Paid content will be excluded from the download.
Matches : 909
The application does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is safe.
The software records security-relevant information according to an alternate name of the affected entity, instead of the canonical name.
This weakness can be found at CWE-199.
The software does not fully clear previously used information in a data structure, file, or other resource, before making that resource available to a party in another control sphere.
The software uses an API in a manner contrary to its intended use.
The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.
Weaknesses in this category are related to missing or incorrect handling of values that are associated with parameters, fields, or arguments.
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
The software does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.
The software does not handle or incorrectly handles when more values are specified than expected.