Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-642 External Control of Critical State Data
The software stores security-critical state information about its users, or the software itself, in a location that is accessible to unauthorized actors.
0 1 1 0 2
CWE-21 Pathname Traversal and Equivalence Errors
Weaknesses in this category can be used to access files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence). Files, directories, and folders are so central to information technology that many different weaknesses and variants have been discovered. The manipulations generally involve special characters or sequences in pathnames, or the use of alternate references or channels.
0 1 0 1 2
CWE-912 Hidden Functionality
The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the software's users or administrators.
0 0 1 1 2
CWE-282 Improper Ownership Management
The software assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.
0 0 2 0 2
CWE-61 UNIX Symbolic Link (Symlink) Following
The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.
0 2 0 0 2
CWE-317 Cleartext Storage of Sensitive Information in GUI
The application stores sensitive information in cleartext within the GUI.
0 2 0 0 2
CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. eval).
0 0 1 1 2
CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.
0 2 0 0 2
CWE-451 User Interface (UI) Misrepresentation of Critical Information
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
0 2 0 0 2
CWE-923 Improper Restriction of Communication Channel to Intended Endpoints
The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
0 1 1 0 2