Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-118 | Incorrect Access of Indexable Resource ('Range Error') The software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files. | 0 | 3 | 2 | 8 | 13 | |
CWE-90 | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') The software constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component. | 1 | 3 | 4 | 4 | 12 | |
CWE-185 | Incorrect Regular Expression The software specifies a regular expression in a way that causes data to be improperly matched or compared. | 0 | 4 | 5 | 2 | 11 | |
CWE-73 | External Control of File Name or Path The software allows user input to control or influence paths or file names that are used in filesystem operations. | 2 | 6 | 3 | 0 | 11 | |
CWE-23 | Relative Path Traversal The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as .. that can resolve to a location that is outside of that directory. | 0 | 5 | 4 | 1 | 10 | |
CWE-15 | External Control of System or Configuration Setting One or more system settings or configuration elements can be externally controlled by a user. | 0 | 0 | 0 | 9 | 9 | |
CWE-172 | Encoding Error The software does not properly encode or decode the data, resulting in unexpected values. | 1 | 5 | 1 | 2 | 9 | |
CWE-497 | Exposure of System Data to an Unauthorized Control Sphere The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does. | 1 | 7 | 1 | 0 | 9 | |
CWE-123 | Write-what-where Condition Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow. | 0 | 2 | 5 | 1 | 8 | |
CWE-538 | File and Directory Information Exposure The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. | 2 | 4 | 2 | 0 | 8 |