Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-434 | Unrestricted Upload of File with Dangerous Type The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. | 11 | 645 | 557 | 251 | 1464 | |
CWE-863 | Incorrect Authorization The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. | 129 | 877 | 195 | 99 | 1300 | |
CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. | 3 | 364 | 462 | 444 | 1273 | |
CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. | 60 | 807 | 347 | 6 | 1220 | |
CWE-862 | Missing Authorization The software does not perform an authorization check when an actor attempts to access a resource or perform an action. | 106 | 799 | 202 | 43 | 1150 | |
CWE-189 | Numeric Errors Weaknesses in this category are related to improper calculation or conversion of numbers. | 20 | 461 | 213 | 371 | 1065 | |
CWE-284 | Improper Access Control The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | 97 | 605 | 209 | 138 | 1049 | |
CWE-362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently. | 134 | 629 | 207 | 41 | 1011 | |
CWE-732 | Incorrect Permission Assignment for Critical Resource The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 122 | 550 | 225 | 57 | 954 | |
CWE-798 | Use of Hard-coded Credentials The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 53 | 286 | 282 | 257 | 878 |