Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-384 | Session Fixation Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. | 14 | 157 | 63 | 28 | 262 | |
CWE-754 | Improper Check for Unusual or Exceptional Conditions The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software. | 30 | 155 | 71 | 5 | 261 | |
CWE-613 | Insufficient Session Expiration According to WASC, Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization. | 29 | 138 | 66 | 25 | 258 | |
CWE-311 | Missing Encryption of Sensitive Data The software does not encrypt sensitive or critical information before storage or transmission. | 38 | 144 | 62 | 11 | 255 | |
CWE-665 | Improper Initialization The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used. | 56 | 112 | 60 | 17 | 245 | |
CWE-330 | Use of Insufficiently Random Values The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. | 26 | 132 | 56 | 29 | 243 | |
CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state. | 21 | 112 | 97 | 12 | 242 | |
CWE-1021 | Improper Restriction of Rendered UI Layers or Frames The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. | 17 | 188 | 13 | 9 | 227 | |
CWE-552 | Files or Directories Accessible to External Parties The product makes files or directories accessible to unauthorized actors, even though they should not be. | 19 | 120 | 72 | 8 | 219 | |
CWE-16 | Configuration Weaknesses in this category are typically introduced during the configuration of the software. | 20 | 120 | 49 | 28 | 217 |