| CWE-74 |
The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-749 |
The software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted. |
| CWE-75 |
The software does not adequately filter user-controlled input for special elements with control implications. |
| CWE-754 |
The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software. |
| CWE-755 |
The software does not handle or incorrectly handles an exceptional condition. |
| CWE-756 |
The software does not return custom error pages to the user, possibly exposing sensitive information. |
| CWE-757 |
A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. |
| CWE-758 |
The software uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity. |
| CWE-759 |
The software uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. |
| CWE-76 |
The software properly neutralizes certain special elements, but it improperly neutralizes equivalent special elements. |
