Vulnerabilities related to software applications that can be exploited.
A type of vulnerability where attackers inject malicious code into the memory of an application.
Example: Exploiting a memory injection vulnerability to execute arbitrary code in an application's memory space.
A vulnerability that occurs when a program writes data beyond the boundaries of an allocated buffer.
Example: Triggering a buffer overflow to overwrite a program's memory and gain unauthorized access.
Vulnerabilities that result from the timing or sequencing of events in a program or system.
A race condition where the checking of a condition and the execution of an action are separated in time.
Example: Exploiting a TOC race condition to gain unauthorized access during a time window.
A race condition where an attacker alters data or conditions after the check but before the use.
Example: Manipulating data during the brief time between its check and use in a program.
A vulnerability where attackers can introduce malicious updates or changes to software.
Example: Inserting a malicious code update into a software package to compromise systems.
Vulnerabilities associated with the operating system that attackers can target.
Example: Exploiting an OS-based vulnerability to gain unauthorized access to a system.
Vulnerabilities that affect web applications and services, making them susceptible to exploitation.
A vulnerability that allows attackers to execute malicious SQL queries on a web application's database.
Example: Exploiting SQL injection to retrieve sensitive data from a vulnerable website's database.
A vulnerability that enables attackers to inject malicious scripts into web pages viewed by other users.
Example: Executing a script on a website that affects other users and steals their information.
Vulnerabilities associated with hardware components and devices.
Vulnerabilities related to the software embedded in hardware devices.
Example: Exploiting a firmware vulnerability in a router to gain control over the device.
Vulnerabilities that arise when hardware devices reach the end of their supported lifespan.
Example: Targeting a network appliance that is no longer receiving security updates.
Vulnerabilities associated with outdated or legacy hardware components.
Example: Exploiting security weaknesses in older hardware that lacks modern security features.
Vulnerabilities related to virtualization technologies and environments.
A vulnerability that allows an attacker to break out of a virtual machine and access the host system.
Example: Exploiting a VM escape vulnerability to gain unauthorized access to the host server.
Vulnerabilities that involve the improper reuse of virtualized resources.
Example: Unauthorized access to shared virtualized resources, leading to resource exhaustion.
Vulnerabilities unique to cloud computing environments.
Example: Exploiting a security weakness in a cloud service configuration.
Vulnerabilities related to insecure application programming interfaces (APIs) used in cloud services.
Example: Exploiting an insecure API to gain unauthorized access to cloud resources.
Vulnerabilities that lead to the unauthorized exposure or leakage of sensitive data in the cloud.
Example: Accessing confidential data due to misconfigured cloud storage settings.
Vulnerabilities related to misconfigured identity and access management controls in cloud environments.
Example: Unauthorized access due to weak authentication settings in cloud IAM.
Vulnerabilities specific to certain cloud service providers and their configurations.
Example: Exploiting a vulnerability unique to a particular cloud provider's platform.
Vulnerabilities associated with the supply chain, including service providers, hardware providers, and software providers.
Vulnerabilities related to third-party service providers and their offerings.
Example: Exploiting a vulnerability in a cloud service offered by a third-party provider.
Vulnerabilities related to hardware components supplied by third-party vendors.
Example: Exploiting a vulnerability in network hardware provided by an external vendor.
Vulnerabilities related to software and applications supplied by external software providers.
Example: Exploiting a vulnerability in a third-party software application used by an organization.
Vulnerabilities related to cryptographic techniques and implementations.
Example: Exploiting a cryptographic flaw in an encryption algorithm to decrypt sensitive data.
Vulnerabilities resulting from improper system or application configurations.
Example: Gaining unauthorized access to a system due to misconfigured access controls.
Vulnerabilities specific to mobile devices and platforms.
A vulnerability that allows the installation of apps from unofficial or untrusted sources.
Example: Exploiting sideloading vulnerabilities to install malicious apps on a mobile device.
A vulnerability that allows users to remove software restrictions on mobile devices.
Example: Jailbreaking an iOS device to bypass Apple's security controls.
Vulnerabilities that are unknown to the vendor and have no official patch.
Example: Exploiting a zero-day vulnerability to gain unauthorized access to a system.