Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-199 Information Management Errors
Weaknesses in this category are related to improper handling of sensitive information.
0 3 0 1 4
CWE-250 Execution with Unnecessary Privileges
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
1 1 2 0 4
CWE-548 Information Exposure Through Directory Listing
A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.
1 2 1 0 4
CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax
The application does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.
1 3 0 0 4
CWE-184 Incomplete Blacklist
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.
0 1 2 0 3
CWE-18 Source Code
Weaknesses in this category are typically found within source code.
1 0 1 1 3
CWE-1187 DEPRECATED: Use of Uninitialized Resource
This entry has been deprecated because it was a duplicate of CWE-908. All content has been transferred to CWE-908.
0 2 0 1 3
CWE-920 Improper Restriction of Power Consumption
The software operates in an environment in which power is a limited resource that cannot be automatically replenished, but the software does not properly restrict the amount of power that its operation consumes.
0 2 1 0 3
CWE-943 Improper Neutralization of Special Elements in Data Query Logic
The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.
0 1 2 0 3
CWE-86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages
The software does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers.
0 3 0 0 3