Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-306 | Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. | 21 | 298 | 188 | 137 | 644 | |
CWE-668 | Exposure of Resource to Wrong Sphere The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. | 124 | 400 | 97 | 21 | 642 | |
CWE-770 | Allocation of Resources Without Limits or Throttling The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor. | 21 | 317 | 132 | 5 | 475 | |
CWE-835 | Loop with Unreachable Exit Condition ('Infinite Loop') The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. | 29 | 321 | 109 | 0 | 459 | |
CWE-532 | Information Exposure Through Log Files Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. | 164 | 242 | 25 | 4 | 435 | |
CWE-401 | Improper Release of Memory Before Removing Last Reference ('Memory Leak') The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. | 48 | 282 | 97 | 0 | 427 | |
CWE-426 | Untrusted Search Path The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control. | 6 | 260 | 48 | 113 | 427 | |
CWE-427 | Uncontrolled Search Path Element The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. | 6 | 258 | 127 | 31 | 422 | |
CWE-772 | Missing Release of Resource after Effective Lifetime The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. | 34 | 317 | 45 | 2 | 398 | |
CWE-254 | 7PK - Security Features Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management. | 43 | 275 | 37 | 23 | 378 |