Paid content will be excluded from the download.
Matches : 909
The product stores sensitive information in files or directories that are accessible to actors outside of the intended control sphere.
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
This category includes weaknesses that occur when an application does not properly handle errors that occur during processing.
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
The software does not properly verify that the source of data or communication is valid.
An application uses a "blacklist" of prohibited values, but the blacklist is incomplete.