Categories

CWE NAME LAST 12M LOW MEDIUM HIGH CRITICAL TOTAL VULNS
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
 4 131 108 39 282
CWE-347 Improper Verification of Cryptographic Signature
The software does not verify, or incorrectly verifies, the cryptographic signature for data.
 15 181 69 16 281
CWE-129 Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
 6 87 124 42 259
CWE-369 Divide By Zero
The product divides a value by zero.
 45 185 13 0 243
CWE-384 Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
 14 162 45 16 237
CWE-345 Insufficient Verification of Data Authenticity
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
 19 143 53 22 237
CWE-16 Configuration
Weaknesses in this category are typically introduced during the configuration of the software.
 20 132 50 28 230
CWE-613 Insufficient Session Expiration
According to WASC, Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.
 24 134 49 14 221
CWE-908 Use of Uninitialized Resource
The software uses or accesses a resource that has not been initialized.
 33 104 59 24 220
CWE-19 Data Processing Errors
Weaknesses in this category are typically found in functionality that processes data.
 7 128 48 35 218