Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-25 | Path Traversal: '/../filedir' The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize /../ sequences that can resolve to a location that is outside of that directory. | 0 | 0 | 1 | 0 | 1 | |
CWE-799 | Improper Control of Interaction Frequency The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests. | 0 | 1 | 0 | 0 | 1 | |
CWE-501 | Trust Boundary Violation The product mixes trusted and untrusted data in the same data structure or structured message. | 0 | 0 | 1 | 0 | 1 | |
CWE-305 | Authentication Bypass by Primary Weakness The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. | 0 | 0 | 1 | 0 | 1 | |
CWE-340 | Predictability Problems The product uses a scheme that generates numbers or identifiers that are more predictable than required. | 0 | 1 | 0 | 0 | 1 | |
CWE-302 | Authentication Bypass by Assumed-Immutable Data The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker. | 0 | 0 | 1 | 0 | 1 | |
CWE-451 | User Interface (UI) Misrepresentation of Critical Information The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. | 0 | 1 | 0 | 0 | 1 | |
CWE-544 | Missing Standardized Error Handling Mechanism The software does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses. | 0 | 1 | 0 | 0 | 1 | |
CWE-385 | Covert Timing Channel Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information. | 0 | 0 | 1 | 0 | 1 | |
CWE-530 | Exposure of Backup File to an Unauthorized Control Sphere A backup file is stored in a directory or archive that is made accessible to unauthorized actors. | 0 | 0 | 1 | 0 | 1 |