Tag: top25-cwes
An integer overflow might cause security issues when it is used for resource management or execution control.
The use of untrusted inputs in a SQL database query can enable attackers to read, modify, or delete sensitive data in the database.
Improper input validation can enable attacks and lead to unwanted behavior.
Weak obfuscation of web requests makes your application vulnerable.
The software allows user input to control or influence paths or file names that are used in file system operations.
Objects that parse or handle XML can lead to XML external entity (XXE) attacks when they are misconfigured.
Insufficient sanitization of potentially untrusted URLs on the server side can allow server requests to unwanted destinations.
Allocated resources are not released properly.
Insecure configuration can lead to a cross-site request forgery (CRSF) vulnerability.
Deserialization of untrusted objects can lead to security vulnerabilities such as, inadvertently running remote code.
Scripts generated from unsanitized inputs can lead to malicious behavior and inadvertently running code remotely.
Exposure of sensitive information can lead to an unauthorized actor having access to the information.
Weak file permissions can lead to privilege escalation.
Constructing operating system or shell commands with unsanitized user input can lead to inadvertently running malicious code.
User input can be vulnerable to injection attacks.
Creating file paths from untrusted input might give a malicious actor access to sensitive files.
Relying on potentially untrusted user inputs when constructing web application outputs can lead to cross-site scripting vulnerabilities.
User-controlled input that specifies a link to an external site could lead to phishing attacks and allow user credentials to be stolen.