Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
7 239 413 245 904
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
9 307 378 189 883
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
35 417 405 6 863
CWE-276 Incorrect Default Permissions
The product, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor.
26 304 434 65 829
CWE-401 Improper Release of Memory Before Removing Last Reference ('Memory Leak')
The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
19 584 214 1 818
CWE-284 Improper Access Control
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
26 317 345 117 805
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
5 746 36 6 793
CWE-770 Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
3 335 348 10 696
CWE-532 Information Exposure Through Log Files
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
67 363 160 40 630
CWE-427 Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
0 56 553 19 628