Categories
| CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
|---|---|---|---|---|---|---|---|
| CWE-471 | Modification of Assumed-Immutable Data (MAID) The software does not properly protect an assumed-immutable element from being modified by an attacker. | 0 | 2 | 1 | 0 | 3 | |
| CWE-95 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. eval). | 0 | 0 | 1 | 2 | 3 | |
| CWE-526 | Information Exposure Through Environmental Variables Environmental variables may contain sensitive information about a remote server. | 0 | 3 | 0 | 0 | 3 | |
| CWE-1286 | Improper Validation of Syntactic Correctness of Input The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax. | 0 | 2 | 1 | 0 | 3 | |
| CWE-598 | Information Exposure Through Query Strings in GET Request The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that requests. | 2 | 0 | 1 | 0 | 3 | |
| CWE-653 | Insufficient Compartmentalization The product does not sufficiently compartmentalize functionality or processes that require different privilege levels, rights, or permissions. | 0 | 3 | 0 | 0 | 3 | |
| CWE-921 | Storage of Sensitive Data in a Mechanism without Access Control The software stores sensitive information in a file system or device that does not have built-in access control. | 0 | 0 | 2 | 1 | 3 | |
| CWE-525 | Information Exposure Through Browser Caching The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached. | 0 | 3 | 0 | 0 | 3 | |
| CWE-769 | Uncontrolled File Descriptor Consumption This entry has been deprecated because it was a duplicate of CWE-774. All content has been transferred to CWE-774. | 1 | 0 | 2 | 0 | 3 | |
| CWE-451 | User Interface (UI) Misrepresentation of Critical Information The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. | 0 | 3 | 0 | 0 | 3 |