Weaknesses
& where it hurts most.
& where it hurts most.
CWEs (Common Weakness Enumerations) are standardized identifiers for software weaknesses that can be exploited by attackers to compromise systems, leak sensitive data, or cause other security issues.
This vulnerability arises when an application fails to properly sanitize user-supplied input, allowing attackers to inject malicious scripts that execute in other users' browsers, potentially stealing data or hijacking sessions.
This vulnerability occurs when untrusted input is incorporated directly into SQL queries without proper sanitization, enabling attackers to manipulate database commands to extract, modify, or delete data.
This vulnerability happens when an application builds system command strings using unsanitized user input, which allows an attacker to execute arbitrary commands on the underlying operating system.
This weakness occurs when an application fails to validate or sanitize incoming data, permitting malformed or malicious input to trigger unintended behavior or security breaches.
This vulnerability arises when an application inadvertently discloses sensitive information to unauthorized users due to inadequate data protection or improper handling of outputs.
This vulnerability occurs when an application does not properly sanitize file path inputs, allowing attackers to manipulate paths and access files or directories outside the permitted directory structure.
This vulnerability exploits a user's authenticated session by tricking their browser into sending unintended requests to a web application, as the application fails to verify that the request is genuine.
This vulnerability occurs when an application does not adequately validate or restrict the types of files that can be uploaded, enabling attackers to upload and execute malicious files on the server.
This vulnerability occurs when an application constructs code or command sequences from untrusted input without proper sanitization, allowing an attacker to inject and execute arbitrary code that can compromise the system.
This vulnerability happens when an application deserializes data from an untrusted source, allowing attackers to manipulate the deserialization process to execute arbitrary code or cause other harmful behaviors.
This vulnerability arises when an XML parser is configured to process external entity references, enabling attackers to access local files or services, or to cause denial-of-service conditions.
This vulnerability occurs when a system fails to properly verify the identity of a user, allowing attackers to bypass authentication mechanisms and gain unauthorized access.
This vulnerability occurs when an application does not enforce proper access controls on sensitive functions or data, enabling unauthorized users to perform actions or access information they should not.
This weakness arises when sensitive credentials, such as passwords or cryptographic keys, are embedded directly in the source code, making them easily accessible to attackers.
This vulnerability occurs when an application assigns excessive or incorrect privileges to users or processes, increasing the risk that an attacker can misuse these permissions for unauthorized actions.
This vulnerability arises when critical system resources are granted overly permissive access rights, which can allow attackers to access or modify them without proper authorization.
This weakness occurs when an application implements access control mechanisms incorrectly, potentially allowing unauthorized users to gain elevated privileges or access sensitive data.
This vulnerability occurs when a system makes critical security decisions based on data that an attacker can manipulate, thereby undermining the integrity of its security measures.
This vulnerability occurs when an application fails to correctly validate digital certificates during secure communications, leaving it open to man-in-the-middle attacks.
This weakness encompasses various flaws in cryptographic implementations, such as using weak algorithms or poor key management practices, which can compromise data confidentiality and integrity.
This vulnerability occurs when an application uses encryption methods that are too weak or misconfigured, making it easier for attackers to decrypt sensitive information.
This vulnerability happens when an application does not properly limit resource usage, allowing attackers to exhaust system resources such as memory or CPU, which may lead to a denial of service.
This vulnerability arises when a loop is constructed without a valid termination condition, potentially causing the application to become unresponsive and leading to resource exhaustion.
This vulnerability occurs when an application continues to use memory after it has been freed, which can lead to unpredictable behavior, crashes, or even arbitrary code execution by attackers.
This vulnerability happens when an application attempts to access or dereference a null pointer, resulting in crashes or erratic behavior that can be exploited to disrupt service.
This vulnerability occurs when an application attempts to free the same block of memory more than once, potentially corrupting memory and enabling attackers to execute arbitrary code.
This vulnerability happens when an application writes data beyond the boundaries of a fixed-size buffer, overwriting adjacent memory and possibly enabling arbitrary code execution.
This vulnerability occurs when arithmetic operations exceed the maximum value an integer can store, causing the value to wrap around unexpectedly and potentially leading to buffer overflows or logic errors.
This vulnerability arises when an application reads data beyond the boundaries of allocated memory, potentially exposing sensitive information or causing application instability.
This vulnerability occurs when files or directories containing sensitive information are not properly secured, allowing unauthorized users to access or manipulate them.
This vulnerability happens when an application fails to release memory that is no longer needed, gradually consuming system resources and potentially leading to degraded performance or crashes.
This vulnerability occurs when an application does not properly close or release resources such as files, network connections, or memory, which can lead to resource exhaustion or corruption over time.
This vulnerability arises when an application incorrectly converts values between numeric types, potentially resulting in loss of precision, unexpected behavior, or security vulnerabilities.
This vulnerability occurs when an application's password recovery process is inadequately secured, making it easier for attackers to bypass authentication and gain unauthorized access.
This vulnerability happens when multiple processes or threads access shared resources without proper synchronization, creating a race condition that attackers can exploit to alter program behavior or access sensitive data.
This vulnerability occurs when an application employs functions known to be insecure or risky, increasing the likelihood that an attacker can exploit them to execute arbitrary actions or compromise the system.
This vulnerability arises when security controls or protective mechanisms fail to operate as intended, thereby allowing attackers to bypass defenses and gain unauthorized access to the system.
This vulnerability occurs when an application stores sensitive data without adequate protection—such as encryption or strict access controls—making it accessible to attackers if the storage is compromised.
This vulnerability arises when a critical or dangerous function is made accessible in an insecure manner, allowing attackers to invoke it directly and potentially compromise system integrity.
This vulnerability occurs when there is a time gap between checking a condition and using the result, allowing an attacker to alter the system state in the interim and exploit the resulting race condition.
This vulnerability happens when an attacker manipulates the prototype objects in JavaScript on the client side, altering the behavior of web applications and potentially enabling further exploitation.
This vulnerability occurs when an application accepts untrusted input to redirect users to different URLs, potentially sending them to malicious sites designed for phishing or malware distribution.
This vulnerability arises when an application fails to enforce authentication for functions or resources that require protection, allowing unauthorized users to access or manipulate sensitive operations.
This vulnerability occurs when an attacker forces a server to make HTTP requests to unintended locations, potentially accessing internal systems or sensitive resources that should remain isolated.
This vulnerability happens when an application downloads code or updates without verifying its integrity, allowing attackers to supply malicious code that, once executed, can compromise the system.
This vulnerability occurs when an application fails to log critical events or monitor system activities adequately, hindering the detection and analysis of security incidents.
This vulnerability occurs when an application writes more data to a fixed-size buffer than it can accommodate, overwriting adjacent memory and potentially enabling an attacker to execute arbitrary code.
This vulnerability arises when cookies that contain sensitive information are transmitted without the 'Secure' attribute, exposing them to interception over unencrypted connections.
This vulnerability occurs when sensitive data is stored or transmitted without proper encryption, leaving it vulnerable to unauthorized access or tampering.
This vulnerability arises when an application fails to correctly encode or escape output data, allowing untrusted input to be rendered directly in a browser and potentially leading to injection attacks such as XSS.