Q
Detector Library
Kotlin detectors (23/23)
Insecure cookieCookie Without Http Only FlagImproper AuthenticationCryptographic key generatorWeak pseudorandom number generationPath traversalCross-site scriptingReusing Nonce and key in encryptionCode InjectionServer-side request forgeryCross-site request forgeryLog injectionHardcoded credentialsEnabling and overriding debug featureNull Pointer DereferenceInsecure hashingMissing encryption of sensitive dataImproper verification of IntentInsecure connection using unencrypted protocolOS Command InjectionInsecure Bean ValidationSQL injectionIncorrect Type Conversion
Tag: top25-cwes
Path traversal
Creating file paths from untrusted input might give a malicious actor access to sensitive files.
Cross-site scripting
Relying on potentially untrusted user inputs when constructing web application outputs can lead to cross-site scripting vulnerabilities.
Server-side request forgery
Server-side request forgery (SSRF) is a vulnerability that allows an attacker to manipulate a web application to make unintended requests from the server.
Cross-site request forgery
Insecure configuration can lead to a cross-site request forgery (CSRF) vulnerability.
Hardcoded credentials
Hardcoded credentials can be intercepted by malicious actors.
OS Command Injection
Possible unintended system commands could be executed through user input.
SQL injection
Use of untrusted inputs in SQL database query can enable attackers to read, modify, or delete sensitive data in the database