Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-59 | Improper Link Resolution Before File Access ('Link Following') The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. | 12 | 201 | 326 | 19 | 558 | |
CWE-835 | Loop with Unreachable Exit Condition ('Infinite Loop') The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. | 4 | 279 | 262 | 4 | 549 | |
CWE-319 | Cleartext Transmission of Sensitive Information The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. | 13 | 253 | 227 | 44 | 537 | |
CWE-668 | Exposure of Resource to Wrong Sphere The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. | 32 | 274 | 184 | 43 | 533 | |
CWE-639 | Authorization Bypass Through User-Controlled Key The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. | 5 | 325 | 141 | 37 | 508 | |
CWE-203 | Information Exposure Through Discrepancy The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. | 53 | 362 | 65 | 13 | 493 | |
CWE-312 | Cleartext Storage of Sensitive Information The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere. | 15 | 262 | 182 | 16 | 475 | |
CWE-415 | Double Free The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. | 3 | 97 | 279 | 89 | 468 | |
CWE-755 | Improper Handling of Exceptional Conditions The software does not handle or incorrectly handles an exceptional condition. | 10 | 190 | 199 | 25 | 424 | |
CWE-426 | Untrusted Search Path The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control. | 3 | 28 | 386 | 6 | 423 |