Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-399 Resource Management Errors
Weaknesses in this category are related to improper management of system resources.
73 1049 500 396 2018
CWE-269 Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
86 893 771 140 1890
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
4 355 577 567 1503
CWE-863 Incorrect Authorization
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
109 869 350 119 1447
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
49 753 455 7 1264
CWE-502 Deserialization of Untrusted Data
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
10 217 518 405 1150
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
111 581 367 72 1131
CWE-798 Use of Hard-coded Credentials
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
48 316 368 394 1126
CWE-284 Improper Access Control
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
95 599 265 162 1121
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
127 595 335 35 1092