Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-807 Reliance on Untrusted Inputs in a Security Decision
The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
0 1 0 0 1
CWE-85 Doubled Character XSS Manipulations
The web application does not filter user-controlled input for executable script disguised using doubling of the involved characters.
0 1 0 0 1
CWE-540 Information Exposure Through Source Code
Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.
0 1 0 0 1
CWE-598 Information Exposure Through Query Strings in GET Request
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that requests.
1 0 0 0 1
CWE-300 Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.
0 1 0 0 1
CWE-805 Buffer Access with Incorrect Length Value
The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.
0 0 1 0 1
CWE-1286 Improper Validation of Syntactic Correctness of Input
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
0 1 0 0 1
CWE-489 Leftover Debug Code
The application is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.
0 1 0 0 1
CWE-840 Business Logic Errors
Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application's functionality. However, many business logic errors can exhibit patterns that are similar to well-understood implementation and design weaknesses.Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application's functionality. However, many business logic errors can exhibit patterns that are similar to well-understood implementation and design weaknesses.
0 1 0 0 1
CWE-379 Creation of Temporary File in Directory with Incorrect Permissions
The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.
0 1 0 0 1