Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-664 Improper Control of a Resource Through its Lifetime
The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.
0 1 2 0 3
CWE-471 Modification of Assumed-Immutable Data (MAID)
The software does not properly protect an assumed-immutable element from being modified by an attacker.
0 2 1 0 3
CWE-1220 Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
0 2 1 0 3
CWE-620 Unverified Password Change
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
0 0 1 2 3
CWE-526 Information Exposure Through Environmental Variables
Environmental variables may contain sensitive information about a remote server.
0 3 0 0 3
CWE-126 Buffer Over-read
The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
0 3 0 0 3
CWE-1286 Improper Validation of Syntactic Correctness of Input
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
0 2 1 0 3
CWE-598 Information Exposure Through Query Strings in GET Request
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that requests.
2 0 1 0 3
CWE-653 Insufficient Compartmentalization
The product does not sufficiently compartmentalize functionality or processes that require different privilege levels, rights, or permissions.
0 3 0 0 3
CWE-114 Process Control
Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.
0 0 1 2 3