Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-399 | Resource Management Errors Weaknesses in this category are related to improper management of system resources. | 73 | 1049 | 500 | 396 | 2018 | |
CWE-269 | Improper Privilege Management The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. | 86 | 893 | 771 | 140 | 1890 | |
CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. | 4 | 355 | 577 | 567 | 1503 | |
CWE-863 | Incorrect Authorization The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. | 109 | 869 | 350 | 119 | 1447 | |
CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. | 49 | 753 | 455 | 7 | 1264 | |
CWE-502 | Deserialization of Untrusted Data The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. | 10 | 217 | 518 | 405 | 1150 | |
CWE-732 | Incorrect Permission Assignment for Critical Resource The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 111 | 581 | 367 | 72 | 1131 | |
CWE-798 | Use of Hard-coded Credentials The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 48 | 316 | 368 | 394 | 1126 | |
CWE-284 | Improper Access Control The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | 95 | 599 | 265 | 162 | 1121 | |
CWE-362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently. | 127 | 595 | 335 | 35 | 1092 |