| ID |
Name |
CVE |
| CWE-693 |
Protection Mechanism Failure |
|
|
22 |
| CWE-93 |
Improper Neutralization of CRLF Sequences ('CRLF Injection') |
|
|
21 |
| CWE-613 |
Insufficient Session Expiration |
|
|
18 |
| CWE-358 |
Improperly Implemented Security Check for Standard |
|
|
18 |
| CWE-113 |
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') |
|
|
18 |
| CWE-444 |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') |
|
|
14 |
| CWE-338 |
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
|
|
14 |
| CWE-91 |
XML Injection (aka Blind XPath Injection) |
|
|
14 |
| CWE-824 |
Access of Uninitialized Pointer |
|
|
13 |
| CWE-361 |
Time and State |
|
|
13 |
| CWE-754 |
Improper Check for Unusual or Exceptional Conditions |
|
|
13 |
| CWE-118 |
Incorrect Access of Indexable Resource ('Range Error') |
|
|
12 |
| CWE-331 |
Insufficient Entropy |
|
|
11 |
| CWE-330 |
Use of Insufficiently Random Values |
|
|
11 |
| CWE-682 |
Incorrect Calculation |
|
|
10 |
| CWE-90 |
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
|
|
10 |
| CWE-88 |
Argument Injection or Modification |
|
|
10 |
| CWE-172 |
Encoding Error |
|
|
8 |
| CWE-185 |
Incorrect Regular Expression |
|
|
7 |
| CWE-18 |
Source Code |
|
|
6 |
