Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-59 | Improper Link Resolution Before File Access ('Link Following') The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. | 12 | 200 | 324 | 19 | 555 | |
CWE-835 | Loop with Unreachable Exit Condition ('Infinite Loop') The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. | 4 | 280 | 262 | 4 | 550 | |
CWE-319 | Cleartext Transmission of Sensitive Information The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. | 13 | 254 | 227 | 44 | 538 | |
CWE-668 | Exposure of Resource to Wrong Sphere The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. | 32 | 275 | 184 | 43 | 534 | |
CWE-639 | Authorization Bypass Through User-Controlled Key The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. | 5 | 326 | 142 | 37 | 510 | |
CWE-203 | Information Exposure Through Discrepancy The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. | 53 | 362 | 65 | 13 | 493 | |
CWE-312 | Cleartext Storage of Sensitive Information The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere. | 15 | 263 | 182 | 16 | 476 | |
CWE-415 | Double Free The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. | 3 | 97 | 278 | 88 | 466 | |
CWE-426 | Untrusted Search Path The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control. | 3 | 28 | 389 | 6 | 426 | |
CWE-755 | Improper Handling of Exceptional Conditions The software does not handle or incorrectly handles an exceptional condition. | 10 | 191 | 199 | 25 | 425 |