Knowledge Base - Issues

Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.

/ Guessable User Accounts

Guessable user accounts, is an identity management vulnerability that occurs when user accounts are configured with easily guessable usernames or passwords. This vulnerability can occur in web and API applications, and can be exploited by attackers to gain unauthorized access to resources. According to the OWASP Testing Guide, the easiest...

/ Improper Access Control

Improper Access Control is an IT vulnerability that enables an individual to gain access to unauthorized information or resources. This vulnerability is categorized under Authentication and can be found in Web and API applications. According to the Common Weakness Enumeration (CWE) directory, Improper Access Control is defined as "a weakness...
Insecure Direct Object References is a type of authentication vulnerability that occurs when a web application or API provides direct access to objects based on user-supplied input. According to the OWASP Testing Guide, an Insecure Direct Object Reference can occur when an application uses an “unvalidated parameter, such as a...

/ Insecure Password Reset

Insecure password reset is a vulnerability (CWE-309) that is found in Identity Management systems. It allows an attacker to exploit the system and reset a user's account password without their knowledge or consent. This type of attack can be performed through web and API interfaces as well as through infrastructure...

/ JWT HMAC Encryption

JWT HMAC Encryption is a type of encryption vulnerability that affects web and Application Programming Interfaces (APIs). According to the Common Weakness Enumeration directory (CWE), JWT HMAC Encryption is a vulnerability that occurs when a software system fails to properly validate digital tokens that are signed with symmetric key cryptographic...
Publicly reported vulnerabilities are security flaws reported by third parties or publicly available sources such as the Common Vulnerabilities and Exposures (CVE) directory. These vulnerabilities can affect Web and API, Infrastructure, and Mobile App systems. They are identified and classified according to the Common Weakness Enumeration (CWE) directory and the...
Reflected Cross-Site Scripting (XSS) is a type of computer security vulnerability typically found in web applications. It occurs when user input is not properly sanitized and is reflected back to the user in the application’s response. This type of attack can be used to inject malicious client-side scripts into a...

/ SQL Injection

SQL Injection (CWE-89) is a type of input validation vulnerability where the attacker submits malicious code to a web application or API through the user interface. This malicious code is then used to execute arbitrary code or modify the application's data. According to the CWE directory, SQL Injection is categorized...

/ Stack Traces

Stack Traces (CWE-209) is a type of error handling vulnerability that occurs in web and API applications. It is a type of software defect that exposes the internal state of an application when the application is running. This can allow an attacker to gain access to the application and its...

/ Use of Hard-Coded Credentials

Use of Hard-coded Credentials (CWE-798) is a type of Identity Management vulnerability that occurs when credentials such as passwords, usernames, or keys are hard-coded into applications or services. This type of vulnerability is commonly found in Web and API applications and is listed as one of the CWE Top 25...
Showing entries 1 to 10 of 10 entries.