Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-916 | Use of Password Hash With Insufficient Computational Effort The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive. | 6 | 40 | 12 | 9 | 67 | |
CWE-909 | Missing Initialization of Resource The software does not initialize a critical resource. | 8 | 41 | 16 | 1 | 66 | |
CWE-670 | Always-Incorrect Control Flow Implementation The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated. | 2 | 31 | 22 | 5 | 60 | |
CWE-776 | Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') The software uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities. | 0 | 36 | 19 | 3 | 58 | |
CWE-331 | Insufficient Entropy The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others. | 5 | 30 | 14 | 7 | 56 | |
CWE-707 | Improper Enforcement of Message or Data Structure The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. | 0 | 37 | 6 | 12 | 55 | |
CWE-212 | Improper Cross-boundary Removal of Sensitive Data The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors. | 5 | 34 | 13 | 3 | 55 | |
CWE-763 | Release of Invalid Pointer or Reference The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly. | 2 | 25 | 23 | 5 | 55 | |
CWE-436 | Interpretation Conflict Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state. | 0 | 23 | 18 | 5 | 46 | |
CWE-93 | Improper Neutralization of CRLF Sequences ('CRLF Injection') The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs. | 1 | 36 | 4 | 0 | 41 |