CWE-96 – Improper Neutralization of Directives in Statically Saved Code (‘Static Code Injection’)
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an...
CWE-95 – Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a...
CWE-943 – Improper Neutralization of Special Elements in Data Query Logic
Description The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize...
CWE-942 – Permissive Cross-domain Policy with Untrusted Domains
Description The software uses a cross-domain policy file that includes domains that should not be trusted. Modes of Introduction: - Implementation Likelihood of Exploit: ...
CWE-941 – Incorrectly Specified Destination in a Communication Channel
Description The software creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for...
CWE-940 – Improper Verification of Source of a Communication Channel
Description The software establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify...
CWE-94 – Improper Control of Generation of Code (‘Code Injection’)
Description The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly...
CWE-939 – Improper Authorization in Handler for Custom URL Scheme
Description The software uses a handler for a custom URL scheme, but it does not properly restrict which actors can invoke the handler using the...
CWE-93 – Improper Neutralization of CRLF Sequences (‘CRLF Injection’)
Description The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or...
CWE-927 – Use of Implicit Intent for Sensitive Communication
Description The Android application uses an implicit intent for transmitting sensitive data to other applications. Modes of Introduction: - Architecture and Design Likelihood of Exploit:...