CWE-784 – Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Description The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the...
CWE-785 – Use of Path Manipulation Function without Maximum-sized Buffer
Description The software invokes a function for normalizing paths or file names, but it provides an output buffer that is smaller than the maximum possible...
CWE-732 – Incorrect Permission Assignment for Critical Resource
Description The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. When...
CWE-733 – Compiler Optimization Removal or Modification of Security-critical Code
Description The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified....
CWE-74 – Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
Description The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not...
CWE-749 – Exposed Dangerous Method or Function
Description The software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or...
CWE-75 – Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Description The software does not adequately filter user-controlled input for special elements with control implications. Modes of Introduction: - Architecture and Design Likelihood of Exploit:...
CWE-754 – Improper Check for Unusual or Exceptional Conditions
Description The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day...
CWE-755 – Improper Handling of Exceptional Conditions
Description The software does not handle or incorrectly handles an exceptional condition. Modes of Introduction: - Implementation Likelihood of Exploit: Medium Related Weaknesses CWE-703...
CWE-756 – Missing Custom Error Page
Description The software does not return custom error pages to the user, possibly exposing sensitive information. Modes of Introduction: Likelihood of Exploit: Related Weaknesses...