Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-942 Overly Permissive Cross-domain Whitelist
The software uses a cross-domain policy file that includes domains that should not be trusted.
1 1 0 0 2
CWE-501 Trust Boundary Violation
The product mixes trusted and untrusted data in the same data structure or structured message.
0 1 1 0 2
CWE-799 Improper Control of Interaction Frequency
The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.
1 1 0 0 2
CWE-540 Information Exposure Through Source Code
Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.
1 1 0 0 2
CWE-208 Information Exposure Through Timing Discrepancy
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
1 1 0 0 2
CWE-840 Business Logic Errors
Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application's functionality. However, many business logic errors can exhibit patterns that are similar to well-understood implementation and design weaknesses.Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application's functionality. However, many business logic errors can exhibit patterns that are similar to well-understood implementation and design weaknesses.
0 2 0 0 2
CWE-280 Improper Handling of Insufficient Permissions or Privileges
The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state.
0 0 2 0 2
CWE-300 Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.
0 2 0 0 2
CWE-328 Reversible One-Way Hash
The product uses a hashing algorithm that produces a hash value that can be used to determine the original input, or to find an input that can produce the same hash, more efficiently than brute force techniques.
1 0 1 0 2
CWE-457 Use of Uninitialized Variable
The code uses a variable that has not been initialized, leading to unpredictable or unintended results.
1 0 1 0 2