Categories
| CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
|---|---|---|---|---|---|---|---|
| CWE-191 | Integer Underflow (Wrap or Wraparound) The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. | 1 | 40 | 100 | 44 | 185 | |
| CWE-290 | Authentication Bypass by Spoofing This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks. | 1 | 93 | 51 | 32 | 177 | |
| CWE-281 | Improper Preservation of Permissions The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended. | 6 | 52 | 96 | 16 | 170 | |
| CWE-88 | Argument Injection or Modification The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string. | 1 | 38 | 73 | 49 | 161 | |
| CWE-1236 | Improper Neutralization of Formula Elements in a CSV File The software saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | 0 | 27 | 106 | 25 | 158 | |
| CWE-917 | Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. | 0 | 6 | 92 | 59 | 157 | |
| CWE-444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to smuggle a request to one device without the other device being aware of it. | 0 | 54 | 69 | 31 | 154 | |
| CWE-428 | Unquoted Search Path or Element The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. | 1 | 33 | 111 | 5 | 150 | |
| CWE-521 | Weak Password Requirements The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts. | 2 | 27 | 60 | 57 | 146 | |
| CWE-610 | Externally Controlled Reference to a Resource in Another Sphere The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere. | 17 | 47 | 67 | 12 | 143 |