| 1 |
CWE-787: Out-of-bounds Write
|
This occurs when data is written past the end or before the beginning of the intended buffer, potentially leading to memory corruption or arbitrary code execution. |
| 2 |
CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
|
This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, leading to session hijacking, defacement, or data theft. |
| 3 |
CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
|
This occurs when untrusted input is included in SQL queries without proper sanitization, allowing attackers to manipulate or extract database data. |
| 4 |
CWE-416: Use After Free
|
This occurs when a program continues to use a pointer after the memory it references has been freed, potentially leading to crashes or code execution. |
| 5 |
CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
|
This allows attackers to execute arbitrary operating system commands by injecting malicious input into a command string. |
| 6 |
CWE-20: Improper Input Validation
|
This occurs when input data is not properly validated, allowing attackers to submit malicious input that can disrupt the application or exploit other vulnerabilities. |
| 7 |
CWE-125: Out-of-bounds Read
|
This occurs when data is read from memory outside the bounds of the intended buffer, potentially leading to information disclosure or crashes. |
| 8 |
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
|
This allows attackers to access files or directories outside the intended directory, potentially leading to unauthorized data access or system compromise. |
| 9 |
CWE-352: Cross-Site Request Forgery (CSRF)
|
This occurs when an attacker forces a user to execute unwanted actions on a web application in which they are authenticated. |
| 10 |
CWE-434: Unrestricted Upload of File with Dangerous Type
|
This allows attackers to upload malicious files to a server, potentially leading to code execution or system compromise. |
| 11 |
CWE-862: Missing Authorization
|
This occurs when an application does not properly enforce access controls, allowing unauthorized users to perform privileged actions. |
| 12 |
CWE-476: NULL Pointer Dereference
|
This occurs when a program dereferences a pointer that is expected to be valid but is actually NULL, leading to crashes or undefined behavior. |
| 13 |
CWE-287: Improper Authentication
|
This occurs when authentication mechanisms are weak or improperly implemented, allowing attackers to bypass authentication or impersonate users. |
