Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-167 Improper Handling of Additional Special Element
The software receives input from an upstream component, but it does not handle or incorrectly handles when an additional unexpected special element is provided.
0 1 0 0 1
CWE-344 Use of Invariant Value in Dynamically Changing Context
The product uses a constant value, name, or reference, but this value can (or should) vary across different environments.
0 0 1 0 1
CWE-76 Improper Neutralization of Equivalent Special Elements
The software properly neutralizes certain special elements, but it improperly neutralizes equivalent special elements.
0 1 0 0 1
CWE-1103 Use of Platform-Dependent Third Party Components
The product relies on third-party software components that do not provide equivalent functionality across all desirable platforms.
0 1 0 0 1
CWE-263 Password Aging with Long Expiration
Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.
0 0 1 0 1
CWE-28 Path Traversal: '..\filedir'
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize .. sequences that can resolve to a location that is outside of that directory.
0 1 0 0 1
CWE-758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
The software uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.
0 0 1 0 1
CWE-691 Insufficient Control Flow Management
The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.
0 0 1 0 1
CWE-544 Missing Standardized Error Handling Mechanism
The software does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses.
0 0 1 0 1
CWE-830 Inclusion of Web Functionality from an Untrusted Source
The software includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the software, potentially granting total access and control of the software to the untrusted source.
0 0 1 0 1