Categories
| CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
|---|---|---|---|---|---|---|---|
| CWE-470 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') The application uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code. | 0 | 3 | 14 | 7 | 24 | |
| CWE-273 | Improper Check for Dropped Privileges The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. | 2 | 4 | 11 | 6 | 23 | |
| CWE-358 | Improperly Implemented Security Check for Standard The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique. | 0 | 7 | 11 | 2 | 20 | |
| CWE-17 | Code Weaknesses in this category are typically introduced during code development, including specification, design, and implementation. | 0 | 11 | 7 | 1 | 19 | |
| CWE-113 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers. | 0 | 13 | 6 | 0 | 19 | |
| CWE-98 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in require, include, or similar functions. | 0 | 1 | 12 | 4 | 17 | |
| CWE-924 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission. | 1 | 8 | 5 | 2 | 16 | |
| CWE-407 | Algorithmic Complexity An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached. | 0 | 5 | 11 | 0 | 16 | |
| CWE-80 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as <, >, and & that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. | 1 | 15 | 0 | 0 | 16 | |
| CWE-417 | Channel and Path Errors Weaknesses in this category are related to improper handling of communication channels and access paths. | 2 | 3 | 5 | 5 | 15 |