Categories
| CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
|---|---|---|---|---|---|---|---|
| CWE-693 | Protection Mechanism Failure The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. | 2 | 28 | 5 | 6 | 41 | |
| CWE-913 | Improper Control of Dynamically-Managed Code Resources The software does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements. | 2 | 17 | 8 | 14 | 41 | |
| CWE-706 | Use of Incorrectly-Resolved Name or Reference The software uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere. | 4 | 19 | 9 | 8 | 40 | |
| CWE-669 | Incorrect Resource Transfer Between Spheres The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource. | 2 | 22 | 10 | 5 | 39 | |
| CWE-565 | Reliance on Cookies without Validation and Integrity Checking The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user. | 1 | 20 | 8 | 8 | 37 | |
| CWE-662 | Improper Synchronization The software utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes. | 0 | 27 | 9 | 1 | 37 | |
| CWE-388 | 7PK - Errors This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that occur when an application does not properly handle errors that occur during processing. According to the authors of the Seven Pernicious Kingdoms, "Errors and error handling represent a class of API. Errors related to error handling are so common that they deserve a special kingdom of their own. As with 'API Abuse,' there are two ways to introduce an error-related security vulnerability: the most common one is handling errors poorly (or not at all). The second is producing errors that either give out too much information (to possible attackers) or are difficult to handle." | 3 | 16 | 8 | 9 | 36 | |
| CWE-320 | Key Management Errors Weaknesses in this category are related to errors in the management of cryptographic keys. | 6 | 19 | 9 | 2 | 36 | |
| CWE-672 | Operation on a Resource after Expiration or Release The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked. | 1 | 13 | 12 | 2 | 28 | |
| CWE-80 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as <, >, and & that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. | 2 | 26 | 0 | 0 | 28 |