Bugcrowd’s Vulnerability Rating Taxonomy

Bugcrowd’s Vulnerability Rating Taxonomy is a resource outlining Bugcrowd’s baseline priority rating, including certain edge cases, for common vulnerabilities. Have a suggestion to improve the VRT? Join the conversation on GitHub.

Download JSON VRT 1.15

Vulnerability Rating Taxonomy

Version 1.15 (current) last updated on 11 Mar 2025
Technical severity ▼VRT category Specific vulnerability name Variant / Affected function Actions
P1AI Application SecurityLarge Language Model (LLM) SecurityLLM Output Handling
P1AI Application SecurityLarge Language Model (LLM) SecurityPrompt Injection
P1AI Application SecurityLarge Language Model (LLM) SecurityTraining Data Poisoning
P1Automotive Security MisconfigurationInfotainment, Radio Head UnitSensitive data Leakage/Exposure
P1Automotive Security MisconfigurationRF HubKey Fob Cloning
P1Broken Access Control (BAC)Insecure Direct Object References (IDOR)Modify/View Sensitive Information(Iterable Object Identifiers)
P1Broken Authentication and Session ManagementAuthentication Bypass
P1Decentralized Application MisconfigurationInsecure Data StoragePlaintext Private Key
P1Decentralized Application MisconfigurationMarketplace SecurityOrderbook Manipulation
P1Decentralized Application MisconfigurationMarketplace SecuritySigner Account Takeover
P1Decentralized Application MisconfigurationMarketplace SecurityUnauthorized Asset Transfer
P1Decentralized Application MisconfigurationProtocol Security MisconfigurationNode-level Denial of Service
P1Insecure OS/FirmwareCommand Injection
P1Insecure OS/FirmwareHardcoded PasswordPrivileged User
P1Sensitive Data ExposureDisclosure of SecretsFor Publicly Accessible Asset
P1Server Security MisconfigurationUsing Default Credentials
P1Server-Side InjectionFile InclusionLocal
P1Server-Side InjectionRemote Code Execution (RCE)
P1Server-Side InjectionSQL Injection
P1Server-Side InjectionXML External Entity Injection (XXE)
P1Smart Contract MisconfigurationReentrancy Attack
P1Smart Contract MisconfigurationSmart Contract Owner Takeover
P1Smart Contract MisconfigurationUnauthorized Transfer of Funds
P1Smart Contract MisconfigurationUninitialized Variables
P1Zero Knowledge Security MisconfigurationDeanonymization of Data
P1Zero Knowledge Security MisconfigurationImproper Proof Validation and Finalization Logic
P2AI Application SecurityLarge Language Model (LLM) SecurityExcessive Agency/Permission Manipulation
P2Application-Level Denial-of-Service (DoS)Critical Impact and/or Easy Difficulty
P2Automotive Security MisconfigurationInfotainment, Radio Head UnitCode Execution (CAN Bus Pivot)
P2Automotive Security MisconfigurationInfotainment, Radio Head UnitOTA Firmware Manipulation
P2Automotive Security MisconfigurationRF HubCAN Injection / Interaction
P2Broken Access Control (BAC)Insecure Direct Object References (IDOR)Modify Sensitive Information(Iterable Object Identifiers)
P2Cross-Site Request Forgery (CSRF)Application-Wide
P2Cross-Site Scripting (XSS)StoredNon-Privileged User to Anyone
P2Cryptographic WeaknessKey ReuseInter-Environment
P2Decentralized Application MisconfigurationMarketplace SecurityMalicious Order Offer
P2Decentralized Application MisconfigurationMarketplace SecurityPrice or Fee Manipulation
P2Insecure OS/FirmwareHardcoded PasswordNon-Privileged User
P2Insecure OS/FirmwareLocal Administrator on default environment
P2Insecure OS/FirmwareOver-Permissioned Credentials on Storage
P2Physical Security IssuesWeakness in physical access controlCommonly Keyed System
P2Protocol Specific MisconfigurationFrontrunning-Enabled Attack
P2Protocol Specific MisconfigurationSandwich-Enabled Attack
P2Sensitive Data ExposureWeak Password Reset ImplementationToken Leakage via Host Header Poisoning
P2Server Security MisconfigurationOAuth MisconfigurationAccount Takeover
P2Server Security MisconfigurationServer-Side Request Forgery (SSRF)Internal High Impact
P2Smart Contract MisconfigurationInteger Overflow / Underflow
P2Smart Contract MisconfigurationUnauthorized Smart Contract Approval
P3Application-Level Denial-of-Service (DoS)High Impact and/or Medium Difficulty
P3Automotive Security MisconfigurationAutomatic Braking System (ABS)Unintended Acceleration / Brake
P3Automotive Security MisconfigurationBattery Management SystemFirmware Dump
P3Automotive Security MisconfigurationCANInjection (Basic Safety Message)
P3Automotive Security MisconfigurationCANInjection (Battery Management System)
P3Automotive Security MisconfigurationCANInjection (Headlights)
P3Automotive Security MisconfigurationCANInjection (Powertrain)
P3Automotive Security MisconfigurationCANInjection (Pyrotechnical Device Deployment Tool)
P3Automotive Security MisconfigurationCANInjection (Sensors)
P3Automotive Security MisconfigurationCANInjection (Steering Control)
P3Automotive Security MisconfigurationCANInjection (Vehicle Anti-theft Systems)
P3Automotive Security MisconfigurationImmobilizerEngine Start
P3Automotive Security MisconfigurationInfotainment, Radio Head UnitCode Execution (No CAN Bus Pivot)
P3Automotive Security MisconfigurationInfotainment, Radio Head UnitUnauthorized Access to Services (API / Endpoints)
P3Automotive Security MisconfigurationRF HubData Leakage / Pull Encryption Mechanism
P3Broken Access Control (BAC)Insecure Direct Object References (IDOR)View Sensitive Information(Iterable Object Identifiers)
P3Broken Authentication and Session ManagementSession FixationRemote Attack Vector
P3Broken Authentication and Session ManagementSecond Factor Authentication (2FA) Bypass
P3Client-Side InjectionBinary PlantingDefault Folder Privilege Escalation
P3Cross-Site Scripting (XSS)ReflectedNon-Self
P3Cross-Site Scripting (XSS)StoredPrivileged User to Privilege Elevation
P3Cross-Site Scripting (XSS)StoredCSRF/URL-Based
P3Cryptographic WeaknessBroken CryptographyUse of Broken Cryptographic Primitive
P3Cryptographic WeaknessInsecure Key GenerationInsufficient Key Space
P3Decentralized Application MisconfigurationMarketplace SecurityOFAC Bypass
P3Insecure OS/FirmwareShared Credentials on Storage
P3Insecure OS/FirmwareWeakness in Firmware UpdatesFirmware does not validate update integrity
P3Sensitive Data ExposureDisclosure of SecretsFor Internal Asset
P3Sensitive Data ExposureEXIF Geolocation Data Not Stripped From Uploaded ImagesAutomatic User Enumeration
P3Server Security MisconfigurationMail Server MisconfigurationNo Spoofing Protection on Email Domain
P3Server Security MisconfigurationMisconfigured DNSSubdomain Takeover
P3Server Security MisconfigurationServer-Side Request Forgery (SSRF)Internal Scan and/or Medium Impact
P3Server-Side InjectionContent Spoofingiframe Injection
P3Server-Side InjectionHTTP Response ManipulationResponse Splitting (CRLF)
P3Smart Contract MisconfigurationFunction-level Denial of Service
P3Smart Contract MisconfigurationImproper Fee Implementation
P3Smart Contract MisconfigurationIrreversible Function Call
P3Smart Contract MisconfigurationMalicious Superuser Risk
P4Automotive Security MisconfigurationBattery Management SystemFraudulent Interface
P4Automotive Security MisconfigurationCANInjection (Disallowed Messages)
P4Automotive Security MisconfigurationCANInjection (DoS)
P4Automotive Security MisconfigurationGNSS / GPSSpoofing
P4Automotive Security MisconfigurationInfotainment, Radio Head UnitDefault Credentials
P4Automotive Security MisconfigurationInfotainment, Radio Head UnitDenial of Service (DoS / Brick)
P4Automotive Security MisconfigurationInfotainment, Radio Head UnitSource Code Dump
P4Automotive Security MisconfigurationRF HubUnauthorized Access / Turn On
P4Automotive Security MisconfigurationRoadside Unit (RSU)Sybil Attack
P4Broken Access Control (BAC)Insecure Direct Object References (IDOR)Modify/View Sensitive Information(Complex Object Identifiers GUID/UUID)
P4Broken Access Control (BAC)Username/Email EnumerationNon-Brute Force
P4Broken Authentication and Session ManagementCleartext Transmission of Session Token
P4Broken Authentication and Session ManagementFailure to Invalidate SessionOn Logout (Client and Server-Side)
P4Broken Authentication and Session ManagementFailure to Invalidate SessionOn Password Reset and/or Change
P4Broken Authentication and Session ManagementWeak Login FunctionOther Plaintext Protocol with no Secure Alternative
P4Broken Authentication and Session ManagementWeak Login FunctionOver HTTP
P4Broken Authentication and Session ManagementWeak Registration ImplementationOver HTTP
P4Cross-Site Scripting (XSS)Off-DomainData URI
P4Cross-Site Scripting (XSS)Referer
P4Cross-Site Scripting (XSS)StoredPrivileged User to No Privilege Elevation
P4Cross-Site Scripting (XSS)Universal (UXSS)
P4Cryptographic WeaknessBroken CryptographyUse of Vulnerable Cryptographic Library
P4Cryptographic WeaknessInsecure Key GenerationKey Exchage Without Entity Authentication
P4Cryptographic WeaknessInsufficient EntropyLimited Random Number Generator (RNG) Entropy Source
P4Cryptographic WeaknessInsufficient EntropyPredictable Initialization Vector (IV)
P4Cryptographic WeaknessInsufficient EntropyPredictable Pseudo-Random Number Generator (PRNG) Seed
P4Cryptographic WeaknessInsufficient EntropySmall Seed Space in Pseudo-Random Number Generator (PRNG)
P4Cryptographic WeaknessInsufficient Verification of Data AuthenticityIntegrity Check Value (ICV)
P4Cryptographic WeaknessKey ReuseLack of Perfect Forward Secrecy
P4Cryptographic WeaknessSide-Channel AttackPadding Oracle Attack
P4Cryptographic WeaknessSide-Channel AttackTiming Attack
P4Cryptographic WeaknessUse of Expired Cryptographic Key (or Certificate)
P4Insecure Data StorageSensitive Application Data Stored UnencryptedOn External Storage
P4Insecure Data StorageServer-Side Credentials StoragePlaintext
P4Insecure Data TransportExecutable DownloadNo Secure Integrity Check
P4Insufficient Security ConfigurabilityNo Password Policy
P4Insufficient Security ConfigurabilityWeak Password Reset ImplementationToken is Not Invalidated After Use
P4Insufficient Security ConfigurabilityWeak 2FA Implementation2FA Secret Cannot be Rotated
P4Insufficient Security ConfigurabilityWeak 2FA Implementation2FA Secret Remains Obtainable After 2FA is Enabled
P4Privacy ConcernsUnnecessary Data CollectionWiFi SSID+Password
P4Sensitive Data ExposureDisclosure of SecretsPay-Per-Use Abuse
P4Sensitive Data ExposureEXIF Geolocation Data Not Stripped From Uploaded ImagesManual User Enumeration
P4Sensitive Data ExposureSensitive Token in URLUser Facing
P4Sensitive Data ExposureToken Leakage via RefererOver HTTP
P4Sensitive Data ExposureToken Leakage via RefererUntrusted 3rd Party
P4Sensitive Data ExposureVia localStorage/sessionStorageSensitive Token
P4Sensitive Data ExposureVisible Detailed Error/Debug PageDetailed Server Configuration
P4Sensitive Data ExposureWeak Password Reset ImplementationPassword Reset Token Sent Over HTTP
P4Server Security MisconfigurationCAPTCHAImplementation Vulnerability
P4Server Security MisconfigurationClickjackingSensitive Click-Based Action
P4Server Security MisconfigurationDatabase Management System (DBMS) MisconfigurationExcessively Privileged User / DBA
P4Server Security MisconfigurationLack of Password ConfirmationDelete Account
P4Server Security MisconfigurationLack of Security HeadersCache-Control for a Sensitive Page
P4Server Security MisconfigurationMail Server MisconfigurationEmail Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain
P4Server Security MisconfigurationMisconfigured DNSZone Transfer
P4Server Security MisconfigurationMissing Secure or HTTPOnly Cookie FlagSession Token
P4Server Security MisconfigurationNo Rate Limiting on FormEmail-Triggering
P4Server Security MisconfigurationNo Rate Limiting on FormLogin
P4Server Security MisconfigurationNo Rate Limiting on FormRegistration
P4Server Security MisconfigurationNo Rate Limiting on FormSMS-Triggering
P4Server Security MisconfigurationOAuth MisconfigurationAccount Squatting
P4Server Security MisconfigurationWeb Application Firewall (WAF) BypassDirect Server Access
P4Server-Side InjectionContent SpoofingEmail HTML Injection
P4Server-Side InjectionContent SpoofingExternal Authentication Injection
P4Server-Side InjectionContent SpoofingImpersonation via Broken Link Hijacking
P4Server-Side InjectionServer-Side Template Injection (SSTI)Basic
P4Smart Contract MisconfigurationImproper Decimals Implementation
P4Smart Contract MisconfigurationImproper Use of Modifier
P4Unvalidated Redirects and ForwardsOpen RedirectGET-Based
P5Application-Level Denial-of-Service (DoS)App CrashMalformed Android Intents
P5Application-Level Denial-of-Service (DoS)App CrashMalformed iOS URL Schemes
P5Automotive Security MisconfigurationRF HubRelay
P5Automotive Security MisconfigurationRF HubReplay
P5Automotive Security MisconfigurationRF HubRoll Jam
P5Broken Access Control (BAC)Insecure Direct Object References (IDOR)View Non-Sensitive Information
P5Broken Authentication and Session ManagementConcurrent Logins
P5Broken Authentication and Session ManagementFailure to Invalidate SessionConcurrent Sessions On Logout
P5Broken Authentication and Session ManagementFailure to Invalidate SessionLong Timeout
P5Broken Authentication and Session ManagementFailure to Invalidate SessionOn Email Change
P5Broken Authentication and Session ManagementFailure to Invalidate SessionOn Logout (Server-Side Only)
P5Broken Authentication and Session ManagementFailure to Invalidate SessionOn 2FA Activation/Change
P5Broken Authentication and Session ManagementSAML Replay
P5Broken Authentication and Session ManagementSession FixationLocal Attack Vector
P5Broken Authentication and Session ManagementWeak Login FunctionNot Operational or Intended Public Access
P5Client-Side InjectionBinary PlantingNo Privilege Escalation
P5Client-Side InjectionBinary PlantingNon-Default Folder Privilege Escalation
P5Cross-Site Request Forgery (CSRF)Action-SpecificLogout
P5Cross-Site Request Forgery (CSRF)CSRF Token Not Unique Per Request
P5Cross-Site Request Forgery (CSRF)Flash-Based
P5Cross-Site Scripting (XSS)Cookie-Based
P5Cross-Site Scripting (XSS)Flash-Based
P5Cross-Site Scripting (XSS)IE-Only
P5Cross-Site Scripting (XSS)ReflectedSelf
P5Cross-Site Scripting (XSS)StoredSelf
P5Cross-Site Scripting (XSS)TRACE Method
P5Cryptographic WeaknessIncomplete Cleanup of Keying Material
P5Cryptographic WeaknessInsufficient EntropyInitialization Vector (IV) Reuse
P5Cryptographic WeaknessInsufficient EntropyPseudo-Random Number Generator (PRNG) Seed Reuse
P5Cryptographic WeaknessInsufficient EntropyUse of True Random Number Generator (TRNG) for Non-Security Purpose
P5Cryptographic WeaknessKey ReuseIntra-Environment
P5Cryptographic WeaknessSide-Channel AttackEmanations Attack
P5Cryptographic WeaknessSide-Channel AttackPower Analysis Attack
P5Cryptographic WeaknessWeak HashUse of Predictable Salt
P5External BehaviorBrowser FeatureAggressive Offline Caching
P5External BehaviorBrowser FeatureAutocomplete Enabled
P5External BehaviorBrowser FeatureAutocorrect Enabled
P5External BehaviorBrowser FeaturePlaintext Password Field
P5External BehaviorBrowser FeatureSave Password
P5External BehaviorCaptcha BypassCrowdsourcing
P5External BehaviorCSV Injection
P5External BehaviorSystem Clipboard LeakShared Links
P5External BehaviorUser Password Persisted in Memory
P5Insecure Data StorageNon-Sensitive Application Data Stored Unencrypted
P5Insecure Data StorageScreen Caching Enabled
P5Insecure Data StorageSensitive Application Data Stored UnencryptedOn Internal Storage
P5Insecure Data TransportExecutable DownloadSecure Integrity Check
P5Insecure OS/FirmwareData not encrypted at restNon sensitive
P5Insecure OS/FirmwareWeakness in Firmware UpdatesFirmware is not encrypted
P5Insufficient Security ConfigurabilityLack of Notification Email
P5Insufficient Security ConfigurabilityPassword Policy Bypass
P5Insufficient Security ConfigurabilityVerification of Contact Method not Required
P5Insufficient Security ConfigurabilityWeak Password Policy
P5Insufficient Security ConfigurabilityWeak Password Reset ImplementationToken Has Long Timed Expiry
P5Insufficient Security ConfigurabilityWeak Password Reset ImplementationToken is Not Invalidated After Email Change
P5Insufficient Security ConfigurabilityWeak Password Reset ImplementationToken is Not Invalidated After Login
P5Insufficient Security ConfigurabilityWeak Password Reset ImplementationToken is Not Invalidated After New Token is Requested
P5Insufficient Security ConfigurabilityWeak Password Reset ImplementationToken is Not Invalidated After Password Change
P5Insufficient Security ConfigurabilityWeak Registration ImplementationAllows Disposable Email Addresses
P5Insufficient Security ConfigurabilityWeak 2FA ImplementationMissing Failsafe
P5Insufficient Security ConfigurabilityWeak 2FA ImplementationOld 2FA Code is Not Invalidated After New Code is Generated
P5Insufficient Security ConfigurabilityWeak 2FA Implementation2FA Code is Not Updated After New Code is Requested
P5Lack of Binary HardeningLack of Exploit Mitigations
P5Lack of Binary HardeningLack of Jailbreak Detection
P5Lack of Binary HardeningLack of Obfuscation
P5Lack of Binary HardeningRuntime Instrumentation-Based
P5Mobile Security MisconfigurationAuto Backup Allowed by Default
P5Mobile Security MisconfigurationClipboard Enabled
P5Mobile Security MisconfigurationSSL Certificate PinningAbsent
P5Mobile Security MisconfigurationSSL Certificate PinningDefeatable
P5Mobile Security MisconfigurationTapjacking
P5Network Security MisconfigurationTelnet Enabled
P5Sensitive Data ExposureDisclosure of Known Public Information
P5Sensitive Data ExposureDisclosure of SecretsData/Traffic Spam
P5Sensitive Data ExposureDisclosure of SecretsIntentionally Public, Sample or Invalid
P5Sensitive Data ExposureDisclosure of SecretsNon-Corporate User
P5Sensitive Data ExposureInternal IP Disclosure
P5Sensitive Data ExposureJSON Hijacking
P5Sensitive Data ExposureMixed Content (HTTPS Sourcing HTTP)
P5Sensitive Data ExposureNon-Sensitive Token in URL
P5Sensitive Data ExposureSensitive Data HardcodedFile Paths
P5Sensitive Data ExposureSensitive Data HardcodedOAuth Secret
P5Sensitive Data ExposureSensitive Token in URLIn the Background
P5Sensitive Data ExposureSensitive Token in URLOn Password Reset
P5Sensitive Data ExposureToken Leakage via RefererPassword Reset Token
P5Sensitive Data ExposureToken Leakage via RefererTrusted 3rd Party
P5Sensitive Data ExposureVia localStorage/sessionStorageNon-Sensitive Token
P5Sensitive Data ExposureVisible Detailed Error/Debug PageDescriptive Stack Trace
P5Sensitive Data ExposureVisible Detailed Error/Debug PageFull Path Disclosure
P5Server Security MisconfigurationBitsquatting
P5Server Security MisconfigurationCAPTCHABrute Force
P5Server Security MisconfigurationCAPTCHAMissing
P5Server Security MisconfigurationClickjackingForm Input
P5Server Security MisconfigurationClickjackingNon-Sensitive Action
P5Server Security MisconfigurationCookie Scoped to Parent Domain
P5Server Security MisconfigurationDirectory Listing EnabledNon-Sensitive Data Exposure
P5Server Security MisconfigurationEmail Verification Bypass
P5Server Security MisconfigurationExposed Admin PortalTo Internet
P5Server Security MisconfigurationFingerprinting/Banner Disclosure
P5Server Security MisconfigurationInsecure SSLCertificate Error
P5Server Security MisconfigurationInsecure SSLInsecure Cipher Suite
P5Server Security MisconfigurationInsecure SSLLack of Forward Secrecy
P5Server Security MisconfigurationLack of Password ConfirmationChange Email Address
P5Server Security MisconfigurationLack of Password ConfirmationChange Password
P5Server Security MisconfigurationLack of Password ConfirmationManage 2FA
P5Server Security MisconfigurationLack of Security HeadersCache-Control for a Non-Sensitive Page
P5Server Security MisconfigurationLack of Security HeadersContent-Security-Policy
P5Server Security MisconfigurationLack of Security HeadersContent-Security-Policy-Report-Only
P5Server Security MisconfigurationLack of Security HeadersPublic-Key-Pins
P5Server Security MisconfigurationLack of Security HeadersStrict-Transport-Security
P5Server Security MisconfigurationLack of Security HeadersX-Content-Security-Policy
P5Server Security MisconfigurationLack of Security HeadersX-Content-Type-Options
P5Server Security MisconfigurationLack of Security HeadersX-Frame-Options
P5Server Security MisconfigurationLack of Security HeadersX-Webkit-CSP
P5Server Security MisconfigurationLack of Security HeadersX-XSS-Protection
P5Server Security MisconfigurationMail Server MisconfigurationEmail Spoofing on Non-Email Domain
P5Server Security MisconfigurationMail Server MisconfigurationEmail Spoofing to Spam Folder
P5Server Security MisconfigurationMail Server MisconfigurationMissing or Misconfigured SPF and/or DKIM
P5Server Security MisconfigurationMisconfigured DNSMissing Certification Authority Authorization (CAA) Record
P5Server Security MisconfigurationMissing DNSSEC
P5Server Security MisconfigurationMissing Secure or HTTPOnly Cookie FlagNon-Session Cookie
P5Server Security MisconfigurationMissing Subresource Integrity
P5Server Security MisconfigurationNo Rate Limiting on FormChange Password
P5Server Security MisconfigurationPotentially Unsafe HTTP Method EnabledOPTIONS
P5Server Security MisconfigurationPotentially Unsafe HTTP Method EnabledTRACE
P5Server Security MisconfigurationReflected File Download (RFD)
P5Server Security MisconfigurationSame-Site Scripting
P5Server Security MisconfigurationServer-Side Request Forgery (SSRF)External - DNS Query Only
P5Server Security MisconfigurationServer-Side Request Forgery (SSRF)External - Low impact
P5Server Security MisconfigurationUnsafe File UploadFile Extension Filter Bypass
P5Server Security MisconfigurationUnsafe File UploadNo Antivirus
P5Server Security MisconfigurationUnsafe File UploadNo Size Limit
P5Server Security MisconfigurationUsername/Email EnumerationBrute Force
P5Server-Side InjectionContent SpoofingEmail Hyperlink Injection Based on Email Provider
P5Server-Side InjectionContent SpoofingFlash Based External Authentication Injection
P5Server-Side InjectionContent SpoofingHomograph/IDN-Based
P5Server-Side InjectionContent SpoofingHTML Content Injection
P5Server-Side InjectionContent SpoofingRight-to-Left Override (RTLO)
P5Server-Side InjectionContent SpoofingText Injection
P5Server-Side InjectionParameter PollutionSocial Media Sharing Buttons
P5Unvalidated Redirects and ForwardsLack of Security Speed Bump Page
P5Unvalidated Redirects and ForwardsOpen RedirectFlash-Based
P5Unvalidated Redirects and ForwardsOpen RedirectHeader-Based
P5Unvalidated Redirects and ForwardsOpen RedirectPOST-Based
P5Unvalidated Redirects and ForwardsTabnabbing
P5Using Components with Known VulnerabilitiesCaptcha BypassOCR (Optical Character Recognition)
P5Using Components with Known VulnerabilitiesOutdated Software Version
P5Using Components with Known VulnerabilitiesRosetta Flash
VariesAlgorithmic BiasesAggregation Bias
VariesAlgorithmic BiasesProcessing Bias
VariesApplication-Level Denial-of-Service (DoS)Excessive Resource ConsumptionInjection (Prompt)
VariesBlockchain Infrastructure MisconfigurationImproper Bridge Validation and Verification Logic
VariesBroken Access Control (BAC)Exposed Sensitive Android Intent
VariesBroken Access Control (BAC)Exposed Sensitive iOS URL Scheme
VariesBroken Access Control (BAC)Privilege Escalation
VariesBroken Authentication and Session ManagementFailure to Invalidate SessionOn Permission Change
VariesCross-Site Request Forgery (CSRF)Action-SpecificAuthenticated Action
VariesCross-Site Request Forgery (CSRF)Action-SpecificUnauthenticated Action
VariesCryptographic WeaknessInsecure ImplementationImproper Following of Specification (Other)
VariesCryptographic WeaknessInsecure ImplementationMissing Cryptographic Step
VariesCryptographic WeaknessInsecure Key GenerationImproper Asymmetric Exponent Selection
VariesCryptographic WeaknessInsecure Key GenerationImproper Asymmetric Prime Selection
VariesCryptographic WeaknessInsecure Key GenerationInsufficient Key Stretching
VariesCryptographic WeaknessInsufficient Verification of Data AuthenticityCryptographic Signature
VariesCryptographic WeaknessSide-Channel AttackDifferential Fault Analysis
VariesCryptographic WeaknessWeak HashLack of Salt
VariesCryptographic WeaknessWeak HashPredictable Hash Collision
VariesData BiasesPre-existing Bias
VariesData BiasesRepresentation Bias
VariesDecentralized Application MisconfigurationDeFi SecurityFlash Loan Attack
VariesDecentralized Application MisconfigurationDeFi SecurityFunction-Level Accounting Error
VariesDecentralized Application MisconfigurationDeFi SecurityImproper Implementation of Governance
VariesDecentralized Application MisconfigurationDeFi SecurityPricing Oracle Manipulation
VariesDecentralized Application MisconfigurationImproper AuthorizationInsufficient Signature Validation
VariesDecentralized Application MisconfigurationInsecure Data StorageSensitive Information Exposure
VariesDecentralized Application MisconfigurationMarketplace SecurityDenial of Service
VariesDecentralized Application MisconfigurationMarketplace SecurityImproper Validation and Checks For Deposits and Withdrawals
VariesDecentralized Application MisconfigurationMarketplace SecurityMiscalculated Accounting Logic
VariesDeveloper BiasesImplicit Bias
VariesIndicators of Compromise
VariesInsecure Data TransportCleartext Transmission of Sensitive Data
VariesInsecure OS/FirmwareData not encrypted at restSensitive
VariesInsecure OS/FirmwareFailure to Remove Sensitive Artifacts from Disk
VariesInsecure OS/FirmwareKiosk Escape or Breakout
VariesInsecure OS/FirmwarePoorly Configured Disk Encryption
VariesInsecure OS/FirmwarePoorly Configured Operating System Security
VariesInsecure OS/FirmwareRecovery of Disk Contains Sensitive Material
VariesInsecure OS/FirmwareWeakness in Firmware UpdatesFirmware cannot be updated
VariesMisinterpretation BiasesContext Ignorance
VariesPhysical Security IssuesBypass of physical access control
VariesPhysical Security IssuesWeakness in physical access controlCloneable Key
VariesPhysical Security IssuesWeakness in physical access controlMaster Key Identification
VariesProtocol Specific MisconfigurationImproper Validation and Finalization Logic
VariesProtocol Specific MisconfigurationMisconfigured Staking Logic
VariesSensitive Data ExposureDisclosure of SecretsPII Leakage/Exposure
VariesSensitive Data ExposureCross Site Script Inclusion (XSSI)
VariesServer Security MisconfigurationCache Poisoning
VariesServer Security MisconfigurationCache Deception
VariesServer Security MisconfigurationDirectory Listing EnabledSensitive Data Exposure
VariesServer Security MisconfigurationOAuth MisconfigurationInsecure Redirect URI
VariesServer Security MisconfigurationOAuth MisconfigurationMissing/Broken State Parameter
VariesServer Security MisconfigurationPath Traversal
VariesServer Security MisconfigurationRace Condition
VariesServer Security MisconfigurationHTTP Request Smuggling
VariesServer Security MisconfigurationSoftware Package Takeover
VariesServer Security MisconfigurationSSL Attack (BREACH, POODLE etc.)
VariesServer Security MisconfigurationUnsafe Cross-Origin Resource Sharing
VariesServer-Side InjectionLDAP Injection
VariesServer-Side InjectionServer-Side Template Injection (SSTI)Custom
VariesSmart Contract MisconfigurationBypass of Function Modifiers and Checks
VariesSmart Contract MisconfigurationInaccurate Rounding Calculation
VariesSocietal BiasesConfirmation Bias
VariesSocietal BiasesSystemic Bias
VariesZero Knowledge Security MisconfigurationMisconfigured Trusted Setup
VariesZero Knowledge Security MisconfigurationMismatching Bit Lengths
VariesZero Knowledge Security MisconfigurationMissing Constraint
VariesZero Knowledge Security MisconfigurationMissing Range Check