CWE-918 – Server-Side Request Forgery (SSRF)
Description The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not...
CWE-92 – DEPRECATED: Improper Sanitization of Custom Special Characters
Description This entry has been deprecated. It originally came from PLOVER, which sometimes defined "other" and "miscellaneous" categories in order to satisfy exhaustiveness requirements for...
CWE-920 – Improper Restriction of Power Consumption
Description The software operates in an environment in which power is a limited resource that cannot be automatically replenished, but the software does not properly...
CWE-921 – Storage of Sensitive Data in a Mechanism without Access Control
Description The software stores sensitive information in a file system or device that does not have built-in access control. Modes of Introduction: - Architecture and...
CWE-922 – Insecure Storage of Sensitive Information
Description The software stores sensitive information without properly limiting read or write access by unauthorized actors. If read access is not properly restricted, then attackers...
CWE-923 – Improper Restriction of Communication Channel to Intended Endpoints
Description The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it...
CWE-925 – Improper Verification of Intent by Broadcast Receiver
Description The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source....
CWE-926 – Improper Export of Android Application Components
Description The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access...
CWE-927 – Use of Implicit Intent for Sensitive Communication
Description The Android application uses an implicit intent for transmitting sensitive data to other applications. Modes of Introduction: - Architecture and Design Likelihood of Exploit:...