Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-770 Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
19 383 254 9 665
CWE-255 Credentials Management
Weaknesses in this category are related to the management of credentials.
109 301 101 153 664
CWE-532 Information Exposure Through Log Files
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
166 366 80 11 623
CWE-401 Improper Release of Memory Before Removing Last Reference ('Memory Leak')
The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
42 379 162 0 583
CWE-427 Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
6 249 281 36 572
CWE-668 Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
73 337 133 26 569
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
20 312 205 2 539
CWE-319 Cleartext Transmission of Sensitive Information
The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
37 326 126 28 517
CWE-312 Cleartext Storage of Sensitive Information
The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
93 290 100 11 494
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
5 311 115 36 467