Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-942 | Overly Permissive Cross-domain Whitelist The software uses a cross-domain policy file that includes domains that should not be trusted. | 0 | 0 | 2 | 1 | 3 | |
CWE-87 | Improper Neutralization of Alternate XSS Syntax The software does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax. | 1 | 2 | 0 | 0 | 3 | |
CWE-289 | Authentication Bypass by Alternate Name The software performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor. | 0 | 1 | 1 | 1 | 3 | |
CWE-272 | Least Privilege Violation The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed. | 0 | 1 | 2 | 0 | 3 | |
CWE-940 | Improper Verification of Source of a Communication Channel The software establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin. | 0 | 2 | 1 | 0 | 3 | |
CWE-1 | DEPRECATED: Location This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree. | 0 | 0 | 0 | 2 | 2 | |
CWE-769 | Uncontrolled File Descriptor Consumption This entry has been deprecated because it was a duplicate of CWE-774. All content has been transferred to CWE-774. | 0 | 1 | 1 | 0 | 2 | |
CWE-534 | DEPRECATED: Information Exposure Through Debug Log Files This entry has been deprecated because its abstraction was too low-level. See CWE-532. | 0 | 2 | 0 | 0 | 2 | |
CWE-642 | External Control of Critical State Data The software stores security-critical state information about its users, or the software itself, in a location that is accessible to unauthorized actors. | 0 | 1 | 1 | 0 | 2 | |
CWE-943 | Improper Neutralization of Special Elements in Data Query Logic The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query. | 0 | 0 | 1 | 1 | 2 |