| Improper Validation of Integrity Check Value | |
| Plaintext Storage of a Password | |
| Improper Output Neutralization for Logs | |
| Improper Output Neutralization for Logs | |
| Improper Access Control | |
| Protection Mechanism Failure | |
| Protection Mechanism Failure | |
| Stack-based Buffer Overflow | |
| Stack-based Buffer Overflow | |
| Cross-site Scripting (XSS) | |
| Directory Traversal | |
| Improper Input Validation | |
| Trust Boundary Violation | |
| Directory Traversal | |
| Arbitrary Argument Injection | |
| Stack-based Buffer Overflow | |
| Insufficient Entropy | |
| Allocation of Resources Without Limits or Throttling | |
| Allocation of Resources Without Limits or Throttling | |
| CVE-2023-40339 | |
| CVE-2023-40339 | |
| Information Exposure | |
| Information Exposure | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Request Forgery (CSRF) | |
| Open Redirect | |
| Open Redirect | |
| Session Fixation | |
| Session Fixation | |
| Improper Certificate Validation | |
| Improper Certificate Validation | |
| Missing Authorization | |
| Missing Authorization | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| CVE-2023-32261 | |
| CVE-2023-32261 | |
| Incorrect Permission Assignment for Critical Resource | |
| Incorrect Permission Assignment for Critical Resource | |
| CVE-2023-32262 | |
| CVE-2023-32262 | |
| Missing Authorization | |
| Missing Authorization | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Request Forgery (CSRF) | |
| Files or Directories Accessible to External Parties | |
| Out-of-bounds Write | |
| Out-of-bounds Write | |
| Cross-site Scripting (XSS) | |
| Uncontrolled Recursion | |
| Resource Exhaustion | |
| Resource Exhaustion | |
| Uncontrolled Recursion | |
| Uncontrolled Recursion | |
| Resource Exhaustion | |
| Information Exposure | |
| Incorrect Regular Expression | |
| Arbitrary Code Injection | |
| Arbitrary Code Injection | |
| Authentication Bypass by Primary Weakness | |
| Incomplete Blacklist | |
| Cross-site Request Forgery (CSRF) | |
| Improper Input Validation | |
| Cross-site Request Forgery (CSRF) | |
| Improper Authentication | |
| Cross-site Scripting (XSS) | |
| Improper Authentication | |
| Improper Authorization | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Scripting (XSS) | |
| Directory Traversal | |
| Deserialization of Untrusted Data | |
| Incorrect Type Conversion or Cast | |
| Cross-site Request Forgery (CSRF) | |
| Information Exposure | |
| Session Fixation | |
| Improper Input Validation | |
| Resource Exhaustion | |
| Static Code Injection | |
| Incorrect Type Conversion or Cast | |
| Information Exposure | |
| Static Code Injection | |
| Cross-site Scripting (XSS) | |
| Improper Input Validation | |
| Improper Input Validation | |
| Improper Input Validation | |
| Improper Input Validation | |
| Improper Input Validation | |
| Static Code Injection | |
| Static Code Injection | |
| Static Code Injection | |
| Static Code Injection | |
| Static Code Injection | |
| Static Code Injection | |
| Static Code Injection | |
| Static Code Injection | |
| Static Code Injection | |
| Static Code Injection | |
| Static Code Injection | |
| Static Code Injection | |
| Static Code Injection | |
| Static Code Injection | |
| Static Code Injection | |
| Static Code Injection | |
| Improper Authentication | |
| Static Code Injection | |
| Static Code Injection | |
| Session Fixation | |
| Session Fixation | |
| Improper Input Validation | |
| Cross-site Scripting (XSS) | |
| Static Code Injection | |
| Static Code Injection | |
| Improper Authentication | |
| Improper Input Validation | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Scripting (XSS) | |
| Directory Traversal | |
| Directory Traversal | |
| Cross-site Scripting (XSS) | |
| Reversible One-Way Hash | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Improper Input Validation | |
| Protection Mechanism Failure | |
| Information Exposure | |
| Information Exposure | |
| Inappropriate Encoding for Output Context | |
| Cross-site Scripting (XSS) | |
| Protection Mechanism Failure | |
| Protection Mechanism Failure | |
| Protection Mechanism Failure | |
| Protection Mechanism Failure | |
| Inappropriate Encoding for Output Context | |
| Insufficiently Protected Credentials | |
| Insufficiently Protected Credentials | |
| Protection Mechanism Failure | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Request Forgery (CSRF) | |
| Missing Authorization | |
| Missing Authorization | |
| Missing Authorization | |
| Missing Authorization | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Request Forgery (CSRF) | |
| Directory Traversal | |
| Directory Traversal | |
| Information Exposure | |
| Information Exposure | |
| Information Exposure | |
| Information Exposure | |
| Key Exchange without Entity Authentication | |
| Key Exchange without Entity Authentication | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Interaction Error | |
| Interaction Error | |
| Files or Directories Accessible to External Parties | |
| Files or Directories Accessible to External Parties | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Request Forgery (CSRF) | |
| Files or Directories Accessible to External Parties | |
| Files or Directories Accessible to External Parties | |
| Cross-site Scripting (XSS) | |
| Link Following | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Request Forgery (CSRF) | |
| Incorrect Behavior Order: Early Validation | |
| Incorrect Behavior Order: Early Validation | |
| Race Condition | |
| Race Condition | |
| Link Following | |
| Link Following | |
| Incorrect Behavior Order: Early Validation | |
| OS Command Injection | |
| Information Exposure | |
| Insufficiently Protected Credentials | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Scripting (XSS) | |
| Missing Authorization | |
| Missing Authorization | |
| Link Following | |
| Incorrect Permission Assignment for Critical Resource | |
| Incorrect Permission Assignment for Critical Resource | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Information Exposure | |
| Information Exposure | |
| Insufficiently Protected Credentials | |
| Insufficiently Protected Credentials | |
| OS Command Injection | |
| OS Command Injection | |
| OS Command Injection | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Request Forgery (CSRF) | |
| Missing Authorization | |
| Missing Authorization | |
| Deserialization of Untrusted Data | |
| Cross-site Request Forgery (CSRF) | |
| Directory Traversal | |
| Directory Traversal | |
| Directory Traversal | |
| Information Exposure | |
| Improper Verification of Cryptographic Signature | |
| Improper Verification of Cryptographic Signature | |
| Incorrect Default Permissions | |
| Link Following | |
| Incorrect Default Permissions | |
| Link Following | |
| Directory Traversal | |
| Incorrect Authorization | |
| Incorrect Default Permissions | |
| Directory Traversal | |
| Cross-site Scripting (XSS) | |
| Improper Preservation of Permissions | |
| Incorrect Default Permissions | |
| Improper Preservation of Permissions | |
| Improper Preservation of Permissions | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Request Forgery (CSRF) | |
| Improper Input Validation | |
| Improper Check for Dropped Privileges | |
| Link Following | |
| Cross-site Scripting (XSS) | |
| Incorrect Authorization | |
| Cross-site Scripting (XSS) | |
| XML External Entity (XXE) Injection | |
| XML External Entity (XXE) Injection | |
| Allocation of Resources Without Limits or Throttling | |
| Improper Input Validation | |
| Improper Preservation of Permissions | |
| Improper Preservation of Permissions | |
| Cross-site Scripting (XSS) | |
| Deserialization of Untrusted Data | |
| Cross-site Scripting (XSS) | |
| Link Following | |
| Cross-site Scripting (XSS) | |
| Missing Authorization | |
| Missing Authorization | |
| Missing Authorization | |
| Improper Validation of Certificate with Host Mismatch | |
| Improper Authorization | |
| Missing Authorization | |
| Missing Authorization | |
| Missing Authorization | |
| Information Exposure | |
| Information Exposure | |
| Information Exposure | |
| Missing Authorization | |
| Missing Authorization | |
| Missing Authorization | |
| Missing Authorization | |
| Directory Traversal | |
| Covert Timing Channel | |
| Resource Exhaustion | |
| Resource Exhaustion | |
| Static Code Injection | |
| Static Code Injection | |
| Insufficiently Protected Credentials | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Insufficiently Protected Credentials | |
| Insufficiently Protected Credentials | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Request Forgery (CSRF) | |
| Deserialization of Untrusted Data | |
| Improper Access Control | |
| Improper Access Control | |
| Improper Input Validation | |
| Improper Input Validation | |
| Incorrect Type Conversion or Cast | |
| Incorrect Type Conversion or Cast | |
| Directory Traversal | |
| Deserialization of Untrusted Data | |
| CVE-2022-33980 | |
| CVE-2022-33980 | |
| API Abuse | |
| Information Exposure | |
| Information Exposure | |
| Covert Timing Channel | |
| Covert Timing Channel | |
| Insufficient Control of Network Message Volume (Network Amplification) | |
| Authentication Bypass by Primary Weakness | |
| OS Command Injection | |
| OS Command Injection | |
| OS Command Injection | |
| OS Command Injection | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Improper Input Validation | |
| Improper Input Validation | |
| Improper Input Validation | |
| Arbitrary Code Injection | |
| Arbitrary Code Injection | |
| Arbitrary Code Injection | |
| Arbitrary Code Injection | |
| Arbitrary Code Injection | |
| Arbitrary Code Injection | |
| Arbitrary Code Injection | |
| Arbitrary Code Injection | |
| Arbitrary Code Injection | |
| Arbitrary Code Injection | |
| Arbitrary Code Injection | |
| Arbitrary Code Injection | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Arbitrary Code Injection | |
| XML External Entity (XXE) Injection | |
| XML External Entity (XXE) Injection | |
| Incomplete Blacklist | |
| Incomplete Blacklist | |
| Incomplete Blacklist | |
| Insufficiently Protected Credentials | |
| Insufficiently Protected Credentials | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Truncation of Security-relevant Information | |
| Truncation of Security-relevant Information | |
| Truncation of Security-relevant Information | |
| Truncation of Security-relevant Information | |
| Information Exposure | |
| Information Exposure | |
| Information Exposure | |
| Information Exposure | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| XML External Entity (XXE) Injection | |
| XML External Entity (XXE) Injection | |
| XML External Entity (XXE) Injection | |
| XML External Entity (XXE) Injection | |
| XML External Entity (XXE) Injection | |
| XML External Entity (XXE) Injection | |
| XML External Entity (XXE) Injection | |
| XML External Entity (XXE) Injection | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Arbitrary Code Injection | |
| Arbitrary Code Injection | |
| Arbitrary Code Injection | |
| Incorrect Authorization | |
| Incorrect Authorization | |
| Incorrect Authorization | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Improper Input Validation | |
| Improper Input Validation | |
| Improper Input Validation | |
| Improper Input Validation | |
| Improper Input Validation | |
| Improper Input Validation | |
| Arbitrary Code Injection | |
| Arbitrary Code Injection | |
| Arbitrary Code Injection | |
| Improper Input Validation | |
| Improper Certificate Validation | |
| Improper Certificate Validation | |
| Out-of-bounds Write | |
| Out-of-bounds Write | |
| Out-of-bounds Write | |
| Out-of-bounds Write | |
| Improper Input Validation | |
| Stack-based Buffer Overflow | |
| Stack-based Buffer Overflow | |
| Resource Exhaustion | |
| Resource Exhaustion | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Deserialization of Untrusted Data | |
| Resource Exhaustion | |
| Missing Release of Resource after Effective Lifetime | |
| Resource Exhaustion | |
| Out-of-bounds Read | |
| Resource Exhaustion | |
| Out-of-bounds Read | |
| Heap-based Buffer Overflow | |
| Improper Certificate Validation | |
| HTTP Response Splitting | |
| Insecure Temporary File | |
| Cross-site Scripting (XSS) | |
| Information Exposure | |
| Resource Exhaustion | |
| Resource Exhaustion | |
| Sensitive Information Uncleared Before Release | |
| Sensitive Information Uncleared Before Release | |
| Insecure Temporary File | |
| Insecure Temporary File | |
| Insecure Temporary File | |
| Out-of-Bounds | |
