Information Exposure Through Log Files
| |
Cross-site Scripting (XSS)
| |
Cross-site Scripting (XSS)
| |
Cross-site Scripting (XSS)
| |
Information Exposure
| |
Missing Authorization
| |
Information Exposure Through Log Files
| |
Information Exposure
| |
SQL Injection
| |
Information Exposure
| |
Deserialization of Untrusted Data
| |
Cross-site Scripting (XSS)
| |
Cross-site Scripting (XSS)
| |
XML External Entity (XXE) Injection
| |
Information Exposure
| |
Improper Input Validation
| |
Use of a Broken or Risky Cryptographic Algorithm
| |
Cross-site Scripting (XSS)
| |
Improper Access Control
| |
Missing Required Cryptographic Step
| |
Missing Required Cryptographic Step
| |
Information Exposure
| |
Covert Timing Channel
| |
Incorrect Calculation
| |
Missing Required Cryptographic Step
| |
Missing Required Cryptographic Step
| |
Missing Required Cryptographic Step
| |
Information Exposure
| |
Directory Traversal
| |
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
| |
Improper Certificate Validation
| |
Cross-site Scripting (XSS)
| |
SQL Injection
| |
Cleartext Storage of Sensitive Information
| |
Insufficient Verification of Data Authenticity
| |
Deserialization of Untrusted Data
| |
Improper Input Validation
| |
Insecure Temporary File
| |
Insufficiently Protected Credentials
| |
Cross-site Scripting (XSS)
| |
Cross-site Scripting (XSS)
| |
Cross-site Scripting (XSS)
| |
Improper Authorization
| |
Improper Authorization
| |
Cross-site Scripting (XSS)
| |
Information Exposure Through Log Files
| |
Information Exposure
| |
Improper Access Control
| |
Use of Insufficiently Random Values
| |
Incorrect Permission Assignment for Critical Resource
| |
Improper Input Validation
| |
Improper Access Control
| |
Cross-site Scripting (XSS)
| |
Improper Input Validation
| |
Incorrect Permission Assignment for Critical Resource
| |
Race Condition
| |
Insecure Temporary File
| |
Incorrect Permission Assignment for Critical Resource
| |
Cross-site Scripting (XSS)
| |
Cleartext Transmission of Sensitive Information
| |
Incorrect Permission Assignment for Critical Resource
| |
Cleartext Storage of Sensitive Information
| |
Improper Authentication
| |
Information Exposure
| |
Improper Authorization
| |
Cleartext Transmission of Sensitive Information
| |
Improper Certificate Validation
| |
Insufficiently Protected Credentials
| |
Improper Input Validation
| |
Improper Input Validation
| |
Cross-site Scripting (XSS)
| |
Improper Authentication
| |
Cross-site Scripting (XSS)
| |
Information Exposure
| |
Information Exposure
| |
Incorrect Default Permissions
| |
SQL Injection
| |
Improperly Implemented Security Check for Standard
| |
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
| |
Missing Authorization
| |
Information Exposure
| |
Improper Validation of Certificate with Host Mismatch
| |
Execution with Unnecessary Privileges
| |
HTTP Request Smuggling
| |
Resource Exhaustion
| |
Out-of-Bounds
| |
Information Exposure
| |
Cross-site Request Forgery (CSRF)
| |
Cross-site Scripting (XSS)
| |
Cross-site Request Forgery (CSRF)
| |
Improper Input Validation
| |
Cross-site Scripting (XSS)
| |
Improper Input Validation
| |
Improper Input Validation
| |
Eval Injection
| |
Directory Traversal
| |
HTTP Response Splitting
| |
Incomplete Blacklist
| |
Reliance on Untrusted Inputs in a Security Decision
| |
Integer Overflow or Wraparound
| |
HTTP Response Splitting
| |
CVE-2018-3258
| |
Covert Timing Channel
| |
Covert Timing Channel
| |
Arbitrary Argument Injection
| |
Out-of-Bounds
| |
Improper Neutralization of Special Elements
| |
Deserialization of Untrusted Data
| |
CVE-2016-6346
| |
Deserialization of Untrusted Data
| |
Deserialization of Untrusted Data
| |
Deserialization of Untrusted Data
| |
Deserialization of Untrusted Data
| |
Improper Neutralization of Special Elements
| |
Information Exposure
| |
Deserialization of Untrusted Data
| |
Deserialization of Untrusted Data
| |
Deserialization of Untrusted Data
| |
Deserialization of Untrusted Data
| |
Deserialization of Untrusted Data
| |
Deserialization of Untrusted Data
| |
Use After Free
| |
Deserialization of Untrusted Data
| |