Paid content will be excluded from the download.
Matches : 909
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.
The software stores security-critical state information about its users, or the software itself, in a location that is accessible to unauthorized actors.
The code has features that do not directly introduce a weakness or vulnerability, but indicate that the product has not been carefully developed or maintained.
The software does not enforce or incorrectly enforces that structured messages or data are well-formed before being read from an upstream component or sent to a downstream component.
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Software that does not appropriately monitor or control resource consumption can lead to adverse system performance.
The software specifies a regular expression in a way that causes data to be improperly matched or compared.
Weaknesses in this category are organized based on which phase they are introduced during the software development and deployment process.
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.