The ultimate knowledge base for exploits

Any

.NET Misconfiguration: Use of...

Absolute Path Traversal

Acceptance of Extraneous Untru...

Access of Memory Location Afte...

Access of Memory Location Befo...

Access of Resource Using Incom...

Access of Uninitialized Pointe...

Access to Critical Private Var...

Active Debug Code

Addition of Data Structure Sen...

Allocation of File Descriptors...

Allocation of Resources Withou...

Always-Incorrect Control Flow...

Application-Level Admin Tool w...

Architecture with Number of Ho...

Array Declared Public, Final,...

ASP.NET Misconfiguration: Crea...

ASP.NET Misconfiguration: Impr...

ASP.NET Misconfiguration: Miss...

ASP.NET Misconfiguration: Not...

ASP.NET Misconfiguration: Pass...

ASP.NET Misconfiguration: Use...

Assigning instead of Comparing

Assignment of a Fixed Address...

Assignment to Variable without...

Asymmetric Resource Consumptio...

Attempt to Access Child of a N...

Authentication Bypass by Alter...

Authentication Bypass by Assum...

Authentication Bypass by Captu...

Authentication Bypass by Prima...

Authentication Bypass by Spoof...

Authentication Bypass Using an...

Authentication Bypass: OpenSSL...

Authorization Bypass Through U...

Automated Recognition Mechanis...

Behavioral Change in New Versi...

Buffer Access Using Size of So...

Buffer Access with Incorrect L...

Buffer Copy without Checking S...

Buffer Over-read

Buffer Under-read

Buffer Underwrite ('Buffer Und...

Call to Non-ubiquitous API

Call to Thread run() instead o...

Callable with Insufficient Beh...

Channel Accessible by Non-Endp...

Class Instance Self Destructio...

Class with Excessive Number of...

Class with Excessively Deep In...

Class with Virtual Method with...

Cleartext Storage in a File or...

Cleartext Storage in the Regis...

Cleartext Storage of Sensitive...

Cleartext Transmission of Sens...

Client-Side Enforcement of Ser...

clone() Method Without super.c...

Cloneable Class Containing Sen...

Collapse of Data into Unsafe V...

Command Shell in Externally Ac...

Comparing instead of Assigning

Comparison of Classes by Name

Comparison of Incompatible Typ...

Comparison of Object Reference...

Comparison Using Wrong Factors

Compilation with Insufficient...

Compiler Optimization Removal...

Compiler Removal of Code to Cl...

Concurrent Execution using Sha...

Context Switching Race Conditi...

Covert Channel

Covert Storage Channel

Covert Timing Channel

CPU Hardware Not Configured to...

Creation of chroot Jail Withou...

Creation of Class Instance wit...

Creation of Emergent Resource

Creation of Immutable Text Usi...

Creation of Temporary File in...

Creation of Temporary File Wit...

Critical Data Element Declared...

Critical Public Variable Witho...

Cross-Site Request Forgery (CS...

Dangerous Signal Handler not D...

Dangling Database Cursor ('Cur...

Data Access from Outside Expec...

Data Access Operations Outside...

Data Element Aggregating an Ex...

Data Element containing Pointe...

Data Resource Access without U...

Dead Code

Deadlock

Declaration of Catch for Gener...

Declaration of Throws for Gene...

Declaration of Variable with U...

Deletion of Data Structure Sen...

Deployment of Wrong Handler

DEPRECATED (Duplicate): Covert...

DEPRECATED (Duplicate): Failur...

DEPRECATED (Duplicate): Genera...

DEPRECATED (Duplicate): HTTP r...

DEPRECATED (Duplicate): Miscal...

DEPRECATED (Duplicate): Proxie...

DEPRECATED (Duplicate): Relian...

DEPRECATED (Duplicate): Trusti...

DEPRECATED: Apple '.DS_Store'

DEPRECATED: Authentication Byp...

DEPRECATED: Containment Errors...

DEPRECATED: Failure to Protect...

DEPRECATED: Improper Sanitizat...

DEPRECATED: Incorrect Initiali...

DEPRECATED: Incorrect Semantic...

DEPRECATED: Information Exposu...

DEPRECATED: Often Misused: Pat...

DEPRECATED: State Synchronizat...

DEPRECATED: Uncontrolled File...

DEPRECATED: Use of Dynamic Cla...

DEPRECATED: Use of Uninitializ...

Deserialization of Untrusted D...

Detection of Error Condition W...

Direct Request ('Forced Browsi...

Direct Use of Unsafe JNI

Divide By Zero

DMA Device Enabled Too Early i...

Double Decoding of the Same Da...

Double Free

Double-Checked Locking

Doubled Character XSS Manipula...

Download of Code Without Integ...

Duplicate Key in Associative L...

Duplicate Operations on Resour...

Dynamic Variable Evaluation

EJB Bad Practices: Use of AWT...

EJB Bad Practices: Use of Clas...

EJB Bad Practices: Use of Java...

EJB Bad Practices: Use of Sock...

EJB Bad Practices: Use of Sync...

Embedded Malicious Code

Empty Code Block

Empty Exception Block

Empty Password in Configuratio...

Empty Synchronized Block

Encoding Error

Excessive Attack Surface

Excessive Code Complexity

Excessive Data Query Operation...

Excessive Execution of Sequent...

Excessive Halstead Complexity

Excessive Index Range Scan for...

Excessive Iteration

Excessive McCabe Cyclomatic Co...

Excessive Number of Inefficien...

Excessive Platform Resource Co...

Excessive Reliance on Global V...

Excessive Use of Hard-Coded Li...

Excessive Use of Self-Modifyin...

Excessive Use of Unconditional...

Excessively Complex Data Repre...

Excessively Deep Nesting

Executable Regular Expression...

Execution After Redirect (EAR)

Execution with Unnecessary Pri...

Expected Behavior Violation

Expired Pointer Dereference

Explicit Call to Finalize()

Exposed Chip Debug Interface W...

Exposed Dangerous Method or Fu...

Exposed IOCTL with Insufficien...

Exposed Unsafe ActiveX Method

Exposure of Access Control Lis...

Exposure of Backup File to an...

Exposure of Core Dump File to...

Exposure of Data Element to Wr...

Exposure of File Descriptor to...

Exposure of Information Throug...

Exposure of Private Personal I...

Exposure of Resource to Wrong...

Exposure of Security-Sensitive...

Exposure of Sensitive Informat...

Exposure of Sensitive System I...

Exposure of Version-Control Re...

Exposure of WSDL File Containi...

Expression is Always False

Expression is Always True

External Control of Assumed-Im...

External Control of Critical S...

External Control of File Name...

External Control of System or...

External Influence of Sphere D...

External Initialization of Tru...

Externally Controlled Referenc...

Externally-Generated Error Mes...

Failure to Disable Reserved Bi...

Failure to Handle Incomplete E...

Failure to Handle Missing Para...

Failure to Sanitize Paired Del...

Failure to Sanitize Special El...

Files or Directories Accessibl...

finalize() Method Declared Pub...

finalize() Method Without supe...

Floating Point Comparison with...

Free of Memory not on the Heap

Free of Pointer not at Start o...

Function Call With Incorrect A...

Function Call With Incorrect N...

Function Call With Incorrect O...

Function Call With Incorrect V...

Function Call With Incorrectly...

Function Call with Incorrectly...

Generation of Error Message Co...

Generation of Predictable Numb...

Guessable CAPTCHA

Hardware Internal or Debug Mod...

Heap-based Buffer Overflow

Hidden Functionality

Improper Access Control

Improper Address Validation in...

Improper Adherence to Coding S...

Improper Authentication

Improper Authorization

Improper Authorization in Hand...

Improper Authorization of Inde...

Improper Authorization on Phys...

Improper Certificate Validatio...

Improper Check for Certificate...

Improper Check for Dropped Pri...

Improper Check for Unusual or...

Improper Check or Handling of...

Improper Cleanup on Thrown Exc...

Improper Clearing of Heap Memo...

Improper Control of a Resource...

Improper Control of Document T...

Improper Control of Dynamicall...

Improper Control of Filename f...

Improper Control of Generation...

Improper Control of Interactio...

Improper Control of Resource I...

Improper Encoding or Escaping...

Improper Enforcement of a Sing...

Improper Enforcement of Behavi...

Improper Enforcement of Messag...

Improper Export of Android App...

Improper Filtering of Special...

Improper Finite State Machines...

Improper Following of a Certif...

Improper Following of Specific...

Improper Handling of Additiona...

Improper Handling of Alternate...

Improper Handling of Apple HFS...

Improper Handling of Case Sens...

Improper Handling of Exception...

Improper Handling of Extra Par...

Improper Handling of Extra Val...

Improper Handling of File Name...

Improper Handling of Highly Co...

Improper Handling of Incomplet...

Improper Handling of Inconsist...

Improper Handling of Insuffici...

Improper Handling of Invalid U...

Improper Handling of Length Pa...

Improper Handling of Missing S...

Improper Handling of Missing V...

Improper Handling of Mixed Enc...

Improper Handling of Parameter...

Improper Handling of Structura...

Improper Handling of Syntactic...

Improper Handling of Undefined...

Improper Handling of Unexpecte...

Improper Handling of Unicode E...

Improper Handling of URL Encod...

Improper Handling of Values

Improper Handling of Windows :...

Improper Handling of Windows D...

Improper Hardware Lock Protect...

Improper Implementation of Loc...

Improper Initialization

Improper Input Validation

Improper Interaction Between M...

Improper Isolation of Shared R...

Improper Limitation of a Pathn...

Improper Link Resolution Befor...

Improper Lock Behavior After P...

Improper Locking

Improper Neutralization

Improper Neutralization of Alt...

Improper Neutralization of Arg...

Improper Neutralization of Com...

Improper Neutralization of CRL...

Improper Neutralization of Dat...

Improper Neutralization of Del...

Improper Neutralization of Dir...

Improper Neutralization of Enc...

Improper Neutralization of Equ...

Improper Neutralization of Esc...

Improper Neutralization of Exp...

Improper Neutralization of For...

Improper Neutralization of HTT...

Improper Neutralization of Inp...

Improper Neutralization of Int...

Improper Neutralization of Inv...

Improper Neutralization of Lea...

Improper Neutralization of Lin...

Improper Neutralization of Mac...

Improper Neutralization of Mul...

Improper Neutralization of Nul...

Improper Neutralization of Par...

Improper Neutralization of Quo...

Improper Neutralization of Rec...

Improper Neutralization of Scr...

Improper Neutralization of Sec...

Improper Neutralization of Ser...

Improper Neutralization of Spe...

Improper Neutralization of Sub...

Improper Neutralization of Tra...

Improper Neutralization of Val...

Improper Neutralization of Var...

Improper Neutralization of Whi...

Improper Neutralization of Wil...

Improper Null Termination

Improper Output Neutralization...

Improper Ownership Management

Improper Preservation of Consi...

Improper Preservation of Permi...

Improper Privilege Management

Improper Protection of Alterna...

Improper Removal of Sensitive...

Improper Resolution of Path Eq...

Improper Resource Locking

Improper Resource Shutdown or...

Improper Restriction of Commun...

Improper Restriction of Excess...

Improper Restriction of Names...

Improper Restriction of Operat...

Improper Restriction of Power...

Improper Restriction of Recurs...

Improper Restriction of Render...

Improper Restriction of Write-...

Improper Restriction of XML Ex...

Improper Synchronization

Improper Update of Reference C...

Improper Use of Validation Fra...

Improper Validation of Array I...

Improper Validation of Certifi...

Improper Validation of Functio...

Improper Validation of Integri...

Improper Verification of Crypt...

Improper Verification of Inten...

Improper Verification of Sourc...

Improper Write Handling in Lim...

Improper Zeroization of Hardwa...

Improperly Controlled Modifica...

Improperly Implemented Securit...

Inaccurate Comments

Inadequate Encryption Strength

Inappropriate Comment Style

Inappropriate Encoding for Out...

Inappropriate Source Code Styl...

Inappropriate Whitespace Style

Inclusion of Functionality fro...

Inclusion of Sensitive Informa...

Inclusion of Undocumented Feat...

Inclusion of Web Functionality...

Incomplete Blacklist to Cross-...

Incomplete Cleanup

Incomplete Comparison with Mis...

Incomplete Design Documentatio...

Incomplete Documentation

Incomplete Documentation of Pr...

Incomplete Filtering of Multip...

Incomplete Filtering of One or...

Incomplete Filtering of Specia...

Incomplete I/O Documentation

Incomplete Identification of U...

Incomplete Internal State Dist...

Incomplete List of Disallowed...

Incomplete Model of Endpoint F...

Inconsistency Between Implemen...

Inconsistent Interpretation of...

Inconsistent Naming Convention...

Incorrect Access of Indexable...

Incorrect Authorization

Incorrect Behavior Order

Incorrect Behavior Order: Auth...

Incorrect Behavior Order: Earl...

Incorrect Behavior Order: Vali...

Incorrect Block Delimitation

Incorrect Calculation

Incorrect Calculation of Buffe...

Incorrect Calculation of Multi...

Incorrect Check of Function Re...

Incorrect Comparison

Incorrect Control Flow Scoping

Incorrect Conversion between N...

Incorrect Default Permissions

Incorrect Execution-Assigned P...

Incorrect Implementation of Au...

Incorrect Ownership Assignment

Incorrect Permission Assignmen...

Incorrect Pointer Scaling

Incorrect Privilege Assignment

Incorrect Provision of Specifi...

Incorrect Register Defaults or...

Incorrect Regular Expression

Incorrect Resource Transfer Be...

Incorrect Short Circuit Evalua...

Incorrect Synchronization

Incorrect Type Conversion or C...

Incorrect Usage of Seeds in Ps...

Incorrect Use of Autoboxing an...

Incorrect Use of Privileged AP...

Incorrect User Management

Incorrectly Specified Destinat...

Inefficient Algorithmic Comple...

Inefficient CPU Computation

Information Loss or Omission

Initialization with Hard-Coded...

Insecure Automated Optimizatio...

Insecure Default Initializatio...

Insecure Default Variable Init...

Insecure Inherited Permissions

Insecure Preserved Inherited P...

Insecure Storage of Sensitive...

Insecure Temporary File

Insertion of Sensitive Informa...

Insufficient Adherence to Expe...

Insufficient Compartmentalizat...

Insufficient Control Flow Mana...

Insufficient Control of Networ...

Insufficient Documentation of...

Insufficient Encapsulation

Insufficient Encapsulation of...

Insufficient Entropy

Insufficient Entropy in PRNG

Insufficient Granularity of Ac...

Insufficient Granularity of Ad...

Insufficient Isolation of Symb...

Insufficient Isolation of Syst...

Insufficient Logging

Insufficient Psychological Acc...

Insufficient Resource Pool

Insufficient Session Expiratio...

Insufficient Type Distinction

Insufficient UI Warning of Dan...

Insufficient Use of Symbolic C...

Insufficient Verification of D...

Insufficient Visual Distinctio...

Insufficiently Protected Crede...

Integer Coercion Error

Integer Overflow or Wraparound

Integer Overflow to Buffer Ove...

Integer Underflow (Wrap or Wra...

Interpretation Conflict

Invocation of a Control Elemen...

Invocation of Process Using Vi...

Invokable Control Element in M...

Invokable Control Element with...

Irrelevant Code

J2EE Bad Practices: Direct Man...

J2EE Bad Practices: Direct Use...

J2EE Bad Practices: Non-serial...

J2EE Bad Practices: Use of Sys...

J2EE Framework: Saving Unseria...

J2EE Misconfiguration: Data Tr...

J2EE Misconfiguration: Entity...

J2EE Misconfiguration: Insuffi...

J2EE Misconfiguration: Missing...

J2EE Misconfiguration: Plainte...

J2EE Misconfiguration: Weak Ac...

Java Runtime Error Message Con...

Key Exchange without Entity Au...

Lack of Administrator Control...

Large Data Table with Excessiv...

Least Privilege Violation

Logging of Excessive Data

Logic/Time Bomb

Loop Condition Value Update wi...

Loop with Unreachable Exit Con...

Method Containing Access of a...

Mirrored Regions with Differen...

Misinterpretation of Input

Mismatched Memory Management R...

Missing Authentication for Cri...

Missing Authorization

Missing Check for Certificate...

Missing Critical Step in Authe...

Missing Custom Error Page

Missing Default Case in Switch...

Missing Documentation for Desi...

Missing Encryption of Sensitiv...

Missing Handler

Missing Initialization of a Va...

Missing Initialization of Reso...

Missing Lock Check

Missing Password Field Masking

Missing Protection Against Vol...

Missing Reference to Active Al...

Missing Reference to Active Fi...

Missing Release of File Descri...

Missing Release of Memory afte...

Missing Release of Resource af...

Missing Report of Error Condit...

Missing Required Cryptographic...

Missing Serialization Control...

Missing Standardized Error Han...

Missing Support for Integrity...

Missing Synchronization

Missing Validation of OpenSSL...

Missing XML Validation

Modification of Assumed-Immuta...

Modules with Circular Dependen...

Multiple Binds to the Same Por...

Multiple Inheritance from Conc...

Multiple Interpretations of UI...

Multiple Locks of a Critical R...

Multiple Unlocks of a Critical...

Non-exit on Failed Initializat...

Non-Replicating Malicious Code

Non-SQL Invokable Control Elem...

Not Failing Securely ('Failing...

Not Using a Random IV with CBC...

Not Using Complete Mediation

Not Using Password Aging

Null Byte Interaction Error (P...

NULL Pointer Dereference

Numeric Range Comparison Witho...

Numeric Truncation Error

Object Model Violation: Just O...

Obscured Security-relevant Inf...

Observable Behavioral Discrepa...

Observable Discrepancy

Observable Internal Behavioral...

Observable Response Discrepanc...

Observable Timing Discrepancy

Obsolete Feature in UI

Off-by-one Error

Omission of Security-relevant...

Omitted Break Statement in Swi...

Only Filtering One Instance of...

Only Filtering Special Element...

Operation on a Resource after...

Operation on Resource in Wrong...

Operator Precedence Logic Erro...

Origin Validation Error

Out-of-bounds Read

Out-of-bounds Write

Overly Permissive Cross-domain...

Overly Restrictive Account Loc...

Overly Restrictive Regular Exp...

Parent Class with a Virtual De...

Parent Class with References t...

Parent Class without Virtual D...

Partial String Comparison

Passing Mutable Objects to an...

Password Aging with Long Expir...

Password in Configuration File

Path Equivalence: ' filename'...

Path Equivalence: '/./' (Singl...

Path Equivalence: '//multiple/...

Path Equivalence: '/multiple//...

Path Equivalence: '/multiple/t...

Path Equivalence: '\multiple\\...

Path Equivalence: 'fakedir/../...

Path Equivalence: 'file name'...

Path Equivalence: 'file...name...

Path Equivalence: 'file.name'...

Path Equivalence: 'filedir*' (...

Path Equivalence: 'filedir\' (...

Path Equivalence: 'filename '...

Path Equivalence: 'filename......

Path Equivalence: 'filename.'...

Path Equivalence: 'filename/'...

Path Equivalence: Windows 8.3...

Path Traversal: '....' (Multip...

Path Traversal: '....//'

Path Traversal: '...' (Triple...

Path Traversal: '.../...//'

Path Traversal: '../filedir'

Path Traversal: '..\filedir'

Path Traversal: '/../filedir'

Path Traversal: '/absolute/pat...

Path Traversal: '/dir/../filen...

Path Traversal: '\..\filename'

Path Traversal: '\\UNC\share\n...

Path Traversal: '\absolute\pat...

Path Traversal: '\dir\..\filen...

Path Traversal: 'C:dirname'

Path Traversal: 'dir/../../fil...

Path Traversal: 'dir\..\..\fil...

Permission Race Condition Duri...

Permissive List of Allowed Inp...

Permissive Regular Expression

Persistent Storable Data Eleme...

PHP External Variable Modifica...

Placement of User into Incorre...

Power-On of Untrusted Executio...

Predictable Exact Value from P...

Predictable from Observable St...

Predictable Seed in Pseudo-Ran...

Predictable Value Range from P...

Premature Release of Resource...

Private Data Structure Returne...

Privilege Chaining

Privilege Context Switching Er...

Privilege Defined With Unsafe...

Privilege Dropping / Lowering...

Process Control

Processor Optimization Removal...

Product UI does not Warn User...

Protection Mechanism Failure

Public cloneable() Method With...

Public Data Assigned to Privat...

Public Static Field Not Marked...

Public Static Final Field Refe...

Race Condition During Access t...

Race Condition Enabling Link F...

Race Condition for Write-Once...

Race Condition in Switch

Race Condition within a Thread

Reachable Assertion

Reflection Attack in an Authen...

Regular Expression without Anc...

Relative Path Traversal

Release of Invalid Pointer or...

Reliance on a Single Factor in...

Reliance on Cookies without Va...

Reliance on Data/Memory Layout

Reliance on File Name or Exten...

Reliance on IP Address for Aut...

Reliance on Machine-Dependent...

Reliance on Obfuscation or Enc...

Reliance on Package-level Scop...

Reliance on Reverse DNS Resolu...

Reliance on Runtime Component...

Reliance on Security Through O...

Reliance on Undefined, Unspeci...

Reliance on Untrusted Inputs i...

Replicating Malicious Code (Vi...

Return Inside Finally Block

Return of Pointer Value Outsid...

Return of Stack Variable Addre...

Return of Wrong Status Code

Returning a Mutable Object to...

Reusing a Nonce, Key Pair in E...

Reversible One-Way Hash

Runtime Resource Management Co...

Same Seed in Pseudo-Random Num...

Selection of Less-Secure Algor...

Self-generated Error Message C...

Semiconductor Defects in Hardw...

Sensitive Cookie in HTTPS Sess...

Sensitive Cookie Without 'Http...

Sensitive Data Storage in Impr...

Sensitive Information Uncleare...

Serializable Class Containing...

Serializable Data Element Cont...

Server-generated Error Message...

Server-Side Request Forgery (S...

Servlet Runtime Error Message...

Session Fixation

Signal Handler Function Associ...

Signal Handler Race Condition

Signal Handler Use of a Non-re...

Signal Handler with Functional...

Signed to Unsigned Conversion...

Singleton Class Instance Creat...

Small Seed Space in PRNG

Small Space of Random Values

Source Code Element without St...

Source Code File with Excessiv...

Spyware

SQL Injection: Hibernate

Stack-based Buffer Overflow

Static Member Data Element out...

Storage of File With Sensitive...

Storage of File with Sensitive...

Storage of Sensitive Data in a...

Storing Passwords in a Recover...

Struts: Duplicate Validation F...

Struts: Form Bean Does Not Ext...

Struts: Form Field Without Val...

Struts: Incomplete validate()...

Struts: Non-private Field in A...

Struts: Plug-in Framework not...

Struts: Unused Validation Form

Struts: Unvalidated Action For...

Struts: Validator Turned Off

Struts: Validator Without Form...

Suspicious Comment

Symbolic Name not Mapping to C...

Synchronous Access of Remote R...

System-on-Chip (SoC) Using Com...

The UI Performs the Wrong Acti...

Time-of-check Time-of-use (TOC...

Transmission of Private Resour...

Trapdoor

Trojan Horse

Truncation of Security-relevan...

Trust Boundary Violation

Trust of System Event Data

Trusting HTTP Permission Metho...

UI Discrepancy for Security Fe...

Uncaught Exception

Uncaught Exception in Servlet

Unchecked Error Condition

Unchecked Input for Loop Condi...

Unchecked Return Value

Unchecked Return Value to NULL...

Unconditional Control Flow Tra...

Uncontrolled Memory Allocation

Uncontrolled Recursion

Uncontrolled Resource Consumpt...

Uncontrolled Search Path Eleme...

Undefined Behavior for Input t...

Unexpected Sign Extension

Unexpected Status Code or Retu...

Unimplemented or Unsupported F...

Unintended Proxy or Intermedia...

UNIX Hard Link

UNIX Symbolic Link (Symlink) F...

Unlock of a Resource that is n...

Unnecessary Complexity in Prot...

Unparsed Raw Web Content Deliv...

Unprotected Alternate Channel

Unprotected Primary Channel

Unprotected Storage of Credent...

Unprotected Transport of Crede...

Unprotected Windows Messaging...

Unquoted Search Path or Elemen...

Unrestricted Externally Access...

Unrestricted Upload of File wi...

Unsafe ActiveX Control Marked...

Unsigned to Signed Conversion...

Unsynchronized Access to Share...

Untrusted Pointer Dereference

Untrusted Search Path

Unverified Ownership

Unverified Password Change

URL Redirection to Untrusted S...

Use After Free

Use of a Broken or Risky Crypt...

Use of a Key Past its Expirati...

Use of a Non-reentrant Functio...

Use of a One-Way Hash with a P...

Use of a One-Way Hash without...

Use of a Risky Cryptographic P...

Use of Cache Containing Sensit...

Use of Client-Side Authenticat...

Use of Cryptographically Weak...

Use of Expired File Descriptor

Use of Externally-Controlled F...

Use of Externally-Controlled I...

Use of Function with Inconsist...

Use of GET Request Method With...

Use of getlogin() in Multithre...

Use of Hard-coded Credentials

Use of Hard-coded Cryptographi...

Use of Hard-coded Password

Use of Hard-coded, Security-re...

Use of Implicit Intent for Sen...

Use of Incorrect Byte Ordering

Use of Incorrect Operator

Use of Incorrectly-Resolved Na...

Use of Inherently Dangerous Fu...

Use of Inner Class Containing...

Use of Insufficiently Random V...

Use of Invariant Value in Dyna...

Use of Less Trusted Source

Use of Low-Level Functionality

Use of Multiple Resources with...

Use of Non-Canonical URL Paths...

Use of NullPointerException Ca...

Use of Object without Invoking...

Use of Obsolete Function

Use of Out-of-range Pointer Of...

Use of Password Hash Instead o...

Use of Password Hash With Insu...

Use of Password System for Pri...

Use of Path Manipulation Funct...

Use of Persistent Cookies Cont...

Use of Platform-Dependent Thir...

Use of Pointer Subtraction to...

Use of Potentially Dangerous F...

Use of Predictable Algorithm i...

Use of Prohibited Code

Use of Redundant Code

Use of RSA Algorithm without O...

Use of Same Invokable Control...

Use of Same Variable for Multi...

Use of Single-factor Authentic...

Use of Singleton Pattern Witho...

Use of sizeof() on a Pointer T...

Use of umask() with chmod-styl...

Use of Uninitialized Resource

Use of Uninitialized Variable

Use of Unmaintained Third Part...

Use of Web Browser Cache Conta...

Use of Web Link to Untrusted T...

Use of Wrong Operator in Strin...

User Interface (UI) Misreprese...

Using Referer Field for Authen...

Variable Extraction Error

Violation of Secure Design Pri...

Weak Encoding for Password

Weak Password Recovery Mechani...

Weak Password Requirements

Windows Hard Link

Windows Shortcut Following (.L...

Wrap-around Error

Write-what-where Condition

XML Injection (aka Blind XPath...

The ultimate knowledge base for exploits
presented simply and beautifully.

Ideal for penetration testers, cybersecurity researchers or those interested in the field.

Highlights

Latest published issues

CVE-2024-9997 - Out-of-bounds Write

Severity - 78%

Complexity - 18%

Confidentiality - 98%

CVE-2024-9996 - Out-of-bounds Write

Severity - 78%

Complexity - 18%

Confidentiality - 98%

CVE-2024-9489 - Out-of-bounds Write

Severity - 78%

Complexity - 18%

Confidentiality - 98%

Latest updated issues

CVE-2024-8883 - URL Redirection to Untrusted Site ('Open Redirect')

Severity - 68%

Complexity - 16%

Confidentiality - 86%

CVE-2024-44185

Severity - 55%

Complexity - 18%

Confidentiality - 60%

CVE-2024-47041 - Out-of-bounds Read

Severity - 78%

Complexity - 18%

Confidentiality - 98%

Updated daily

Text browser support (Coming soon)

Sharing and Snippets (Coming soon)

Straightforward API (Coming soon)

Daily and weekly digests (Coming soon)

Stay updated

Get in touch

The ultimate knowledge base for exploits presented simply and beautifully.

Ideal for penetration testers, cybersecurity researchers or those interested in the field.

Highlights

Latest published issues

CVE-2024-9997 - Out-of-bounds Write

Severity - 78%

Complexity - 18%

Confidentiality - 98%

CVE-2024-9996 - Out-of-bounds Write

Severity - 78%

Complexity - 18%

Confidentiality - 98%

CVE-2024-9489 - Out-of-bounds Write

Severity - 78%

Complexity - 18%

Confidentiality - 98%

Latest updated issues

CVE-2024-8883 - URL Redirection to Untrusted Site ('Open Redirect')

Severity - 68%

Complexity - 16%

Confidentiality - 86%

CVE-2024-44185

Severity - 55%

Complexity - 18%

Confidentiality - 60%

CVE-2024-47041 - Out-of-bounds Read

Severity - 78%

Complexity - 18%

Confidentiality - 98%

Updated daily

Text browser support (Coming soon)

Sharing and Snippets (Coming soon)

Straightforward API (Coming soon)

Daily and weekly digests (Coming soon)

Stay updated

Get in touch

The ultimate knowledge base for exploits
presented simply and beautifully.