Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-81 | Improper Neutralization of Script in an Error Message Web Page The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters that could be interpreted as web-scripting elements when they are sent to an error page. | 0 | 1 | 0 | 0 | 1 | |
CWE-650 | Trusting HTTP Permission Methods on the Server Side The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to the associated resource. This might allow attackers to bypass intended access restrictions and conduct resource modification and deletion attacks, since some applications allow GET to modify state. | 0 | 1 | 0 | 0 | 1 | |
CWE-348 | Use of Less Trusted Source The software has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack. | 0 | 1 | 0 | 0 | 1 | |
CWE-1288 | Improper Validation of Consistency within Input The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent. | 0 | 0 | 1 | 0 | 1 | |
CWE-833 | Deadlock The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock. | 0 | 1 | 0 | 0 | 1 | |
CWE-703 | Improper Check or Handling of Exceptional Conditions The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software. | 0 | 1 | 0 | 0 | 1 | |
CWE-75 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) The software does not adequately filter user-controlled input for special elements with control implications. | 0 | 1 | 0 | 0 | 1 | |
CWE-549 | Missing Password Field Masking The software does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords. | 0 | 1 | 0 | 0 | 1 | |
CWE-377 | Insecure Temporary File Creating and using insecure temporary files can leave application and system data vulnerable to attack. | 1 | 0 | 0 | 0 | 1 | |
CWE-1108 | Excessive Reliance on Global Variables The code is structured in a way that relies too much on using or setting global variables throughout various points in the code, instead of preserving the associated information in a narrower, more local context. | 0 | 1 | 0 | 0 | 1 |