Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-25 Path Traversal: '/../filedir'
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize /../ sequences that can resolve to a location that is outside of that directory.
0 0 1 0 1
CWE-799 Improper Control of Interaction Frequency
The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.
0 1 0 0 1
CWE-501 Trust Boundary Violation
The product mixes trusted and untrusted data in the same data structure or structured message.
0 0 1 0 1
CWE-305 Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
0 0 1 0 1
CWE-340 Predictability Problems
The product uses a scheme that generates numbers or identifiers that are more predictable than required.
0 1 0 0 1
CWE-302 Authentication Bypass by Assumed-Immutable Data
The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.
0 0 1 0 1
CWE-451 User Interface (UI) Misrepresentation of Critical Information
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
0 1 0 0 1
CWE-544 Missing Standardized Error Handling Mechanism
The software does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses.
0 1 0 0 1
CWE-385 Covert Timing Channel
Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.
0 0 1 0 1
CWE-530 Exposure of Backup File to an Unauthorized Control Sphere
A backup file is stored in a directory or archive that is made accessible to unauthorized actors.
0 0 1 0 1