Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-598 Information Exposure Through Query Strings in GET Request
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that requests.
2 0 1 0 3
CWE-653 Insufficient Compartmentalization
The product does not sufficiently compartmentalize functionality or processes that require different privilege levels, rights, or permissions.
0 3 0 0 3
CWE-823 Use of Out-of-range Pointer Offset
The program performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.
0 1 2 0 3
CWE-921 Storage of Sensitive Data in a Mechanism without Access Control
The software stores sensitive information in a file system or device that does not have built-in access control.
0 0 2 1 3
CWE-805 Buffer Access with Incorrect Length Value
The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.
0 0 3 0 3
CWE-525 Information Exposure Through Browser Caching
The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.
0 3 0 0 3
CWE-472 External Control of Assumed-Immutable Web Parameter
The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.
0 2 1 0 3
CWE-1 DEPRECATED: Location
This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.
0 0 0 2 2
CWE-769 Uncontrolled File Descriptor Consumption
This entry has been deprecated because it was a duplicate of CWE-774. All content has been transferred to CWE-774.
0 0 2 0 2
CWE-534 DEPRECATED: Information Exposure Through Debug Log Files
This entry has been deprecated because its abstraction was too low-level. See CWE-532.
0 0 1 1 2