Tag: top25-cwes

Os Command Injection

OS command injection from untrusted input

Cross Site Scripting (XSS)

XSS from untrusted input in web outputs

Cross-Site Request Forgery (CSRF)

Insecure validation and lack of restrictions enable cross-site request forgery

Thread Safety Violation

Unsynchronized concurrent access to shared data

SQL Injection

Improper Neutralization of Special Elements used in an SQL Command

Server Side Request Forgery (SSRF)

User input used unsanitized in outbound requests

Integer Overflow

Integer overflow from improper input validation in conversions

Nil Pointer Dereference

Dereferencing a nil pointer can lead to unexpected nil pointer exceptions.

XML External Entity

XXE vulnerability from XML

Insecure File Permissions

Overly permissive file permissions

Code Injection

Code injection from untrusted input

Improper authentication

Improper authentication from insufficient identity verification

Write Pprof Profile Output

Identified the presence of stack traces within HTTP response, posing a potential security risk if deployed in a user-facing manner in a production environment.