Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-347 | Improper Verification of Cryptographic Signature The software does not verify, or incorrectly verifies, the cryptographic signature for data. | 12 | 177 | 124 | 23 | 336 | |
CWE-345 | Insufficient Verification of Data Authenticity The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. | 19 | 162 | 84 | 35 | 300 | |
CWE-134 | Use of Externally-Controlled Format String The software uses a function that accepts a format string as an argument, but the format string originates from an external source. | 9 | 104 | 108 | 68 | 289 | |
CWE-129 | Improper Validation of Array Index The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. | 6 | 81 | 155 | 44 | 286 | |
CWE-121 | Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). | 1 | 39 | 131 | 112 | 283 | |
CWE-369 | Divide By Zero The product divides a value by zero. | 44 | 198 | 36 | 0 | 278 | |
CWE-307 | Improper Restriction of Excessive Authentication Attempts The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks. | 15 | 134 | 68 | 58 | 275 | |
CWE-908 | Use of Uninitialized Resource The software uses or accesses a resource that has not been initialized. | 33 | 125 | 84 | 31 | 273 | |
CWE-209 | Information Exposure Through an Error Message The software generates an error message that includes sensitive information about its environment, users, or associated data. | 16 | 220 | 22 | 13 | 271 | |
CWE-404 | Improper Resource Shutdown or Release The program does not release or incorrectly releases a resource before it is made available for re-use. | 9 | 152 | 99 | 3 | 263 |