Tag: top25-cwes
OS command injection from untrusted input
XSS from untrusted input in web outputs
Insecure validation and lack of restrictions enable cross-site request forgery
Unsynchronized concurrent access to shared data
Improper Neutralization of Special Elements used in an SQL Command
User input used unsanitized in outbound requests
Integer overflow from improper input validation in conversions
Dereferencing a nil pointer can lead to unexpected nil pointer exceptions.
XXE vulnerability from XML
Overly permissive file permissions
Code injection from untrusted input
Improper authentication from insufficient identity verification
Identified the presence of stack traces within HTTP response, posing a potential security risk if deployed in a user-facing manner in a production environment.