Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-416 Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
80 1770 539 487 2876
CWE-94 Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
26 1012 941 789 2768
CWE-287 Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
165 1392 857 318 2732
CWE-399 Resource Management Errors
Weaknesses in this category are related to improper management of system resources.
101 1280 687 496 2564
CWE-310 Cryptographic Issues
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
126 2068 92 164 2450
CWE-269 Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
133 1355 697 150 2335
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
8 381 511 1058 1958
CWE-476 NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
147 1369 210 60 1786
CWE-190 Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
57 1225 355 127 1764
CWE-863 Incorrect Authorization
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
175 949 160 50 1334