer or Reference
The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.
1 18 30 8 57
CWE-212 Improper Cross-boundary Removal of Sensitive Data
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
4 31 20 1 56
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
The software uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
0 20 27 5 52
CWE-706 Use of Incorrectly-Resolved Name or Reference
The software uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.
1 16 19 16 52
CWE-122 Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
5 17 26 2 50
CWE-662 Improper Synchronization
The software utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.
0 27 21 1 49
CWE-436 Interpretation Conflict
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.
0 16 22 7 45
CWE-565 Reliance on Cookies without Validation and Integrity Checking
The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.
2 13 14 10 39
CWE-913 Improper Control of Dynamically-Managed Code Resources
The software does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.
0 9 16 14 39
CWE-669 Incorrect Resource Transfer Between Spheres
The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.
0 11 18 8 37