Knowledge Base - Issues
Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.Cross Site Scripting (DOM-Based) is a type of client side vulnerability that is listed in the CWE Top 25 (2022) and is classified as CWE-79. It is a type of injection attack that allows an attacker to execute malicious JavaScript on a web page or in an API. The attacker...
Cross-Site Request Forgery (CSRF) is an attack vector that exploits the trust a website has for a user. It is a type of attack classified as a client-side attack, where an attacker can send malicious requests in the name of the target user without their knowledge. According to Common Weakness...
File path traversal is a type of input validation vulnerability that is categorized under the CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) in the CWE Top 25 (2022). This vulnerability occurs when an application receives input from an external source, such as a user, and does not...
Improper Authentication is a vulnerability category in the CWE Top 25 (2022) and is defined as "failure to properly authenticate users, resulting in the ability to access unauthorized resources" (CWE, n.d.). This vulnerability typically occurs in web and API applications. According to the OWASP Testing Guide, there are two main...
Improper Control of Generation of Code (CWE-20) is a type of input validation vulnerability that occurs when an application generates code that is not sufficiently controlled. This type of vulnerability is often seen in web and API applications and is listed in the CWE Top 25 list of the most...
Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) is a type of Authorization vulnerability that occurs when a program does not properly limit operations within the bounds of a memory buffer. This can lead to a situation where the program reads from or writes to memory...
Incorrect Default Permissions is a type of authorization vulnerability, in which certain files or directories are given permissions that are too broad or are granted to a wider set of users than is necessary. This type of vulnerability may be found in web and API applications, and is listed as...
Missing Authentication for Critical Function (CWE-306) is a vulnerability that happens when there is no authentication for critical functions. This vulnerability can occur in web and API applications. According to the Common Weakness Enumeration (CWE), this vulnerability is listed in the CWE Top 25 (2022) and is a subclass of...
Missing Authorization is an authorization vulnerability that occurs when an application fails to appropriately check if a user has the proper permissions to access a certain resource. This type of vulnerability typically occurs in Web and API applications and is ranked at number 18 in the CWE Top 25 (2022)....
OS command injection (CWE-78) is an injection attack technique used to execute arbitrary system commands on a vulnerable web or API application. It occurs when a user is able to inject malicious code into an input field of a web application or API in order to execute system commands on...
Out-of-bounds Read, also known as Out-of-bounds Read Access, is a type of authorization vulnerability that occurs when an application reads data outside the bounds of a buffer. This is a common vulnerability, and is cataloged in the CWE directory as CWE-126. According to OWASP, it is one of the most...
Out-of-bounds Write (CWE-787) is an authorization vulnerability that occurs when a program writes data past the end of the intended buffer. It is listed in the CWE Top 25 (2022), and is commonly found in Web and API applications. According to the OWASP Testing Guide, this type of vulnerability can...
Race Condition is a type of IT vulnerability that occurs when two or more processes are reading and writing the same shared data concurrently, and the outcome of the execution depends on the particular order of execution of those processes. It is categorized in the CWE Top 25 (2022) as...
Reflected Cross-Site Scripting (XSS) is a type of computer security vulnerability typically found in web applications. It occurs when user input is not properly sanitized and is reflected back to the user in the application’s response. This type of attack can be used to inject malicious client-side scripts into a...
Server-Side Request Forgery (SSRF) is a type of input validation vulnerability that occurs when an attacker is able to manipulate a request from a vulnerable server-side application to access resources that are not intended to be accessed by the attacker, such as internal services and files. This vulnerability is classified...
SQL Injection (CWE-89) is a type of input validation vulnerability where the attacker submits malicious code to a web application or API through the user interface. This malicious code is then used to execute arbitrary code or modify the application's data. According to the CWE directory, SQL Injection is categorized...
Stored Cross Site Scripting (XSS) is a type of Client-Side Vulnerability and is listed as one of the top 25 most dangerous software errors in the Common Weakness Enumeration (CWE) directory. It is classified as CWE-79 and is listed as an Injection vulnerability. Stored XSS occurs when an application stores...
Uncontrolled Resource Consumption (CWE-399) is a vulnerability that occurs when a system or application fails to properly manage resources such as memory, CPU capacity, disk space, or network bandwidth. It can be caused by an attacker attempting to exhaust system resources and can result in denial of service (DoS) or...
The application allows the attacker to upload or transfer malicious that can be automatically processed within the product's environment.The application should be able to fend off bogus and malicious files in a way to keep the application and the users safe.
# Risk
An attacker could be able to upload executable code...
Use After Free (UAF) is a type of software bug related to dynamic memory allocation and deallocation. It occurs when a program attempts to access a memory address which has already been freed, causing a segmentation fault or other system failure. UAF vulnerabilities are listed in the CWE Top 25...
Use of Hard-coded Credentials (CWE-798) is a type of Identity Management vulnerability that occurs when credentials such as passwords, usernames, or keys are hard-coded into applications or services. This type of vulnerability is commonly found in Web and API applications and is listed as one of the CWE Top 25...
XML external entity injection (XXE) is a type of computer security vulnerability typically found in web applications that parse XML input. This can allow an attacker to gain access to sensitive data, perform denial of service attacks, port scanning, and even server-side request forgery (SSRF). The vulnerability is categorized by...
Showing entries 1 to 22 of 22 entries.