Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-704 | Incorrect Type Conversion or Cast The software does not correctly convert an object, resource, or structure from one type to a different type. | 2 | 126 | 63 | 24 | 215 | |
CWE-19 | Data Processing Errors Weaknesses in this category are typically found in functionality that processes data. | 7 | 112 | 52 | 35 | 206 | |
CWE-674 | Uncontrolled Recursion The product does not properly control the amount of recursion that takes place, which consumes excessive resources, such as allocated memory or the program stack. | 6 | 122 | 77 | 1 | 206 | |
CWE-346 | Origin Validation Error The software does not properly verify that the source of data or communication is valid. | 6 | 134 | 47 | 17 | 204 | |
CWE-122 | Heap-based Buffer Overflow A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). | 3 | 52 | 114 | 21 | 190 | |
CWE-116 | Improper Encoding or Escaping of Output The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. | 5 | 107 | 47 | 23 | 182 | |
CWE-1236 | Improper Neutralization of Formula Elements in a CSV File The software saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | 2 | 75 | 72 | 33 | 182 | |
CWE-290 | Authentication Bypass by Spoofing This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks. | 9 | 101 | 45 | 25 | 180 | |
CWE-444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to smuggle a request to one device without the other device being aware of it. | 3 | 94 | 56 | 26 | 179 | |
CWE-191 | Integer Underflow (Wrap or Wraparound) The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. | 6 | 62 | 78 | 28 | 174 |