Kotlin Mobile

.kt

.ktm

.kts

CWE

Vulnerability Type

CWE-22

Path/Directory Traversal

CWE-73

File Manipulation

CWE-78

Command Injection

CWE-79

Cross-Site Scripting

CWE-89

SQL Injection

CWE-89

External SQL Injection

CWE-94

Code Injection

CWE-94

Server Pages Execution

CWE-94

Arbitrary Code Injection

CWE-502

Deserialization of Untrusted Data

CWE-643

XPath Injection

CWE-918

Server-Side Request Forgery

CWE

Vulnerability Type

CWE-90

LDAP Injection

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor (location)

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor (Data Storage)

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor (Shared Preference )

CWE-209

Log Messages Information Leak

CWE-209

Error Messages Information Exposure

CWE-209

Console Output

CWE-244

Heap Inspection

CWE-295

Man in the Middle Attack

CWE-338

Weak Pseudo-Random

CWE-400

Sleep Denial of Service

CWE-400

Regex Denial of Service (ReDoS)

CWE-472

Hidden HTML Input

CWE-501

Trust Boundary Violation

CWE-611

XML External Entity (XXE) Injection

CWE-676

Miscellaneous Dangerous Functions

CWE-676

External URL

CWE-676

Mobile Miscellaneous

CWE-749

WebView Exposure

CWE-798

Hardcoded Password/Credentials

CWE-926

Improper Export of Android Application Components (Intents)

CWE

Vulnerability Type

CWE-16

Security Misconfiguration

CWE-20

Session Poisoning

CWE-20

System Properties Change

CWE-20

Mail Relay

CWE-20

Cookie Injection

CWE-113

HTTP Header Injection

CWE-113

HTTP Response Splitting

CWE-117

Log Forging

CWE-326

Weak Encryption Strength

CWE-434

File Upload

CWE-497

System Properties Disclosure

CWE-530

Dangerous File Extensions

CWE-601

Unvalidated/Open Redirect

CWE-916

Weak Hash Strength

CWE-941

Arbitrary Server Connection

CWE-1004

Cookie Without 'HttpOnly' Flag