Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-807 | Reliance on Untrusted Inputs in a Security Decision The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. | 0 | 1 | 0 | 0 | 1 | |
CWE-85 | Doubled Character XSS Manipulations The web application does not filter user-controlled input for executable script disguised using doubling of the involved characters. | 0 | 1 | 0 | 0 | 1 | |
CWE-540 | Information Exposure Through Source Code Source code on a web server or repository often contains sensitive information and should generally not be accessible to users. | 0 | 1 | 0 | 0 | 1 | |
CWE-598 | Information Exposure Through Query Strings in GET Request The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that requests. | 1 | 0 | 0 | 0 | 1 | |
CWE-300 | Channel Accessible by Non-Endpoint ('Man-in-the-Middle') The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint. | 0 | 1 | 0 | 0 | 1 | |
CWE-805 | Buffer Access with Incorrect Length Value The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer. | 0 | 0 | 1 | 0 | 1 | |
CWE-1286 | Improper Validation of Syntactic Correctness of Input The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax. | 0 | 1 | 0 | 0 | 1 | |
CWE-489 | Leftover Debug Code The application is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information. | 0 | 1 | 0 | 0 | 1 | |
CWE-840 | Business Logic Errors Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application's functionality. However, many business logic errors can exhibit patterns that are similar to well-understood implementation and design weaknesses.Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application's functionality. However, many business logic errors can exhibit patterns that are similar to well-understood implementation and design weaknesses. | 0 | 1 | 0 | 0 | 1 | |
CWE-379 | Creation of Temporary File in Directory with Incorrect Permissions The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file. | 0 | 1 | 0 | 0 | 1 |