CWE-807 – Reliance on Untrusted Inputs in a Security Decision
Description The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an...
CWE-806 – Buffer Access Using Size of Source Buffer
Description The software uses the size of a source buffer when reading from or writing to a destination buffer, which may cause it to access...
CWE-805 – Buffer Access with Incorrect Length Value
Description The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access...
CWE-804 – Guessable CAPTCHA
Description The software uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor. Modes of Introduction: - Architecture...
CWE-80 – Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "", and "&" that...
CWE-8 – J2EE Misconfiguration: Entity Bean Declared Remote
Description When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean's data. These...
CWE-799 – Improper Control of Interaction Frequency
Description The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming...
CWE-798 – Use of Hard-coded Credentials
Description The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external...
CWE-797 – Only Filtering Special Elements at an Absolute Position
Description The software receives data from an upstream component, but only accounts for special elements at an absolute position (e.g. "byte number 10"), thereby missing...
CWE-796 – Only Filtering Special Elements Relative to a Marker
Description The software receives data from an upstream component, but only accounts for special elements positioned relative to a marker (e.g. "at the beginning/end of...