Categories
| CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
|---|---|---|---|---|---|---|---|
| CWE-335 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) The software uses a Pseudo-Random Number Generator (PRNG) that does not correctly manage seeds. | 1 | 12 | 10 | 3 | 26 | |
| CWE-358 | Improperly Implemented Security Check for Standard The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique. | 1 | 21 | 1 | 2 | 25 | |
| CWE-266 | Incorrect Privilege Assignment A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. | 0 | 11 | 11 | 1 | 23 | |
| CWE-178 | Improper Handling of Case Sensitivity The software does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results. | 3 | 6 | 7 | 6 | 22 | |
| CWE-113 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers. | 0 | 18 | 2 | 1 | 21 | |
| CWE-73 | External Control of File Name or Path The software allows user input to control or influence paths or file names that are used in filesystem operations. | 0 | 12 | 7 | 2 | 21 | |
| CWE-273 | Improper Check for Dropped Privileges The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. | 0 | 6 | 10 | 4 | 20 | |
| CWE-470 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') The application uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code. | 0 | 7 | 8 | 5 | 20 | |
| CWE-321 | Use of Hard-coded Cryptographic Key The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered. | 4 | 5 | 4 | 5 | 18 | |
| CWE-915 | Improperly Controlled Modification of Dynamically-Determined Object Attributes The software receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified. | 0 | 3 | 14 | 0 | 17 |