Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-36 Absolute Path Traversal
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as /abs/path that can resolve to a location that is outside of that directory.
0 2 4 0 6
CWE-297 Improper Validation of Certificate with Host Mismatch
The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.
0 4 2 0 6
CWE-822 Untrusted Pointer Dereference
The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
0 1 5 0 6
CWE-24 Path Traversal: '../filedir'
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ../ sequences that can resolve to a location that is outside of that directory.
0 4 0 2 6
CWE-204 Response Discrepancy Information Exposure
The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
0 6 0 0 6
CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')
The software receives a request, message, or directive from an upstream component, but the software does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the software's control sphere. This causes the software to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.
0 3 1 1 5
CWE-117 Improper Output Neutralization for Logs
The software does not neutralize or incorrectly neutralizes output that is written to logs.
0 4 1 0 5
CWE-35 Path Traversal: '.../...//'
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
0 2 3 0 5
CWE-201 Information Exposure Through Sent Data
The code transmits data to another actor, but the data contains sensitive information that should not be accessible to the actor that is receiving the data.
0 4 1 0 5
CWE-321 Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
0 3 2 0 5