CWE-820 – Missing Synchronization
Description The software utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource. If access to a...
CWE-82 – Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
Description The web application does not neutralize or incorrectly neutralizes scripting elements within attributes of HTML IMG tags, such as the src attribute. Attackers can...
CWE-807 – Reliance on Untrusted Inputs in a Security Decision
Description The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an...
CWE-806 – Buffer Access Using Size of Source Buffer
Description The software uses the size of a source buffer when reading from or writing to a destination buffer, which may cause it to access...
CWE-805 – Buffer Access with Incorrect Length Value
Description The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access...
CWE-804 – Guessable CAPTCHA
Description The software uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor. Modes of Introduction: - Architecture...
CWE-80 – Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "", and "&" that...
CWE-8 – J2EE Misconfiguration: Entity Bean Declared Remote
Description When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean's data. These...
CWE-799 – Improper Control of Interaction Frequency
Description The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming...