Knowledge Base - Issues
Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.Enumerable or guessable user accounts, classified as CWE-203: Observable Discrepancy, is an identity management vulnerability that occurs when it is possible to check for and collect valid login usernames by interacting with the service, without knowledge of the specific account credentials. This vulnerability can occur in web applications and APIs,...
Improper Access Control ([CWE-284](https://cwe.mitre.org/data/definitions/284.html)) is an IT vulnerability that enables an individual to gain access to unauthorized information or resources. This vulnerability is categorized under Authentication and can be found in Web applications and APIs. The [OWASP Web Security Testing Guide (WSTG)](https://owasp.org/www-project-web-security-testing-guide/latest/) outlines a number of tests that can be...
Insecure Direct Object References is a type of authentication vulnerability that occurs when a web application or API provides direct access to objects based on user-supplied input. According to the OWASP Testing Guide, an Insecure Direct Object Reference can occur when an application uses an “unvalidated parameter, such as a...
Insecure password reset is a vulnerability (CWE-309) that is found in Identity Management systems. It allows an attacker to exploit the system and reset a user's account password without their knowledge or consent. This type of attack can be performed through web and API interfaces as well as through infrastructure...
JWT HMAC Encryption is a type of encryption vulnerability that affects web and Application Programming Interfaces (APIs). According to the Common Weakness Enumeration directory (CWE), JWT HMAC Encryption is a vulnerability that occurs when a software system fails to properly validate digital tokens that are signed with symmetric key cryptographic...
Publicly reported vulnerabilities are security flaws reported by third parties or publicly available sources such as the Common Vulnerabilities and Exposures (CVE) directory. These vulnerabilities can affect Web and API, Infrastructure, and Mobile App systems. They are identified and classified according to the Common Weakness Enumeration (CWE) directory and the...
Reflected Cross-Site Scripting (XSS) is a type of computer security vulnerability typically found in web applications. It occurs when user input is not properly sanitized and is reflected back to the user in the application’s response. This type of attack can be used to inject malicious client-side scripts into a...
SQL Injection (CWE-89) is a type of input validation vulnerability where the attacker submits malicious code to a web application or API through the user interface. This malicious code is then used to execute arbitrary code or modify the application's data. According to the CWE directory, SQL Injection is categorized...
Stack Traces (CWE-209) is a type of error handling vulnerability that occurs in web and API applications. It is a type of software defect that exposes the internal state of an application when the application is running. This can allow an attacker to gain access to the application and its...
Use of Hard-coded Credentials (CWE-798) is a type of Identity Management vulnerability that occurs when credentials such as passwords, usernames, or keys are hard-coded into applications or services. This type of vulnerability is commonly found in Web and API applications and is listed as one of the CWE Top 25...
Showing entries 1 to 10 of 10 entries.