|CWE||NAME||LAST 12M||LOW||MEDIUM||HIGH||CRITICAL||TOTAL VULNS|
|CWE-434|| Unrestricted Upload of File with Dangerous Type |
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
|CWE-863|| Incorrect Authorization |
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
|CWE-77|| Improper Neutralization of Special Elements used in a Command ('Command Injection') |
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
|CWE-400|| Uncontrolled Resource Consumption ('Resource Exhaustion') |
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
|CWE-862|| Missing Authorization |
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
|CWE-189|| Numeric Errors |
Weaknesses in this category are related to improper calculation or conversion of numbers.
|CWE-284|| Improper Access Control |
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
|CWE-362|| Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
|CWE-732|| Incorrect Permission Assignment for Critical Resource |
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
|CWE-798|| Use of Hard-coded Credentials |
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.