Categories
| CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
|---|---|---|---|---|---|---|---|
| CWE-732 | Incorrect Permission Assignment for Critical Resource The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 39 | 383 | 614 | 91 | 1127 | |
| CWE-798 | Use of Hard-coded Credentials The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 10 | 146 | 375 | 587 | 1118 | |
| CWE-269 | Improper Privilege Management The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. | 21 | 264 | 687 | 126 | 1098 | |
| CWE-502 | Deserialization of Untrusted Data The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. | 2 | 46 | 515 | 511 | 1074 | |
| CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. | 7 | 443 | 595 | 13 | 1058 | |
| CWE-264 | Permissions, Privileges, and Access Controls Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control. | 25 | 135 | 737 | 110 | 1007 | |
| CWE-306 | Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. | 16 | 215 | 353 | 368 | 952 | |
| CWE-918 | Server-Side Request Forgery (SSRF) The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. | 13 | 359 | 326 | 233 | 931 | |
| CWE-522 | Insufficiently Protected Credentials The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | 10 | 415 | 345 | 155 | 925 | |
| CWE-295 | Improper Certificate Validation The software does not validate, or incorrectly validates, a certificate. | 18 | 434 | 371 | 86 | 909 |