Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-201 Information Exposure Through Sent Data
The code transmits data to another actor, but the data contains sensitive information that should not be accessible to the actor that is receiving the data.
0 4 2 0 6
CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')
The software receives a request, message, or directive from an upstream component, but the software does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the software's control sphere. This causes the software to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.
0 3 1 1 5
CWE-321 Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
0 3 2 0 5
CWE-591 Sensitive Data Storage in Improperly Locked Memory
The application stores sensitive data in memory that is not locked, or that has been incorrectly locked, which might cause the memory to be written to swap files on disk by the virtual memory manager. This can make the data more accessible to external actors.
0 0 5 0 5
CWE-250 Execution with Unnecessary Privileges
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
1 1 3 0 5
CWE-199 Information Management Errors
Weaknesses in this category are related to improper handling of sensitive information.
0 3 0 1 4
CWE-184 Incomplete Blacklist
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.
0 2 2 0 4
CWE-548 Information Exposure Through Directory Listing
A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.
1 2 1 0 4
CWE-1220 Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
0 2 2 0 4
CWE-114 Process Control
Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.
0 0 1 3 4