C#

CWE-78: The dynamic value passed to the command execution should be validated.

CWE-89: SQL injection flaws are introduced when software developers create dynamic database queries that include user supplied input.

CWE-643: The dynamic value passed to the XPath query should be validated.

CWE-611: The XML parser is configured incorrectly. The operation could be vulnerable to XML eXternal Entity (XXE) processing.

CWE-22: A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the expected directory.

CWE-79: Cross-Site Scripting (XSS)

CWE-90: The dynamic value passed to the LDAP query should be validated.

CWE-295: Certificate Validation has been disabled. The communication could be intercepted.

CWE-338: The random numbers generated could be predicted.

CWE-327: MD5 or SHA1 have known collision weaknesses and are no longer considered strong hashing algorithms.

CWE-1004: It is recommended to specify the HttpOnly flag to new cookie.

CWE-259: The password configuration to this API appears to be hardcoded.

CWE: 284: Controller method is potentially vulnerable to authorization bypass

CWE-295: Certificate Validation has been disabled. The communication could be intercepted.

CWE-338: The random numbers generated could be predicted.

CWE-352: Anti-forgery token is missing.

CWE- 502: Untrusted data passed for deserialization.

CWE-521: The Required Length property must be set with a minimum value of 8.

CWE-524: Caching conflicts with authorization.

CWE-554: The viewStateEncryptionMode is not set to Always in configuration file.

CWE-601: The dynamic value passed to the Redirect should be validated.

CWE-611: The XML parser is configured incorrectly. The operation could be vulnerable to XML eXternal Entity (XXE) processing.

CWE-614: It is recommended to specify the Secure flag to new cookie.

CWE-643: The dynamic value passed to the XPath query should be validated.