Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-76 Improper Neutralization of Equivalent Special Elements
The software properly neutralizes certain special elements, but it improperly neutralizes equivalent special elements.
0 1 0 0 1
CWE-1103 Use of Platform-Dependent Third Party Components
The product relies on third-party software components that do not provide equivalent functionality across all desirable platforms.
0 1 0 0 1
CWE-263 Password Aging with Long Expiration
Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.
0 0 1 0 1
CWE-28 Path Traversal: '..\filedir'
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize .. sequences that can resolve to a location that is outside of that directory.
0 1 0 0 1
CWE-758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
The software uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.
0 0 1 0 1
CWE-691 Insufficient Control Flow Management
The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.
0 0 1 0 1
CWE-544 Missing Standardized Error Handling Mechanism
The software does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses.
0 0 1 0 1
CWE-830 Inclusion of Web Functionality from an Untrusted Source
The software includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the software, potentially granting total access and control of the software to the untrusted source.
0 0 1 0 1
CWE-1270 Generation of Incorrect Security Identifiers
The product implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers generated in the system are incorrect.
0 0 0 1 1
CWE-253 Incorrect Check of Function Return Value
The software incorrectly checks a return value from a function, which prevents the software from detecting errors or exceptional conditions.
0 1 0 0 1