|
CWE-79
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
533 |
|
CWE-89
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
356 |
|
CWE-862
|
Missing Authorization |
279 |
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
230 |
|
CWE-78
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
225 |
|
CWE-94
|
Improper Control of Generation of Code ('Code Injection') |
194 |
|
CWE-918
|
Server-Side Request Forgery (SSRF) |
183 |
|
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection') |
178 |
|
CWE-863
|
Incorrect Authorization |
170 |
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
169 |
|
CWE-284
|
Improper Access Control |
140 |
|
CWE-639
|
Authorization Bypass Through User-Controlled Key |
138 |
|
CWE-122
|
Heap-based Buffer Overflow |
132 |
|
CWE-119
|
Improper Restriction of Operations within the Bounds of a Memory Buffer |
132 |
|
CWE-352
|
Cross-Site Request Forgery (CSRF) |
124 |
|
CWE-20
|
Improper Input Validation |
118 |
|
CWE-770
|
Allocation of Resources Without Limits or Throttling |
116 |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor |
110 |
|
CWE-416
|
Use After Free |
109 |
|
CWE-125
|
Out-of-bounds Read |
104 |
|
CWE-121
|
Stack-based Buffer Overflow |
102 |
|
CWE-400
|
Uncontrolled Resource Consumption |
90 |
|
CWE-287
|
Improper Authentication |
85 |
|
CWE-476
|
NULL Pointer Dereference |
82 |
|
CWE-404
|
Improper Resource Shutdown or Release |
80 |
|
CWE-190
|
Integer Overflow or Wraparound |
77 |
|
CWE-787
|
Out-of-bounds Write |
72 |
|
CWE-306
|
Missing Authentication for Critical Function |
72 |
|
CWE-120
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
68 |
|
CWE-295
|
Improper Certificate Validation |
64 |
|
CWE-502
|
Deserialization of Untrusted Data |
60 |
|
CWE-269
|
Improper Privilege Management |
60 |
|
CWE-434
|
Unrestricted Upload of File with Dangerous Type |
52 |
|
CWE-285
|
Improper Authorization |
52 |
|
CWE-266
|
Incorrect Privilege Assignment |
51 |
|
CWE-59
|
Improper Link Resolution Before File Access ('Link Following') |
48 |
|
CWE-362
|
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
43 |
|
CWE-288
|
Authentication Bypass Using an Alternate Path or Channel |
42 |
|
CWE-73
|
External Control of File Name or Path |
40 |
|
CWE-693
|
Protection Mechanism Failure |
40 |
|
CWE-601
|
URL Redirection to Untrusted Site ('Open Redirect') |
39 |
|
CWE-754
|
Improper Check for Unusual or Exceptional Conditions |
38 |
|
CWE-789
|
Memory Allocation with Excessive Size Value |
36 |
|
CWE-345
|
Insufficient Verification of Data Authenticity |
35 |
|
CWE-93
|
Improper Neutralization of CRLF Sequences ('CRLF Injection') |
32 |
|
CWE-367
|
Time-of-check Time-of-use (TOCTOU) Race Condition |
32 |
|
CWE-798
|
Use of Hard-coded Credentials |
31 |
|
CWE-674
|
Uncontrolled Recursion |
29 |
|
CWE-346
|
Origin Validation Error |
29 |
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource |
28 |
|
CWE-1284
|
Improper Validation of Specified Quantity in Input |
27 |
|
CWE-88
|
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
26 |
|
CWE-532
|
Insertion of Sensitive Information into Log File |
25 |
|
CWE-444
|
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
25 |
|
CWE-835
|
Loop with Unreachable Exit Condition ('Infinite Loop') |
23 |
|
CWE-347
|
Improper Verification of Cryptographic Signature |
23 |
|
CWE-23
|
Relative Path Traversal |
23 |
|
CWE-1321
|
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') |
23 |
|
CWE-1336
|
Improper Neutralization of Special Elements Used in a Template Engine |
22 |
|
CWE-290
|
Authentication Bypass by Spoofing |
21 |
|
CWE-80
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
20 |
|
CWE-522
|
Insufficiently Protected Credentials |
20 |
|
CWE-427
|
Uncontrolled Search Path Element |
20 |
|
CWE-415
|
Double Free |
20 |
|
CWE-407
|
Inefficient Algorithmic Complexity |
19 |
|
CWE-209
|
Generation of Error Message Containing Sensitive Information |
19 |
|
CWE-184
|
Incomplete List of Disallowed Inputs |
19 |
|
CWE-1188
|
Initialization of a Resource with an Insecure Default |
19 |
|
CWE-91
|
XML Injection (aka Blind XPath Injection) |
18 |
|
CWE-829
|
Inclusion of Functionality from Untrusted Control Sphere |
18 |
|
CWE-307
|
Improper Restriction of Excessive Authentication Attempts |
18 |
|
CWE-98
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') |
17 |
|
CWE-668
|
Exposure of Resource to Wrong Sphere |
17 |
|
CWE-436
|
Interpretation Conflict |
17 |
|
CWE-250
|
Execution with Unnecessary Privileges |
17 |
|
CWE-193
|
Off-by-one Error |
17 |
|
CWE-843
|
Access of Resource Using Incompatible Type ('Type Confusion') |
16 |
|
CWE-613
|
Insufficient Session Expiration |
16 |
|
CWE-312
|
Cleartext Storage of Sensitive Information |
16 |
|
CWE-280
|
Improper Handling of Insufficient Permissions or Privileges |
16 |
|
CWE-617
|
Reachable Assertion |
15 |
|
CWE-208
|
Observable Timing Discrepancy |
15 |
|
CWE-611
|
Improper Restriction of XML External Entity Reference |
14 |
|
CWE-276
|
Incorrect Default Permissions |
14 |
|
CWE-170
|
Improper Null Termination |
14 |
|
CWE-915
|
Improperly Controlled Modification of Dynamically-Determined Object Attributes |
13 |
|
CWE-552
|
Files or Directories Accessible to External Parties |
13 |
|
CWE-475
|
Undefined Behavior for Input to API |
13 |
|
CWE-248
|
Uncaught Exception |
13 |
|
CWE-212
|
Improper Removal of Sensitive Information Before Storage or Transfer |
13 |
|
CWE-130
|
Improper Handling of Length Parameter Inconsistency |
13 |
|
CWE-1275
|
Sensitive Cookie with Improper SameSite Attribute |
13 |
|
CWE-116
|
Improper Encoding or Escaping of Output |
13 |
|
CWE-908
|
Use of Uninitialized Resource |
12 |
|
CWE-426
|
Untrusted Search Path |
12 |
|
CWE-327
|
Use of a Broken or Risky Cryptographic Algorithm |
12 |
|
CWE-113
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') |
12 |
|
CWE-917
|
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') |
11 |
|
CWE-841
|
Improper Enforcement of Behavioral Workflow |
11 |
|
CWE-749
|
Exposed Dangerous Method or Function |
11 |
|
CWE-672
|
Operation on a Resource after Expiration or Release |
11 |
|
CWE-636
|
Not Failing Securely ('Failing Open') |
11 |
|
CWE-451
|
User Interface (UI) Misrepresentation of Critical Information |
11 |
|
CWE-319
|
Cleartext Transmission of Sensitive Information |
11 |
|
CWE-297
|
Improper Validation of Certificate with Host Mismatch |
11 |
|
CWE-201
|
Insertion of Sensitive Information Into Sent Data |
11 |
|
CWE-191
|
Integer Underflow (Wrap or Wraparound) |
11 |
|
CWE-126
|
Buffer Over-read |
11 |
|
CWE-822
|
Untrusted Pointer Dereference |
10 |
|
CWE-640
|
Weak Password Recovery Mechanism for Forgotten Password |
10 |
|
CWE-36
|
Absolute Path Traversal |
10 |
|
CWE-35
|
Path Traversal: '.../...//' |
10 |
|
CWE-321
|
Use of Hard-coded Cryptographic Key |
10 |
|
CWE-942
|
Permissive Cross-domain Security Policy with Untrusted Domains |
9 |
|
CWE-669
|
Incorrect Resource Transfer Between Spheres |
9 |
|
CWE-61
|
UNIX Symbolic Link (Symlink) Following |
9 |
|
CWE-497
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere |
9 |
|
CWE-409
|
Improper Handling of Highly Compressed Data (Data Amplification) |
9 |
|
CWE-305
|
Authentication Bypass by Primary Weakness |
9 |
|
CWE-95
|
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') |
8 |
|
CWE-90
|
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
8 |
|
CWE-696
|
Incorrect Behavior Order |
8 |
|
CWE-470
|
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') |
8 |
|
CWE-428
|
Unquoted Search Path or Element |
8 |
|
CWE-384
|
Session Fixation |
8 |
|
CWE-358
|
Improperly Implemented Security Check for Standard |
8 |
|
CWE-338
|
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
8 |
|
CWE-303
|
Incorrect Implementation of Authentication Algorithm |
8 |
|
CWE-281
|
Improper Preservation of Permissions |
8 |
|
CWE-150
|
Improper Neutralization of Escape, Meta, or Control Sequences |
8 |
|
CWE-1333
|
Inefficient Regular Expression Complexity |
8 |
|
CWE-755
|
Improper Handling of Exceptional Conditions |
7 |
|
CWE-506
|
Embedded Malicious Code |
7 |
|
CWE-393
|
Return of Wrong Status Code |
7 |
|
CWE-331
|
Insufficient Entropy |
7 |
|
CWE-204
|
Observable Response Discrepancy |
7 |
|
CWE-197
|
Numeric Truncation Error |
7 |
|
CWE-178
|
Improper Handling of Case Sensitivity |
7 |
|
CWE-1392
|
Use of Default Credentials |
7 |
|
CWE-1390
|
Weak Authentication |
7 |
|
CWE-1286
|
Improper Validation of Syntactic Correctness of Input |
7 |
|
CWE-824
|
Access of Uninitialized Pointer |
6 |
|
CWE-602
|
Client-Side Enforcement of Server-Side Security |
6 |
|
CWE-441
|
Unintended Proxy or Intermediary ('Confused Deputy') |
6 |
|
CWE-440
|
Expected Behavior Violation |
6 |
|
CWE-401
|
Missing Release of Memory after Effective Lifetime |
6 |
|
CWE-392
|
Missing Report of Error Condition |
6 |
|
CWE-385
|
Covert Timing Channel |
6 |
|
CWE-369
|
Divide By Zero |
6 |
|
CWE-340
|
Generation of Predictable Numbers or Identifiers |
6 |
|
CWE-328
|
Use of Weak Hash |
6 |
|
CWE-296
|
Improper Following of a Certificate's Chain of Trust |
6 |
|
CWE-271
|
Privilege Dropping / Lowering Errors |
6 |
|
CWE-242
|
Use of Inherently Dangerous Function |
6 |
|
CWE-1395
|
Dependency on Vulnerable Third-Party Component |
6 |
|
CWE-129
|
Improper Validation of Array Index |
6 |
|
CWE-1287
|
Improper Validation of Specified Type of Input |
6 |
|
CWE-1220
|
Insufficient Granularity of Access Control |
6 |
|
CWE-943
|
Improper Neutralization of Special Elements in Data Query Logic |
5 |
|
CWE-704
|
Incorrect Type Conversion or Cast |
5 |
|
CWE-610
|
Externally Controlled Reference to a Resource in Another Sphere |
5 |
|
CWE-603
|
Use of Client-Side Authentication |
5 |
|
CWE-598
|
Use of HTTP Request With Sensitive Query String |
5 |
|
CWE-294
|
Authentication Bypass by Capture-replay |
5 |
|
CWE-252
|
Unchecked Return Value |
5 |
|
CWE-158
|
Improper Neutralization of Null Byte or NUL Character |
5 |
|
CWE-1236
|
Improper Neutralization of Formula Elements in a CSV File |
5 |
|
CWE-1189
|
Improper Isolation of Shared Resources on System-on-a-Chip (SoC) |
5 |
|
CWE-940
|
Improper Verification of Source of a Communication Channel |
4 |
|
CWE-807
|
Reliance on Untrusted Inputs in a Security Decision |
4 |
|
CWE-791
|
Incomplete Filtering of Special Elements |
4 |
|
CWE-777
|
Regular Expression without Anchors |
4 |
|
CWE-772
|
Missing Release of Resource after Effective Lifetime |
4 |
|
CWE-771
|
Missing Reference to Active Allocated Resource |
4 |
|
CWE-707
|
Improper Neutralization |
4 |
|
CWE-682
|
Incorrect Calculation |
4 |
|
CWE-620
|
Unverified Password Change |
4 |
|
CWE-494
|
Download of Code Without Integrity Check |
4 |
|
CWE-459
|
Incomplete Cleanup |
4 |
|
CWE-359
|
Exposure of Private Personal Information to an Unauthorized Actor |
4 |
|
CWE-330
|
Use of Insufficiently Random Values |
4 |
|
CWE-326
|
Inadequate Encryption Strength |
4 |
|
CWE-235
|
Improper Handling of Extra Parameters |
4 |
|
CWE-203
|
Observable Discrepancy |
4 |
|
CWE-1391
|
Use of Weak Credentials |
4 |
|
CWE-99
|
Improper Control of Resource Identifiers ('Resource Injection') |
3 |
|
CWE-926
|
Improper Export of Android Application Components |
3 |
|
CWE-922
|
Insecure Storage of Sensitive Information |
3 |
|
CWE-916
|
Use of Password Hash With Insufficient Computational Effort |
3 |
|
CWE-87
|
Improper Neutralization of Alternate XSS Syntax |
3 |
|
CWE-759
|
Use of a One-Way Hash without a Salt |
3 |
|
CWE-697
|
Incorrect Comparison |
3 |
|
CWE-670
|
Always-Incorrect Control Flow Implementation |
3 |
|
CWE-626
|
Null Byte Interaction Error (Poison Null Byte) |
3 |
|
CWE-524
|
Use of Cache Containing Sensitive Information |
3 |
|
CWE-405
|
Asymmetric Resource Consumption (Amplification) |
3 |
|
CWE-364
|
Signal Handler Race Condition |
3 |
|
CWE-267
|
Privilege Defined With Unsafe Actions |
3 |
|
CWE-259
|
Use of Hard-coded Password |
3 |
|
CWE-183
|
Permissive List of Allowed Inputs |
3 |
|
CWE-15
|
External Control of System or Configuration Setting |
3 |
|
CWE-134
|
Use of Externally-Controlled Format String |
3 |
|
CWE-131
|
Incorrect Calculation of Buffer Size |
3 |
|
CWE-1289
|
Improper Validation of Unsafe Equivalence in Input |
3 |
|
CWE-1021
|
Improper Restriction of Rendered UI Layers or Frames |
3 |
|
CWE-913
|
Improper Control of Dynamically-Managed Code Resources |
2 |
|
CWE-837
|
Improper Enforcement of a Single, Unique Action |
2 |
|
CWE-823
|
Use of Out-of-range Pointer Offset |
2 |
|
CWE-779
|
Logging of Excessive Data |
2 |
|
CWE-778
|
Insufficient Logging |
2 |
|
CWE-706
|
Use of Incorrectly-Resolved Name or Reference |
2 |
|
CWE-690
|
Unchecked Return Value to NULL Pointer Dereference |
2 |
|
CWE-648
|
Incorrect Use of Privileged APIs |
2 |
|
CWE-646
|
Reliance on File Name or Extension of Externally-Supplied File |
2 |
|
CWE-643
|
Improper Neutralization of Data within XPath Expressions ('XPath Injection') |
2 |
|
CWE-606
|
Unchecked Input for Loop Condition |
2 |
|
CWE-565
|
Reliance on Cookies without Validation and Integrity Checking |
2 |
|
CWE-548
|
Exposure of Information Through Directory Listing |
2 |
|
CWE-538
|
Insertion of Sensitive Information into Externally-Accessible File or Directory |
2 |
|
CWE-521
|
Weak Password Requirements |
2 |
|
CWE-489
|
Active Debug Code |
2 |
|
CWE-488
|
Exposure of Data Element to Wrong Session |
2 |
|
CWE-472
|
External Control of Assumed-Immutable Web Parameter |
2 |
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID) |
2 |
|
CWE-457
|
Use of Uninitialized Variable |
2 |
|
CWE-420
|
Unprotected Alternate Channel |
2 |
|
CWE-390
|
Detection of Error Condition Without Action |
2 |
|
CWE-349
|
Acceptance of Extraneous Untrusted Data With Trusted Data |
2 |
|
CWE-348
|
Use of Less Trusted Source |
2 |
|
CWE-322
|
Key Exchange without Entity Authentication |
2 |
|
CWE-304
|
Missing Critical Step in Authentication |
2 |
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data |
2 |
|
CWE-283
|
Unverified Ownership |
2 |
|
CWE-277
|
Insecure Inherited Permissions |
2 |
|
CWE-256
|
Plaintext Storage of a Password |
2 |
|
CWE-253
|
Incorrect Check of Function Return Value |
2 |
|
CWE-24
|
Path Traversal: '../filedir' |
2 |
|
CWE-233
|
Improper Handling of Parameters |
2 |
|
CWE-192
|
Integer Coercion Error |
2 |
|
CWE-185
|
Incorrect Regular Expression |
2 |
|
CWE-1427
|
Improper Neutralization of Input Used for LLM Prompting |
2 |
|
CWE-1384
|
Improper Handling of Physical or Environmental Conditions |
2 |
|
CWE-138
|
Improper Neutralization of Special Elements |
2 |
|
CWE-1329
|
Reliance on Component That is Not Updateable |
2 |
|
CWE-1327
|
Binding to an Unrestricted IP Address |
2 |
|
CWE-1285
|
Improper Validation of Specified Index, Position, or Offset in Input |
2 |
|
CWE-1241
|
Use of Predictable Algorithm in Random Number Generator |
2 |
|
CWE-124
|
Buffer Underwrite ('Buffer Underflow') |
2 |
|
CWE-1233
|
Security-Sensitive Hardware Controls with Missing Lock Bit Protection |
2 |
|
CWE-939
|
Improper Authorization in Handler for Custom URL Scheme |
1 |
|
CWE-923
|
Improper Restriction of Communication Channel to Intended Endpoints |
1 |
|
CWE-912
|
Hidden Functionality |
1 |
|
CWE-839
|
Numeric Range Comparison Without Minimum Check |
1 |
|
CWE-834
|
Excessive Iteration |
1 |
|
CWE-833
|
Deadlock |
1 |
|
CWE-83
|
Improper Neutralization of Script in Attributes in a Web Page |
1 |
|
CWE-825
|
Expired Pointer Dereference |
1 |
|
CWE-820
|
Missing Synchronization |
1 |
|
CWE-805
|
Buffer Access with Incorrect Length Value |
1 |
|
CWE-799
|
Improper Control of Interaction Frequency |
1 |
|
CWE-790
|
Improper Filtering of Special Elements |
1 |
|
CWE-784
|
Reliance on Cookies without Validation and Integrity Checking in a Security Decision |
1 |
|
CWE-782
|
Exposed IOCTL with Insufficient Access Control |
1 |
|
CWE-776
|
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') |
1 |
|
CWE-763
|
Release of Invalid Pointer or Reference |
1 |
|
CWE-760
|
Use of a One-Way Hash with a Predictable Salt |
1 |
|
CWE-757
|
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') |
1 |
|
CWE-703
|
Improper Check or Handling of Exceptional Conditions |
1 |
|
CWE-684
|
Incorrect Provision of Specified Functionality |
1 |
|
CWE-681
|
Incorrect Conversion between Numeric Types |
1 |
|
CWE-680
|
Integer Overflow to Buffer Overflow |
1 |
|
CWE-676
|
Use of Potentially Dangerous Function |
1 |
|
CWE-667
|
Improper Locking |
1 |
|
CWE-665
|
Improper Initialization |
1 |
|
CWE-656
|
Reliance on Security Through Obscurity |
1 |
|
CWE-653
|
Improper Isolation or Compartmentalization |
1 |
|
CWE-650
|
Trusting HTTP Permission Methods on the Server Side |
1 |
|
CWE-647
|
Use of Non-Canonical URL Paths for Authorization Decisions |
1 |
|
CWE-644
|
Improper Neutralization of HTTP Headers for Scripting Syntax |
1 |
|
CWE-637
|
Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') |
1 |
|
CWE-614
|
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute |
1 |
|
CWE-592
|
DEPRECATED: Authentication Bypass Issues |
1 |
|
CWE-590
|
Free of Memory not on the Heap |
1 |
|
CWE-573
|
Improper Following of Specification by Caller |
1 |
|
CWE-561
|
Dead Code |
1 |
|
CWE-549
|
Missing Password Field Masking |
1 |
|
CWE-540
|
Inclusion of Sensitive Information in Source Code |
1 |
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information |
1 |
|
CWE-530
|
Exposure of Backup File to an Unauthorized Control Sphere |
1 |
|
CWE-526
|
Cleartext Storage of Sensitive Information in an Environment Variable |
1 |
|
CWE-523
|
Unprotected Transport of Credentials |
1 |
|
CWE-484
|
Omitted Break Statement in Switch |
1 |
|
CWE-479
|
Signal Handler Use of a Non-reentrant Function |
1 |
|
CWE-460
|
Improper Cleanup on Thrown Exception |
1 |
|
CWE-443
|
DEPRECATED: HTTP response splitting |
1 |
|
CWE-425
|
Direct Request ('Forced Browsing') |
1 |
|
CWE-424
|
Improper Protection of Alternate Path |
1 |
|
CWE-413
|
Improper Resource Locking |
1 |
|
CWE-410
|
Insufficient Resource Pool |
1 |
|
CWE-408
|
Incorrect Behavior Order: Early Amplification |
1 |
|
CWE-406
|
Insufficient Control of Network Message Volume (Network Amplification) |
1 |
|
CWE-379
|
Creation of Temporary File in Directory with Insecure Permissions |
1 |
|
CWE-378
|
Creation of Temporary File With Insecure Permissions |
1 |
|
CWE-357
|
Insufficient UI Warning of Dangerous Operations |
1 |
|
CWE-354
|
Improper Validation of Integrity Check Value |
1 |
|
CWE-353
|
Missing Support for Integrity Check |
1 |
|
CWE-351
|
Insufficient Type Distinction |
1 |
|
CWE-350
|
Reliance on Reverse DNS Resolution for a Security-Critical Action |
1 |
|
CWE-344
|
Use of Invariant Value in Dynamically Changing Context |
1 |
|
CWE-341
|
Predictable from Observable State |
1 |
|
CWE-334
|
Small Space of Random Values |
1 |
|
CWE-332
|
Insufficient Entropy in PRNG |
1 |
|
CWE-329
|
Generation of Predictable IV with CBC Mode |
1 |
|
CWE-323
|
Reusing a Nonce, Key Pair in Encryption |
1 |
|
CWE-316
|
Cleartext Storage of Sensitive Information in Memory |
1 |
|
CWE-313
|
Cleartext Storage in a File or on Disk |
1 |
|
CWE-29
|
Path Traversal: '\..\filename' |
1 |
|
CWE-289
|
Authentication Bypass by Alternate Name |
1 |
|
CWE-282
|
Improper Ownership Management |
1 |
|
CWE-274
|
Improper Handling of Insufficient Privileges |
1 |
|
CWE-273
|
Improper Check for Dropped Privileges |
1 |
|
CWE-272
|
Least Privilege Violation |
1 |
|
CWE-270
|
Privilege Context Switching Error |
1 |
|
CWE-261
|
Weak Encoding for Password |
1 |
|
CWE-26
|
Path Traversal: '/dir/../filename' |
1 |
|
CWE-228
|
Improper Handling of Syntactically Invalid Structure |
1 |
|
CWE-202
|
Exposure of Sensitive Information Through Data Queries |
1 |
|
CWE-195
|
Signed to Unsigned Conversion Error |
1 |
|
CWE-187
|
Partial String Comparison |
1 |
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize |
1 |
|
CWE-176
|
Improper Handling of Unicode Encoding |
1 |
|
CWE-172
|
Encoding Error |
1 |
|
CWE-166
|
Improper Handling of Missing Special Element |
1 |
|
CWE-1423
|
Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution |
1 |
|
CWE-1393
|
Use of Default Password |
1 |
|
CWE-1386
|
Insecure Operation on Windows Junction / Mount Point |
1 |
|
CWE-1385
|
Missing Origin Validation in WebSockets |
1 |
|
CWE-1325
|
Improperly Controlled Sequential Memory Allocation |
1 |
|
CWE-1322
|
Use of Blocking Code in Single-threaded, Non-blocking Context |
1 |
|
CWE-1304
|
Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation |
1 |
|
CWE-1300
|
Improper Protection of Physical Side Channels |
1 |
|
CWE-1288
|
Improper Validation of Consistency within Input |
1 |
|
CWE-1280
|
Access Control Check Implemented After Asset is Accessed |
1 |
|
CWE-1274
|
Improper Access Control for Volatile Memory Containing Boot Code |
1 |
|
CWE-1263
|
Improper Physical Access Control |
1 |
|
CWE-1240
|
Use of a Cryptographic Primitive with a Risky Implementation |
1 |
|
CWE-1230
|
Exposure of Sensitive Information Through Metadata |
1 |
|
CWE-1104
|
Use of Unmaintained Third Party Components |
1 |
|
CWE-1072
|
Data Resource Access without Use of Connection Pooling |
1 |
|
CWE-1068
|
Inconsistency Between Implementation and Documented Design |
1 |
|
CWE-1066
|
Missing Serialization Control Element |
1 |
|
CWE-1004
|
Sensitive Cookie Without 'HttpOnly' Flag |
1 |