CWE-668 Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
126 395 55 15 591
CWE-306 Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
21 265 136 83 505
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
38 317 69 0 424
CWE-426 Untrusted Search Path
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.
6 262 27 111 406
CWE-772 Missing Release of Resource after Effective Lifetime
The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
41 315 39 2 397
CWE-254 7PK - Security Features
Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.
43 280 39 24 386
CWE-532 Information Exposure Through Log Files
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
166 199 4 2 371
CWE-427 Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
7 251 60 29 347
CWE-415 Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
12 177 112 32 333
CWE-770 Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
21 246 59 3 329