CWE-702: Weaknesses Introduced During Implementation
ID
CWE-702
Type
Implicit
Status
Incomplete
Number of CVEs
1
This view (slice) lists weaknesses that can be introduced during implementation.
Relationships
Type | # ID | Name | Abstraction | Structure | Status | |
---|---|---|---|---|---|---|
Weakness | CWE-1004 | Sensitive Cookie Without 'HttpOnly' Flag | Variant | Simple | Incomplete | |
Weakness | CWE-1007 | Insufficient Visual Distinction of Homoglyphs Presented to User | Base | Simple | Incomplete | |
Weakness | CWE-102 | Struts: Duplicate Validation Forms | Variant | Simple | Incomplete | |
Weakness | CWE-1021 | Improper Restriction of Rendered UI Layers or Frames | Base | Simple | Incomplete | |
Weakness | CWE-1022 | Use of Web Link to Untrusted Target with window.opener Access | Variant | Simple | Incomplete | |
Weakness | CWE-1023 | Incomplete Comparison with Missing Factors | Class | Simple | Incomplete | |
Weakness | CWE-1024 | Comparison of Incompatible Types | Base | Simple | Incomplete | |
Weakness | CWE-1025 | Comparison Using Wrong Factors | Base | Simple | Incomplete | |
Weakness | CWE-103 | Struts: Incomplete validate() Method Definition | Variant | Simple | Draft | |
Weakness | CWE-104 | Struts: Form Bean Does Not Extend Validation Class | Variant | Simple | Draft | |
Weakness | CWE-105 | Struts: Form Field Without Validator | Variant | Simple | Draft | |
Weakness | CWE-106 | Struts: Plug-in Framework not in Use | Variant | Simple | Draft | |
Weakness | CWE-1068 | Inconsistency Between Implementation and Documented Design | Base | Simple | Incomplete | |
Weakness | CWE-107 | Struts: Unused Validation Form | Variant | Simple | Draft | |
Weakness | CWE-108 | Struts: Unvalidated Action Form | Variant | Simple | Incomplete | |
Weakness | CWE-109 | Struts: Validator Turned Off | Variant | Simple | Draft | |
Weakness | CWE-11 | ASP.NET Misconfiguration: Creating Debug Binary | Variant | Simple | Draft | |
Weakness | CWE-110 | Struts: Validator Without Form Field | Variant | Simple | Draft | |
Weakness | CWE-111 | Direct Use of Unsafe JNI | Variant | Simple | Draft | |
Weakness | CWE-112 | Missing XML Validation | Base | Simple | Draft | |
Weakness | CWE-113 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') | Variant | Simple | Incomplete | |
Weakness | CWE-114 | Process Control | Class | Simple | Incomplete | |
Weakness | CWE-115 | Misinterpretation of Input | Base | Simple | Incomplete | |
Weakness | CWE-116 | Improper Encoding or Escaping of Output | Class | Simple | Draft | |
Weakness | CWE-117 | Improper Output Neutralization for Logs | Base | Simple | Draft | |
Weakness | CWE-1173 | Improper Use of Validation Framework | Base | Simple | Draft | |
Weakness | CWE-1174 | ASP.NET Misconfiguration: Improper Model Validation | Variant | Simple | Draft | |
Weakness | CWE-1176 | Inefficient CPU Computation | Class | Simple | Incomplete | |
Weakness | CWE-1177 | Use of Prohibited Code | Class | Simple | Incomplete | |
Weakness | CWE-118 | Incorrect Access of Indexable Resource ('Range Error') | Class | Simple | Incomplete | |
Weakness | CWE-1189 | Improper Isolation of Shared Resources on System-on-a-Chip (SoC) | Base | Simple | Stable | |
Weakness | CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | Class | Simple | Stable | |
Weakness | CWE-1191 | On-Chip Debug and Test Interface With Improper Access Control | Base | Simple | Stable | |
Weakness | CWE-1192 | Improper Identifier for IP Block used in System-On-Chip (SOC) | Base | Simple | Draft | |
Weakness | CWE-12 | ASP.NET Misconfiguration: Missing Custom Error Page | Variant | Simple | Draft | |
Weakness | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | Base | Simple | Incomplete | |
Weakness | CWE-1204 | Generation of Weak Initialization Vector (IV) | Base | Simple | Incomplete | |
Weakness | CWE-1209 | Failure to Disable Reserved Bits | Base | Simple | Incomplete | |
Weakness | CWE-121 | Stack-based Buffer Overflow | Variant | Simple | Draft | |
Weakness | CWE-122 | Heap-based Buffer Overflow | Variant | Simple | Draft | |
Weakness | CWE-1220 | Insufficient Granularity of Access Control | Base | Simple | Incomplete | |
Weakness | CWE-1221 | Incorrect Register Defaults or Module Parameters | Base | Simple | Incomplete | |
Weakness | CWE-1224 | Improper Restriction of Write-Once Bit Fields | Base | Simple | Incomplete | |
Weakness | CWE-123 | Write-what-where Condition | Base | Simple | Draft | |
Weakness | CWE-1231 | Improper Prevention of Lock Bit Modification | Base | Simple | Stable | |
Weakness | CWE-1232 | Improper Lock Behavior After Power State Transition | Base | Simple | Incomplete | |
Weakness | CWE-1233 | Security-Sensitive Hardware Controls with Missing Lock Bit Protection | Base | Simple | Stable | |
Weakness | CWE-1234 | Hardware Internal or Debug Modes Allow Override of Locks | Base | Simple | Incomplete | |
Weakness | CWE-1235 | Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations | Base | Simple | Incomplete | |
Weakness | CWE-1236 | Improper Neutralization of Formula Elements in a CSV File | Base | Simple | Incomplete | |
Weakness | CWE-1239 | Improper Zeroization of Hardware Register | Variant | Simple | Draft | |
Weakness | CWE-124 | Buffer Underwrite ('Buffer Underflow') | Base | Simple | Incomplete | |
Weakness | CWE-1240 | Use of a Cryptographic Primitive with a Risky Implementation | Base | Simple | Draft | |
Weakness | CWE-1241 | Use of Predictable Algorithm in Random Number Generator | Base | Simple | Draft | |
Weakness | CWE-1242 | Inclusion of Undocumented Features or Chicken Bits | Base | Simple | Incomplete | |
Weakness | CWE-1243 | Sensitive Non-Volatile Information Not Protected During Debug | Base | Simple | Incomplete | |
Weakness | CWE-1244 | Internal Asset Exposed to Unsafe Debug Access Level or State | Base | Simple | Stable | |
Weakness | CWE-1245 | Improper Finite State Machines (FSMs) in Hardware Logic | Base | Simple | Incomplete | |
Weakness | CWE-1246 | Improper Write Handling in Limited-write Non-Volatile Memories | Base | Simple | Incomplete | |
Weakness | CWE-1249 | Application-Level Admin Tool with Inconsistent View of Underlying Operating System | Base | Simple | Incomplete | |
Weakness | CWE-125 | Out-of-bounds Read | Base | Simple | Draft | |
Weakness | CWE-1253 | Incorrect Selection of Fuse Values | Base | Simple | Draft | |
Weakness | CWE-1254 | Incorrect Comparison Logic Granularity | Base | Simple | Draft | |
Weakness | CWE-1255 | Comparison Logic is Vulnerable to Power Side-Channel Attacks | Variant | Simple | Draft | |
Weakness | CWE-1256 | Improper Restriction of Software Interfaces to Hardware Features | Base | Simple | Stable | |
Weakness | CWE-1257 | Improper Access Control Applied to Mirrored or Aliased Memory Regions | Base | Simple | Incomplete | |
Weakness | CWE-1258 | Exposure of Sensitive System Information Due to Uncleared Debug Information | Base | Simple | Draft | |
Weakness | CWE-1259 | Improper Restriction of Security Token Assignment | Base | Simple | Incomplete | |
Weakness | CWE-126 | Buffer Over-read | Variant | Simple | Draft | |
Weakness | CWE-1260 | Improper Handling of Overlap Between Protected Memory Ranges | Base | Simple | Stable | |
Weakness | CWE-1261 | Improper Handling of Single Event Upsets | Base | Simple | Draft | |
Weakness | CWE-1262 | Improper Access Control for Register Interface | Base | Simple | Stable | |
Weakness | CWE-1264 | Hardware Logic with Insecure De-Synchronization between Control and Data Channels | Base | Simple | Incomplete | |
Weakness | CWE-1266 | Improper Scrubbing of Sensitive Data from Decommissioned Device | Base | Simple | Incomplete | |
Weakness | CWE-1267 | Policy Uses Obsolete Encoding | Base | Simple | Draft | |
Weakness | CWE-1268 | Policy Privileges are not Assigned Consistently Between Control and Data Agents | Base | Simple | Draft | |
Weakness | CWE-1269 | Product Released in Non-Release Configuration | Base | Simple | Incomplete | |
Weakness | CWE-127 | Buffer Under-read | Variant | Simple | Draft | |
Weakness | CWE-1270 | Generation of Incorrect Security Tokens | Base | Simple | Incomplete | |
Weakness | CWE-1271 | Uninitialized Value on Reset for Registers Holding Security Settings | Base | Simple | Incomplete | |
Weakness | CWE-1275 | Sensitive Cookie with Improper SameSite Attribute | Variant | Simple | Incomplete | |
Weakness | CWE-1276 | Hardware Child Block Incorrectly Connected to Parent System | Base | Simple | Incomplete | |
Weakness | CWE-1277 | Firmware Not Updateable | Base | Simple | Draft | |
Weakness | CWE-1279 | Cryptographic Operations are run Before Supporting Units are Ready | Base | Simple | Incomplete | |
Weakness | CWE-128 | Wrap-around Error | Base | Simple | Incomplete | |
Weakness | CWE-1280 | Access Control Check Implemented After Asset is Accessed | Base | Simple | Incomplete | |
Weakness | CWE-1281 | Sequence of Processor Instructions Leads to Unexpected Behavior | Base | Simple | Incomplete | |
Weakness | CWE-1282 | Assumed-Immutable Data is Stored in Writable Memory | Base | Simple | Incomplete | |
Weakness | CWE-1283 | Mutable Attestation or Measurement Reporting Data | Base | Simple | Incomplete | |
Weakness | CWE-1284 | Improper Validation of Specified Quantity in Input | Base | Simple | Incomplete | |
Weakness | CWE-1285 | Improper Validation of Specified Index, Position, or Offset in Input | Base | Simple | Incomplete | |
Weakness | CWE-1286 | Improper Validation of Syntactic Correctness of Input | Base | Simple | Incomplete | |
Weakness | CWE-1287 | Improper Validation of Specified Type of Input | Base | Simple | Incomplete | |
Weakness | CWE-1288 | Improper Validation of Consistency within Input | Base | Simple | Incomplete | |
Weakness | CWE-1289 | Improper Validation of Unsafe Equivalence in Input | Base | Simple | Incomplete | |
Weakness | CWE-129 | Improper Validation of Array Index | Variant | Simple | Draft | |
Weakness | CWE-1290 | Incorrect Decoding of Security Identifiers | Base | Simple | Incomplete | |
Weakness | CWE-1291 | Public Key Re-Use for Signing both Debug and Production Code | Base | Simple | Draft | |
Weakness | CWE-1292 | Incorrect Conversion of Security Identifiers | Base | Simple | Draft | |
Weakness | CWE-1293 | Missing Source Correlation of Multiple Independent Data | Base | Simple | Draft | |
Weakness | CWE-1294 | Insecure Security Identifier Mechanism | Class | Simple | Incomplete | |
Weakness | CWE-1295 | Debug Messages Revealing Unnecessary Information | Base | Simple | Incomplete | |
Weakness | CWE-1296 | Incorrect Chaining or Granularity of Debug Components | Base | Simple | Incomplete | |
Weakness | CWE-1297 | Unprotected Confidential Information on Device is Accessible by OSAT Vendors | Base | Simple | Incomplete | |
Weakness | CWE-1298 | Hardware Logic Contains Race Conditions | Base | Simple | Draft | |
Weakness | CWE-1299 | Missing Protection Mechanism for Alternate Hardware Interface | Base | Simple | Draft | |
Weakness | CWE-13 | ASP.NET Misconfiguration: Password in Configuration File | Variant | Simple | Draft | |
Weakness | CWE-130 | Improper Handling of Length Parameter Inconsistency | Base | Simple | Incomplete | |
Weakness | CWE-1300 | Improper Protection of Physical Side Channels | Base | Simple | Stable | |
Weakness | CWE-1301 | Insufficient or Incomplete Data Removal within Hardware Component | Base | Simple | Incomplete | |
Weakness | CWE-1302 | Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC) | Base | Simple | Incomplete | |
Weakness | CWE-1303 | Non-Transparent Sharing of Microarchitectural Resources | Base | Simple | Draft | |
Weakness | CWE-131 | Incorrect Calculation of Buffer Size | Base | Simple | Draft | |
Weakness | CWE-1310 | Missing Ability to Patch ROM Code | Base | Simple | Draft | |
Weakness | CWE-1311 | Improper Translation of Security Attributes by Fabric Bridge | Base | Simple | Draft | |
Weakness | CWE-1312 | Missing Protection for Mirrored Regions in On-Chip Fabric Firewall | Base | Simple | Draft | |
Weakness | CWE-1313 | Hardware Allows Activation of Test or Debug Logic at Runtime | Base | Simple | Draft | |
Weakness | CWE-1314 | Missing Write Protection for Parametric Data Values | Base | Simple | Draft | |
Weakness | CWE-1315 | Improper Setting of Bus Controlling Capability in Fabric End-point | Base | Simple | Incomplete | |
Weakness | CWE-1316 | Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges | Base | Simple | Draft | |
Weakness | CWE-1317 | Improper Access Control in Fabric Bridge | Base | Simple | Draft | |
Weakness | CWE-1318 | Missing Support for Security Features in On-chip Fabrics or Buses | Base | Simple | Incomplete | |
Weakness | CWE-1319 | Improper Protection against Electromagnetic Fault Injection (EM-FI) | Base | Simple | Incomplete | |
Weakness | CWE-1320 | Improper Protection for Outbound Error Messages and Alert Signals | Base | Simple | Draft | |
Weakness | CWE-1321 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | Variant | Simple | Incomplete | |
Weakness | CWE-1322 | Use of Blocking Code in Single-threaded, Non-blocking Context | Base | Simple | Incomplete | |
Weakness | CWE-1323 | Improper Management of Sensitive Trace Data | Base | Simple | Draft | |
Weakness | CWE-1325 | Improperly Controlled Sequential Memory Allocation | Base | Simple | Incomplete | |
Weakness | CWE-1326 | Missing Immutable Root of Trust in Hardware | Base | Simple | Draft | |
Weakness | CWE-1328 | Security Version Number Mutable to Older Versions | Base | Simple | Draft | |
Weakness | CWE-1329 | Reliance on Component That is Not Updateable | Base | Simple | Incomplete | |
Weakness | CWE-1330 | Remanent Data Readable after Memory Erase | Variant | Simple | Draft | |
Weakness | CWE-1331 | Improper Isolation of Shared Resources in Network On Chip (NoC) | Base | Simple | Stable | |
Weakness | CWE-1332 | Improper Handling of Faults that Lead to Instruction Skips | Base | Simple | Stable | |
Weakness | CWE-1333 | Inefficient Regular Expression Complexity | Base | Simple | Draft | |
Weakness | CWE-1334 | Unauthorized Error Injection Can Degrade Hardware Redundancy | Base | Simple | Draft | |
Weakness | CWE-1335 | Incorrect Bitwise Shift of Integer | Base | Simple | Draft | |
Weakness | CWE-1336 | Improper Neutralization of Special Elements Used in a Template Engine | Base | Simple | Incomplete | |
Weakness | CWE-1338 | Improper Protections Against Hardware Overheating | Base | Simple | Draft | |
Weakness | CWE-1339 | Insufficient Precision or Accuracy of a Real Number | Base | Simple | Draft | |
Weakness | CWE-134 | Use of Externally-Controlled Format String | Base | Simple | Draft | |
Weakness | CWE-134 | Use of Externally-Controlled Format String | Base | Simple | Draft | |
Weakness | CWE-1341 | Multiple Releases of Same Resource or Handle | Base | Simple | Incomplete | |
Weakness | CWE-135 | Incorrect Calculation of Multi-Byte String Length | Base | Simple | Draft | |
Weakness | CWE-1351 | Improper Handling of Hardware Behavior in Exceptionally Cold Environments | Base | Simple | Incomplete | |
Weakness | CWE-138 | Improper Neutralization of Special Elements | Class | Simple | Draft | |
Weakness | CWE-1385 | Missing Origin Validation in WebSockets | Variant | Simple | Incomplete | |
Weakness | CWE-1386 | Insecure Operation on Windows Junction / Mount Point | Base | Simple | Incomplete | |
Weakness | CWE-1389 | Incorrect Parsing of Numbers with Different Radices | Base | Simple | Incomplete | |
Weakness | CWE-1389 | Incorrect Parsing of Numbers with Different Radices | Base | Simple | Incomplete | |
Weakness | CWE-1390 | Weak Authentication | Class | Simple | Incomplete | |
Weakness | CWE-1395 | Dependency on Vulnerable Third-Party Component | Class | Simple | Incomplete | |
Weakness | CWE-14 | Compiler Removal of Code to Clear Buffers | Variant | Simple | Draft | |
Weakness | CWE-140 | Improper Neutralization of Delimiters | Base | Simple | Draft | |
Weakness | CWE-141 | Improper Neutralization of Parameter/Argument Delimiters | Variant | Simple | Draft | |
Weakness | CWE-1419 | Incorrect Initialization of Resource | Class | Simple | Incomplete | |
Weakness | CWE-142 | Improper Neutralization of Value Delimiters | Variant | Simple | Draft | |
Weakness | CWE-1420 | Exposure of Sensitive Information during Transient Execution | Base | Simple | Incomplete | |
Weakness | CWE-1421 | Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution | Base | Simple | Incomplete | |
Weakness | CWE-1423 | Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution | Base | Simple | Incomplete | |
Weakness | CWE-1426 | Improper Validation of Generative AI Output | Base | Simple | Incomplete | |
Weakness | CWE-143 | Improper Neutralization of Record Delimiters | Variant | Simple | Draft | |
Weakness | CWE-144 | Improper Neutralization of Line Delimiters | Variant | Simple | Draft | |
Weakness | CWE-145 | Improper Neutralization of Section Delimiters | Variant | Simple | Incomplete | |
Weakness | CWE-146 | Improper Neutralization of Expression/Command Delimiters | Variant | Simple | Incomplete | |
Weakness | CWE-147 | Improper Neutralization of Input Terminators | Variant | Simple | Draft | |
Weakness | CWE-148 | Improper Neutralization of Input Leaders | Variant | Simple | Draft | |
Weakness | CWE-149 | Improper Neutralization of Quoting Syntax | Variant | Simple | Draft | |
Weakness | CWE-15 | External Control of System or Configuration Setting | Base | Simple | Incomplete | |
Weakness | CWE-15 | External Control of System or Configuration Setting | Base | Simple | Incomplete | |
Weakness | CWE-150 | Improper Neutralization of Escape, Meta, or Control Sequences | Variant | Simple | Incomplete | |
Weakness | CWE-151 | Improper Neutralization of Comment Delimiters | Variant | Simple | Draft | |
Weakness | CWE-152 | Improper Neutralization of Macro Symbols | Variant | Simple | Draft | |
Weakness | CWE-153 | Improper Neutralization of Substitution Characters | Variant | Simple | Draft | |
Weakness | CWE-154 | Improper Neutralization of Variable Name Delimiters | Variant | Simple | Incomplete | |
Weakness | CWE-155 | Improper Neutralization of Wildcards or Matching Symbols | Variant | Simple | Draft | |
Weakness | CWE-156 | Improper Neutralization of Whitespace | Variant | Simple | Draft | |
Weakness | CWE-157 | Failure to Sanitize Paired Delimiters | Variant | Simple | Draft | |
Weakness | CWE-158 | Improper Neutralization of Null Byte or NUL Character | Variant | Simple | Incomplete | |
Weakness | CWE-159 | Improper Handling of Invalid Use of Special Elements | Class | Simple | Draft | |
Weakness | CWE-160 | Improper Neutralization of Leading Special Elements | Variant | Simple | Incomplete | |
Weakness | CWE-161 | Improper Neutralization of Multiple Leading Special Elements | Variant | Simple | Incomplete | |
Weakness | CWE-162 | Improper Neutralization of Trailing Special Elements | Variant | Simple | Incomplete | |
Weakness | CWE-163 | Improper Neutralization of Multiple Trailing Special Elements | Variant | Simple | Incomplete | |
Weakness | CWE-164 | Improper Neutralization of Internal Special Elements | Variant | Simple | Incomplete | |
Weakness | CWE-165 | Improper Neutralization of Multiple Internal Special Elements | Variant | Simple | Incomplete | |
Weakness | CWE-166 | Improper Handling of Missing Special Element | Base | Simple | Draft | |
Weakness | CWE-167 | Improper Handling of Additional Special Element | Base | Simple | Draft | |
Weakness | CWE-168 | Improper Handling of Inconsistent Special Elements | Base | Simple | Draft | |
Weakness | CWE-170 | Improper Null Termination | Base | Simple | Incomplete | |
Weakness | CWE-172 | Encoding Error | Class | Simple | Draft | |
Weakness | CWE-173 | Improper Handling of Alternate Encoding | Variant | Simple | Draft | |
Weakness | CWE-174 | Double Decoding of the Same Data | Variant | Simple | Draft | |
Weakness | CWE-175 | Improper Handling of Mixed Encoding | Variant | Simple | Draft | |
Weakness | CWE-176 | Improper Handling of Unicode Encoding | Variant | Simple | Draft | |
Weakness | CWE-177 | Improper Handling of URL Encoding (Hex Encoding) | Variant | Simple | Draft | |
Weakness | CWE-178 | Improper Handling of Case Sensitivity | Base | Simple | Incomplete | |
Weakness | CWE-179 | Incorrect Behavior Order: Early Validation | Base | Simple | Incomplete | |
Weakness | CWE-180 | Incorrect Behavior Order: Validate Before Canonicalize | Variant | Simple | Draft | |
Weakness | CWE-181 | Incorrect Behavior Order: Validate Before Filter | Variant | Simple | Draft | |
Weakness | CWE-182 | Collapse of Data into Unsafe Value | Base | Simple | Draft | |
Weakness | CWE-183 | Permissive List of Allowed Inputs | Base | Simple | Draft | |
Weakness | CWE-184 | Incomplete List of Disallowed Inputs | Base | Simple | Draft | |
Weakness | CWE-185 | Incorrect Regular Expression | Class | Simple | Draft | |
Weakness | CWE-186 | Overly Restrictive Regular Expression | Base | Simple | Draft | |
Weakness | CWE-187 | Partial String Comparison | Variant | Simple | Incomplete | |
Weakness | CWE-188 | Reliance on Data/Memory Layout | Base | Simple | Draft | |
Weakness | CWE-190 | Integer Overflow or Wraparound | Base | Simple | Stable | |
Weakness | CWE-191 | Integer Underflow (Wrap or Wraparound) | Base | Simple | Draft | |
Weakness | CWE-192 | Integer Coercion Error | Variant | Simple | Incomplete | |
Weakness | CWE-193 | Off-by-one Error | Base | Simple | Draft | |
Weakness | CWE-194 | Unexpected Sign Extension | Variant | Simple | Incomplete | |
Weakness | CWE-195 | Signed to Unsigned Conversion Error | Variant | Simple | Draft | |
Weakness | CWE-196 | Unsigned to Signed Conversion Error | Variant | Simple | Draft | |
Weakness | CWE-197 | Numeric Truncation Error | Base | Simple | Incomplete | |
Weakness | CWE-198 | Use of Incorrect Byte Ordering | Variant | Simple | Draft | |
Weakness | CWE-20 | Improper Input Validation | Class | Simple | Stable | |
Weakness | CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | Class | Simple | Draft | |
Weakness | CWE-201 | Insertion of Sensitive Information Into Sent Data | Base | Simple | Draft | |
Weakness | CWE-202 | Exposure of Sensitive Information Through Data Queries | Base | Simple | Draft | |
Weakness | CWE-203 | Observable Discrepancy | Base | Simple | Incomplete | |
Weakness | CWE-204 | Observable Response Discrepancy | Base | Simple | Incomplete | |
Weakness | CWE-205 | Observable Behavioral Discrepancy | Base | Simple | Incomplete | |
Weakness | CWE-206 | Observable Internal Behavioral Discrepancy | Variant | Simple | Incomplete | |
Weakness | CWE-207 | Observable Behavioral Discrepancy With Equivalent Products | Variant | Simple | Draft | |
Weakness | CWE-208 | Observable Timing Discrepancy | Base | Simple | Incomplete | |
Weakness | CWE-209 | Generation of Error Message Containing Sensitive Information | Base | Simple | Draft | |
Weakness | CWE-210 | Self-generated Error Message Containing Sensitive Information | Base | Simple | Draft | |
Weakness | CWE-211 | Externally-Generated Error Message Containing Sensitive Information | Base | Simple | Incomplete | |
Weakness | CWE-212 | Improper Removal of Sensitive Information Before Storage or Transfer | Base | Simple | Incomplete | |
Weakness | CWE-213 | Exposure of Sensitive Information Due to Incompatible Policies | Base | Simple | Draft | |
Weakness | CWE-214 | Invocation of Process Using Visible Sensitive Information | Base | Simple | Incomplete | |
Weakness | CWE-215 | Insertion of Sensitive Information Into Debugging Code | Base | Simple | Draft | |
Weakness | CWE-219 | Storage of File with Sensitive Data Under Web Root | Variant | Simple | Draft | |
Weakness | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Base | Simple | Stable | |
Weakness | CWE-221 | Information Loss or Omission | Class | Simple | Incomplete | |
Weakness | CWE-222 | Truncation of Security-relevant Information | Base | Simple | Draft | |
Weakness | CWE-223 | Omission of Security-relevant Information | Base | Simple | Draft | |
Weakness | CWE-224 | Obscured Security-relevant Information by Alternate Name | Base | Simple | Incomplete | |
Weakness | CWE-226 | Sensitive Information in Resource Not Removed Before Reuse | Base | Simple | Draft | |
Weakness | CWE-228 | Improper Handling of Syntactically Invalid Structure | Class | Simple | Incomplete | |
Weakness | CWE-229 | Improper Handling of Values | Base | Simple | Incomplete | |
Weakness | CWE-23 | Relative Path Traversal | Base | Simple | Draft | |
Weakness | CWE-230 | Improper Handling of Missing Values | Variant | Simple | Draft | |
Weakness | CWE-231 | Improper Handling of Extra Values | Variant | Simple | Draft | |
Weakness | CWE-232 | Improper Handling of Undefined Values | Variant | Simple | Draft | |
Weakness | CWE-233 | Improper Handling of Parameters | Base | Simple | Incomplete | |
Weakness | CWE-234 | Failure to Handle Missing Parameter | Variant | Simple | Incomplete | |
Weakness | CWE-235 | Improper Handling of Extra Parameters | Variant | Simple | Draft | |
Weakness | CWE-236 | Improper Handling of Undefined Parameters | Variant | Simple | Draft | |
Weakness | CWE-238 | Improper Handling of Incomplete Structural Elements | Variant | Simple | Draft | |
Weakness | CWE-239 | Failure to Handle Incomplete Element | Variant | Simple | Draft | |
Weakness | CWE-24 | Path Traversal: '../filedir' | Variant | Simple | Incomplete | |
Weakness | CWE-240 | Improper Handling of Inconsistent Structural Elements | Base | Simple | Draft | |
Weakness | CWE-241 | Improper Handling of Unexpected Data Type | Base | Simple | Draft | |
Weakness | CWE-242 | Use of Inherently Dangerous Function | Base | Simple | Draft | |
Weakness | CWE-243 | Creation of chroot Jail Without Changing Working Directory | Variant | Simple | Draft | |
Weakness | CWE-244 | Improper Clearing of Heap Memory Before Release ('Heap Inspection') | Variant | Simple | Draft | |
Weakness | CWE-245 | J2EE Bad Practices: Direct Management of Connections | Variant | Simple | Draft | |
Weakness | CWE-246 | J2EE Bad Practices: Direct Use of Sockets | Variant | Simple | Draft | |
Weakness | CWE-248 | Uncaught Exception | Base | Simple | Draft | |
Weakness | CWE-25 | Path Traversal: '/../filedir' | Variant | Simple | Incomplete | |
Weakness | CWE-250 | Execution with Unnecessary Privileges | Base | Simple | Draft | |
Weakness | CWE-252 | Unchecked Return Value | Base | Simple | Draft | |
Weakness | CWE-253 | Incorrect Check of Function Return Value | Base | Simple | Incomplete | |
Weakness | CWE-258 | Empty Password in Configuration File | Variant | Simple | Incomplete | |
Weakness | CWE-259 | Use of Hard-coded Password | Variant | Simple | Draft | |
Weakness | CWE-26 | Path Traversal: '/dir/../filename' | Variant | Simple | Draft | |
Weakness | CWE-260 | Password in Configuration File | Base | Simple | Incomplete | |
Weakness | CWE-266 | Incorrect Privilege Assignment | Base | Simple | Draft | |
Weakness | CWE-267 | Privilege Defined With Unsafe Actions | Base | Simple | Incomplete | |
Weakness | CWE-268 | Privilege Chaining | Base | Simple | Draft | |
Weakness | CWE-269 | Improper Privilege Management | Class | Simple | Draft | |
Weakness | CWE-27 | Path Traversal: 'dir/../../filename' | Variant | Simple | Draft | |
Weakness | CWE-270 | Privilege Context Switching Error | Base | Simple | Draft | |
Weakness | CWE-271 | Privilege Dropping / Lowering Errors | Class | Simple | Incomplete | |
Weakness | CWE-272 | Least Privilege Violation | Base | Simple | Incomplete | |
Weakness | CWE-273 | Improper Check for Dropped Privileges | Base | Simple | Incomplete | |
Weakness | CWE-274 | Improper Handling of Insufficient Privileges | Base | Simple | Draft | |
Weakness | CWE-276 | Incorrect Default Permissions | Base | Simple | Draft | |
Weakness | CWE-277 | Insecure Inherited Permissions | Variant | Simple | Draft | |
Weakness | CWE-279 | Incorrect Execution-Assigned Permissions | Variant | Simple | Draft | |
Weakness | CWE-28 | Path Traversal: '..\filedir' | Variant | Simple | Incomplete | |
Weakness | CWE-280 | Improper Handling of Insufficient Permissions or Privileges | Base | Simple | Draft | |
Weakness | CWE-281 | Improper Preservation of Permissions | Base | Simple | Draft | |
Weakness | CWE-284 | Improper Access Control | Pillar | Simple | Incomplete | |
Weakness | CWE-285 | Improper Authorization | Class | Simple | Draft | |
Weakness | CWE-286 | Incorrect User Management | Class | Simple | Incomplete | |
Weakness | CWE-287 | Improper Authentication | Class | Simple | Draft | |
Weakness | CWE-289 | Authentication Bypass by Alternate Name | Base | Simple | Incomplete | |
Weakness | CWE-29 | Path Traversal: '\..\filename' | Variant | Simple | Incomplete | |
Weakness | CWE-290 | Authentication Bypass by Spoofing | Base | Simple | Incomplete | |
Weakness | CWE-295 | Improper Certificate Validation | Base | Simple | Draft | |
Weakness | CWE-295 | Improper Certificate Validation | Base | Simple | Draft | |
Weakness | CWE-296 | Improper Following of a Certificate's Chain of Trust | Base | Simple | Draft | |
Weakness | CWE-296 | Improper Following of a Certificate's Chain of Trust | Base | Simple | Draft | |
Weakness | CWE-297 | Improper Validation of Certificate with Host Mismatch | Variant | Simple | Incomplete | |
Weakness | CWE-297 | Improper Validation of Certificate with Host Mismatch | Variant | Simple | Incomplete | |
Weakness | CWE-298 | Improper Validation of Certificate Expiration | Variant | Simple | Draft | |
Weakness | CWE-298 | Improper Validation of Certificate Expiration | Variant | Simple | Draft | |
Weakness | CWE-299 | Improper Check for Certificate Revocation | Base | Simple | Draft | |
Weakness | CWE-299 | Improper Check for Certificate Revocation | Base | Simple | Draft | |
Weakness | CWE-30 | Path Traversal: '\dir\..\filename' | Variant | Simple | Draft | |
Weakness | CWE-302 | Authentication Bypass by Assumed-Immutable Data | Base | Simple | Incomplete | |
Weakness | CWE-303 | Incorrect Implementation of Authentication Algorithm | Base | Simple | Draft | |
Weakness | CWE-304 | Missing Critical Step in Authentication | Base | Simple | Draft | |
Weakness | CWE-305 | Authentication Bypass by Primary Weakness | Base | Simple | Draft | |
Weakness | CWE-31 | Path Traversal: 'dir\..\..\filename' | Variant | Simple | Draft | |
Weakness | CWE-318 | Cleartext Storage of Sensitive Information in Executable | Variant | Simple | Draft | |
Weakness | CWE-32 | Path Traversal: '...' (Triple Dot) | Variant | Simple | Incomplete | |
Weakness | CWE-325 | Missing Cryptographic Step | Base | Simple | Draft | |
Weakness | CWE-327 | Use of a Broken or Risky Cryptographic Algorithm | Class | Simple | Draft | |
Weakness | CWE-329 | Generation of Predictable IV with CBC Mode | Variant | Simple | Draft | |
Weakness | CWE-33 | Path Traversal: '....' (Multiple Dot) | Variant | Simple | Incomplete | |
Weakness | CWE-330 | Use of Insufficiently Random Values | Class | Simple | Stable | |
Weakness | CWE-331 | Insufficient Entropy | Base | Simple | Draft | |
Weakness | CWE-332 | Insufficient Entropy in PRNG | Variant | Simple | Draft | |
Weakness | CWE-333 | Improper Handling of Insufficient Entropy in TRNG | Variant | Simple | Draft | |
Weakness | CWE-334 | Small Space of Random Values | Base | Simple | Draft | |
Weakness | CWE-335 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) | Base | Simple | Draft | |
Weakness | CWE-336 | Same Seed in Pseudo-Random Number Generator (PRNG) | Variant | Simple | Draft | |
Weakness | CWE-337 | Predictable Seed in Pseudo-Random Number Generator (PRNG) | Variant | Simple | Draft | |
Weakness | CWE-338 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | Base | Simple | Draft | |
Weakness | CWE-339 | Small Seed Space in PRNG | Variant | Simple | Draft | |
Weakness | CWE-34 | Path Traversal: '....//' | Variant | Simple | Incomplete | |
Weakness | CWE-340 | Generation of Predictable Numbers or Identifiers | Class | Simple | Incomplete | |
Weakness | CWE-341 | Predictable from Observable State | Base | Simple | Draft | |
Weakness | CWE-342 | Predictable Exact Value from Previous Values | Base | Simple | Draft | |
Weakness | CWE-343 | Predictable Value Range from Previous Values | Base | Simple | Draft | |
Weakness | CWE-344 | Use of Invariant Value in Dynamically Changing Context | Base | Simple | Draft | |
Weakness | CWE-345 | Insufficient Verification of Data Authenticity | Class | Simple | Draft | |
Weakness | CWE-346 | Origin Validation Error | Class | Simple | Draft | |
Weakness | CWE-347 | Improper Verification of Cryptographic Signature | Base | Simple | Draft | |
Weakness | CWE-348 | Use of Less Trusted Source | Base | Simple | Draft | |
Weakness | CWE-349 | Acceptance of Extraneous Untrusted Data With Trusted Data | Base | Simple | Draft | |
Weakness | CWE-35 | Path Traversal: '.../...//' | Variant | Simple | Incomplete | |
Weakness | CWE-351 | Insufficient Type Distinction | Base | Simple | Draft | |
Weakness | CWE-353 | Missing Support for Integrity Check | Base | Simple | Draft | |
Weakness | CWE-354 | Improper Validation of Integrity Check Value | Base | Simple | Draft | |
Weakness | CWE-356 | Product UI does not Warn User of Unsafe Actions | Base | Simple | Incomplete | |
Weakness | CWE-357 | Insufficient UI Warning of Dangerous Operations | Base | Simple | Draft | |
Weakness | CWE-358 | Improperly Implemented Security Check for Standard | Base | Simple | Draft | |
Weakness | CWE-359 | Exposure of Private Personal Information to an Unauthorized Actor | Base | Simple | Incomplete | |
Weakness | CWE-36 | Absolute Path Traversal | Base | Simple | Draft | |
Weakness | CWE-360 | Trust of System Event Data | Base | Simple | Incomplete | |
Weakness | CWE-362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | Class | Simple | Draft | |
Weakness | CWE-363 | Race Condition Enabling Link Following | Base | Simple | Draft | |
Weakness | CWE-364 | Signal Handler Race Condition | Base | Simple | Incomplete | |
Weakness | CWE-366 | Race Condition within a Thread | Base | Simple | Draft | |
Weakness | CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition | Base | Simple | Incomplete | |
Weakness | CWE-368 | Context Switching Race Condition | Base | Simple | Draft | |
Weakness | CWE-369 | Divide By Zero | Base | Simple | Draft | |
Weakness | CWE-37 | Path Traversal: '/absolute/pathname/here' | Variant | Simple | Draft | |
Weakness | CWE-370 | Missing Check for Certificate Revocation after Initial Check | Variant | Simple | Draft | |
Weakness | CWE-372 | Incomplete Internal State Distinction | Base | Simple | Draft | |
Weakness | CWE-374 | Passing Mutable Objects to an Untrusted Method | Base | Simple | Draft | |
Weakness | CWE-375 | Returning a Mutable Object to an Untrusted Caller | Base | Simple | Draft | |
Weakness | CWE-377 | Insecure Temporary File | Class | Simple | Incomplete | |
Weakness | CWE-378 | Creation of Temporary File With Insecure Permissions | Base | Simple | Draft | |
Weakness | CWE-379 | Creation of Temporary File in Directory with Insecure Permissions | Base | Simple | Incomplete | |
Weakness | CWE-38 | Path Traversal: '\absolute\pathname\here' | Variant | Simple | Draft | |
Weakness | CWE-382 | J2EE Bad Practices: Use of System.exit() | Variant | Simple | Draft | |
Weakness | CWE-383 | J2EE Bad Practices: Direct Use of Threads | Variant | Simple | Draft | |
Weakness | CWE-384 | Session Fixation | Compound | Composite | Incomplete | |
Weakness | CWE-385 | Covert Timing Channel | Base | Simple | Incomplete | |
Weakness | CWE-386 | Symbolic Name not Mapping to Correct Object | Base | Simple | Draft | |
Weakness | CWE-39 | Path Traversal: 'C:dirname' | Variant | Simple | Draft | |
Weakness | CWE-390 | Detection of Error Condition Without Action | Base | Simple | Draft | |
Weakness | CWE-391 | Unchecked Error Condition | Base | Simple | Incomplete | |
Weakness | CWE-392 | Missing Report of Error Condition | Base | Simple | Draft | |
Weakness | CWE-393 | Return of Wrong Status Code | Base | Simple | Draft | |
Weakness | CWE-394 | Unexpected Status Code or Return Value | Base | Simple | Draft | |
Weakness | CWE-395 | Use of NullPointerException Catch to Detect NULL Pointer Dereference | Base | Simple | Draft | |
Weakness | CWE-396 | Declaration of Catch for Generic Exception | Base | Simple | Draft | |
Weakness | CWE-397 | Declaration of Throws for Generic Exception | Base | Simple | Draft | |
Weakness | CWE-40 | Path Traversal: '\\UNC\share\name\' (Windows UNC Share) | Variant | Simple | Draft | |
Weakness | CWE-400 | Uncontrolled Resource Consumption | Class | Simple | Draft | |
Weakness | CWE-401 | Missing Release of Memory after Effective Lifetime | Variant | Simple | Draft | |
Weakness | CWE-402 | Transmission of Private Resources into a New Sphere ('Resource Leak') | Class | Simple | Draft | |
Weakness | CWE-403 | Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') | Base | Simple | Draft | |
Weakness | CWE-404 | Improper Resource Shutdown or Release | Class | Simple | Draft | |
Weakness | CWE-405 | Asymmetric Resource Consumption (Amplification) | Class | Simple | Incomplete | |
Weakness | CWE-406 | Insufficient Control of Network Message Volume (Network Amplification) | Class | Simple | Incomplete | |
Weakness | CWE-407 | Inefficient Algorithmic Complexity | Class | Simple | Incomplete | |
Weakness | CWE-408 | Incorrect Behavior Order: Early Amplification | Base | Simple | Draft | |
Weakness | CWE-409 | Improper Handling of Highly Compressed Data (Data Amplification) | Base | Simple | Incomplete | |
Weakness | CWE-41 | Improper Resolution of Path Equivalence | Base | Simple | Incomplete | |
Weakness | CWE-410 | Insufficient Resource Pool | Base | Simple | Incomplete | |
Weakness | CWE-412 | Unrestricted Externally Accessible Lock | Base | Simple | Incomplete | |
Weakness | CWE-413 | Improper Resource Locking | Base | Simple | Draft | |
Weakness | CWE-414 | Missing Lock Check | Base | Simple | Draft | |
Weakness | CWE-415 | Double Free | Variant | Simple | Draft | |
Weakness | CWE-416 | Use After Free | Variant | Simple | Stable | |
Weakness | CWE-419 | Unprotected Primary Channel | Base | Simple | Draft | |
Weakness | CWE-42 | Path Equivalence: 'filename.' (Trailing Dot) | Variant | Simple | Incomplete | |
Weakness | CWE-420 | Unprotected Alternate Channel | Base | Simple | Draft | |
Weakness | CWE-425 | Direct Request ('Forced Browsing') | Base | Simple | Incomplete | |
Weakness | CWE-426 | Untrusted Search Path | Base | Simple | Stable | |
Weakness | CWE-427 | Uncontrolled Search Path Element | Base | Simple | Draft | |
Weakness | CWE-428 | Unquoted Search Path or Element | Base | Simple | Draft | |
Weakness | CWE-43 | Path Equivalence: 'filename....' (Multiple Trailing Dot) | Variant | Simple | Incomplete | |
Weakness | CWE-430 | Deployment of Wrong Handler | Base | Simple | Incomplete | |
Weakness | CWE-431 | Missing Handler | Base | Simple | Draft | |
Weakness | CWE-432 | Dangerous Signal Handler not Disabled During Sensitive Operations | Base | Simple | Draft | |
Weakness | CWE-433 | Unparsed Raw Web Content Delivery | Variant | Simple | Incomplete | |
Weakness | CWE-434 | Unrestricted Upload of File with Dangerous Type | Base | Simple | Draft | |
Weakness | CWE-435 | Improper Interaction Between Multiple Correctly-Behaving Entities | Pillar | Simple | Draft | |
Weakness | CWE-436 | Interpretation Conflict | Class | Simple | Incomplete | |
Weakness | CWE-437 | Incomplete Model of Endpoint Features | Base | Simple | Incomplete | |
Weakness | CWE-439 | Behavioral Change in New Version or Environment | Base | Simple | Draft | |
Weakness | CWE-44 | Path Equivalence: 'file.name' (Internal Dot) | Variant | Simple | Incomplete | |
Weakness | CWE-440 | Expected Behavior Violation | Base | Simple | Draft | |
Weakness | CWE-444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') | Base | Simple | Incomplete | |
Weakness | CWE-446 | UI Discrepancy for Security Feature | Class | Simple | Incomplete | |
Weakness | CWE-447 | Unimplemented or Unsupported Feature in UI | Base | Simple | Draft | |
Weakness | CWE-448 | Obsolete Feature in UI | Base | Simple | Draft | |
Weakness | CWE-449 | The UI Performs the Wrong Action | Base | Simple | Incomplete | |
Weakness | CWE-45 | Path Equivalence: 'file...name' (Multiple Internal Dot) | Variant | Simple | Incomplete | |
Weakness | CWE-450 | Multiple Interpretations of UI Input | Base | Simple | Draft | |
Weakness | CWE-451 | User Interface (UI) Misrepresentation of Critical Information | Class | Simple | Draft | |
Weakness | CWE-453 | Insecure Default Variable Initialization | Variant | Simple | Draft | |
Weakness | CWE-454 | External Initialization of Trusted Variables or Data Stores | Base | Simple | Draft | |
Weakness | CWE-455 | Non-exit on Failed Initialization | Base | Simple | Draft | |
Weakness | CWE-456 | Missing Initialization of a Variable | Variant | Simple | Draft | |
Weakness | CWE-457 | Use of Uninitialized Variable | Variant | Simple | Draft | |
Weakness | CWE-459 | Incomplete Cleanup | Base | Simple | Draft | |
Weakness | CWE-46 | Path Equivalence: 'filename ' (Trailing Space) | Variant | Simple | Incomplete | |
Weakness | CWE-460 | Improper Cleanup on Thrown Exception | Base | Simple | Draft | |
Weakness | CWE-462 | Duplicate Key in Associative List (Alist) | Variant | Simple | Incomplete | |
Weakness | CWE-463 | Deletion of Data Structure Sentinel | Base | Simple | Incomplete | |
Weakness | CWE-464 | Addition of Data Structure Sentinel | Base | Simple | Incomplete | |
Weakness | CWE-466 | Return of Pointer Value Outside of Expected Range | Base | Simple | Draft | |
Weakness | CWE-467 | Use of sizeof() on a Pointer Type | Variant | Simple | Draft | |
Weakness | CWE-468 | Incorrect Pointer Scaling | Base | Simple | Incomplete | |
Weakness | CWE-469 | Use of Pointer Subtraction to Determine Size | Base | Simple | Draft | |
Weakness | CWE-47 | Path Equivalence: ' filename' (Leading Space) | Variant | Simple | Incomplete | |
Weakness | CWE-470 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') | Base | Simple | Draft | |
Weakness | CWE-471 | Modification of Assumed-Immutable Data (MAID) | Base | Simple | Draft | |
Weakness | CWE-472 | External Control of Assumed-Immutable Web Parameter | Base | Simple | Draft | |
Weakness | CWE-473 | PHP External Variable Modification | Variant | Simple | Draft | |
Weakness | CWE-474 | Use of Function with Inconsistent Implementations | Base | Simple | Draft | |
Weakness | CWE-475 | Undefined Behavior for Input to API | Base | Simple | Incomplete | |
Weakness | CWE-476 | NULL Pointer Dereference | Base | Simple | Stable | |
Weakness | CWE-477 | Use of Obsolete Function | Base | Simple | Draft | |
Weakness | CWE-478 | Missing Default Case in Multiple Condition Expression | Base | Simple | Draft | |
Weakness | CWE-479 | Signal Handler Use of a Non-reentrant Function | Variant | Simple | Draft | |
Weakness | CWE-48 | Path Equivalence: 'file name' (Internal Whitespace) | Variant | Simple | Incomplete | |
Weakness | CWE-480 | Use of Incorrect Operator | Base | Simple | Draft | |
Weakness | CWE-481 | Assigning instead of Comparing | Variant | Simple | Draft | |
Weakness | CWE-482 | Comparing instead of Assigning | Variant | Simple | Draft | |
Weakness | CWE-483 | Incorrect Block Delimitation | Base | Simple | Draft | |
Weakness | CWE-484 | Omitted Break Statement in Switch | Base | Simple | Draft | |
Weakness | CWE-486 | Comparison of Classes by Name | Variant | Simple | Draft | |
Weakness | CWE-487 | Reliance on Package-level Scope | Base | Simple | Incomplete | |
Weakness | CWE-488 | Exposure of Data Element to Wrong Session | Base | Simple | Draft | |
Weakness | CWE-489 | Active Debug Code | Base | Simple | Draft | |
Weakness | CWE-49 | Path Equivalence: 'filename/' (Trailing Slash) | Variant | Simple | Incomplete | |
Weakness | CWE-491 | Public cloneable() Method Without Final ('Object Hijack') | Variant | Simple | Draft | |
Weakness | CWE-492 | Use of Inner Class Containing Sensitive Data | Variant | Simple | Draft | |
Weakness | CWE-493 | Critical Public Variable Without Final Modifier | Variant | Simple | Draft | |
Weakness | CWE-494 | Download of Code Without Integrity Check | Base | Simple | Draft | |
Weakness | CWE-495 | Private Data Structure Returned From A Public Method | Variant | Simple | Draft | |
Weakness | CWE-496 | Public Data Assigned to Private Array-Typed Field | Variant | Simple | Incomplete | |
Weakness | CWE-497 | Exposure of Sensitive System Information to an Unauthorized Control Sphere | Base | Simple | Incomplete | |
Weakness | CWE-498 | Cloneable Class Containing Sensitive Information | Variant | Simple | Draft | |
Weakness | CWE-499 | Serializable Class Containing Sensitive Data | Variant | Simple | Draft | |
Weakness | CWE-5 | J2EE Misconfiguration: Data Transmission Without Encryption | Variant | Simple | Draft | |
Weakness | CWE-50 | Path Equivalence: '//multiple/leading/slash' | Variant | Simple | Incomplete | |
Weakness | CWE-500 | Public Static Field Not Marked Final | Variant | Simple | Draft | |
Weakness | CWE-502 | Deserialization of Untrusted Data | Base | Simple | Draft | |
Weakness | CWE-506 | Embedded Malicious Code | Class | Simple | Incomplete | |
Weakness | CWE-507 | Trojan Horse | Base | Simple | Incomplete | |
Weakness | CWE-508 | Non-Replicating Malicious Code | Base | Simple | Incomplete | |
Weakness | CWE-509 | Replicating Malicious Code (Virus or Worm) | Base | Simple | Incomplete | |
Weakness | CWE-51 | Path Equivalence: '/multiple//internal/slash' | Variant | Simple | Incomplete | |
Weakness | CWE-510 | Trapdoor | Base | Simple | Incomplete | |
Weakness | CWE-511 | Logic/Time Bomb | Base | Simple | Incomplete | |
Weakness | CWE-512 | Spyware | Base | Simple | Incomplete | |
Weakness | CWE-514 | Covert Channel | Class | Simple | Incomplete | |
Weakness | CWE-515 | Covert Storage Channel | Base | Simple | Incomplete | |
Weakness | CWE-52 | Path Equivalence: '/multiple/trailing/slash//' | Variant | Simple | Incomplete | |
Weakness | CWE-520 | .NET Misconfiguration: Use of Impersonation | Variant | Simple | Incomplete | |
Weakness | CWE-521 | Weak Password Requirements | Base | Simple | Draft | |
Weakness | CWE-522 | Insufficiently Protected Credentials | Class | Simple | Incomplete | |
Weakness | CWE-524 | Use of Cache Containing Sensitive Information | Base | Simple | Incomplete | |
Weakness | CWE-525 | Use of Web Browser Cache Containing Sensitive Information | Variant | Simple | Incomplete | |
Weakness | CWE-526 | Cleartext Storage of Sensitive Information in an Environment Variable | Variant | Simple | Incomplete | |
Weakness | CWE-53 | Path Equivalence: '\multiple\\internal\backslash' | Variant | Simple | Incomplete | |
Weakness | CWE-532 | Insertion of Sensitive Information into Log File | Base | Simple | Incomplete | |
Weakness | CWE-535 | Exposure of Information Through Shell Error Message | Variant | Simple | Incomplete | |
Weakness | CWE-536 | Servlet Runtime Error Message Containing Sensitive Information | Variant | Simple | Incomplete | |
Weakness | CWE-537 | Java Runtime Error Message Containing Sensitive Information | Variant | Simple | Incomplete | |
Weakness | CWE-538 | Insertion of Sensitive Information into Externally-Accessible File or Directory | Base | Simple | Draft | |
Weakness | CWE-539 | Use of Persistent Cookies Containing Sensitive Information | Variant | Simple | Incomplete | |
Weakness | CWE-54 | Path Equivalence: 'filedir\' (Trailing Backslash) | Variant | Simple | Incomplete | |
Weakness | CWE-540 | Inclusion of Sensitive Information in Source Code | Base | Simple | Incomplete | |
Weakness | CWE-541 | Inclusion of Sensitive Information in an Include File | Variant | Simple | Incomplete | |
Weakness | CWE-543 | Use of Singleton Pattern Without Synchronization in a Multithreaded Context | Variant | Simple | Incomplete | |
Weakness | CWE-546 | Suspicious Comment | Variant | Simple | Draft | |
Weakness | CWE-547 | Use of Hard-coded, Security-relevant Constants | Base | Simple | Draft | |
Weakness | CWE-548 | Exposure of Information Through Directory Listing | Variant | Simple | Draft | |
Weakness | CWE-549 | Missing Password Field Masking | Base | Simple | Draft | |
Weakness | CWE-55 | Path Equivalence: '/./' (Single Dot Directory) | Variant | Simple | Incomplete | |
Weakness | CWE-550 | Server-generated Error Message Containing Sensitive Information | Variant | Simple | Incomplete | |
Weakness | CWE-551 | Incorrect Behavior Order: Authorization Before Parsing and Canonicalization | Base | Simple | Incomplete | |
Weakness | CWE-552 | Files or Directories Accessible to External Parties | Base | Simple | Draft | |
Weakness | CWE-553 | Command Shell in Externally Accessible Directory | Variant | Simple | Incomplete | |
Weakness | CWE-554 | ASP.NET Misconfiguration: Not Using Input Validation Framework | Variant | Simple | Draft | |
Weakness | CWE-555 | J2EE Misconfiguration: Plaintext Password in Configuration File | Variant | Simple | Draft | |
Weakness | CWE-556 | ASP.NET Misconfiguration: Use of Identity Impersonation | Variant | Simple | Incomplete | |
Weakness | CWE-558 | Use of getlogin() in Multithreaded Application | Variant | Simple | Draft | |
Weakness | CWE-56 | Path Equivalence: 'filedir*' (Wildcard) | Variant | Simple | Incomplete | |
Weakness | CWE-560 | Use of umask() with chmod-style Argument | Variant | Simple | Draft | |
Weakness | CWE-561 | Dead Code | Base | Simple | Draft | |
Weakness | CWE-562 | Return of Stack Variable Address | Base | Simple | Draft | |
Weakness | CWE-563 | Assignment to Variable without Use | Base | Simple | Draft | |
Weakness | CWE-564 | SQL Injection: Hibernate | Variant | Simple | Incomplete | |
Weakness | CWE-565 | Reliance on Cookies without Validation and Integrity Checking | Base | Simple | Incomplete | |
Weakness | CWE-566 | Authorization Bypass Through User-Controlled SQL Primary Key | Variant | Simple | Incomplete | |
Weakness | CWE-567 | Unsynchronized Access to Shared Data in a Multithreaded Context | Base | Simple | Draft | |
Weakness | CWE-568 | finalize() Method Without super.finalize() | Variant | Simple | Draft | |
Weakness | CWE-57 | Path Equivalence: 'fakedir/../realdir/filename' | Variant | Simple | Incomplete | |
Weakness | CWE-570 | Expression is Always False | Base | Simple | Draft | |
Weakness | CWE-571 | Expression is Always True | Base | Simple | Draft | |
Weakness | CWE-572 | Call to Thread run() instead of start() | Variant | Simple | Draft | |
Weakness | CWE-573 | Improper Following of Specification by Caller | Class | Simple | Draft | |
Weakness | CWE-574 | EJB Bad Practices: Use of Synchronization Primitives | Variant | Simple | Draft | |
Weakness | CWE-575 | EJB Bad Practices: Use of AWT Swing | Variant | Simple | Draft | |
Weakness | CWE-576 | EJB Bad Practices: Use of Java I/O | Variant | Simple | Draft | |
Weakness | CWE-577 | EJB Bad Practices: Use of Sockets | Variant | Simple | Draft | |
Weakness | CWE-578 | EJB Bad Practices: Use of Class Loader | Variant | Simple | Draft | |
Weakness | CWE-579 | J2EE Bad Practices: Non-serializable Object Stored in Session | Variant | Simple | Draft | |
Weakness | CWE-58 | Path Equivalence: Windows 8.3 Filename | Variant | Simple | Incomplete | |
Weakness | CWE-580 | clone() Method Without super.clone() | Variant | Simple | Draft | |
Weakness | CWE-581 | Object Model Violation: Just One of Equals and Hashcode Defined | Variant | Simple | Draft | |
Weakness | CWE-582 | Array Declared Public, Final, and Static | Variant | Simple | Draft | |
Weakness | CWE-583 | finalize() Method Declared Public | Variant | Simple | Incomplete | |
Weakness | CWE-584 | Return Inside Finally Block | Base | Simple | Draft | |
Weakness | CWE-585 | Empty Synchronized Block | Variant | Simple | Draft | |
Weakness | CWE-586 | Explicit Call to Finalize() | Base | Simple | Draft | |
Weakness | CWE-587 | Assignment of a Fixed Address to a Pointer | Variant | Simple | Draft | |
Weakness | CWE-588 | Attempt to Access Child of a Non-structure Pointer | Variant | Simple | Incomplete | |
Weakness | CWE-589 | Call to Non-ubiquitous API | Variant | Simple | Incomplete | |
Weakness | CWE-59 | Improper Link Resolution Before File Access ('Link Following') | Base | Simple | Draft | |
Weakness | CWE-590 | Free of Memory not on the Heap | Variant | Simple | Incomplete | |
Weakness | CWE-591 | Sensitive Data Storage in Improperly Locked Memory | Variant | Simple | Draft | |
Weakness | CWE-593 | Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created | Variant | Simple | Draft | |
Weakness | CWE-594 | J2EE Framework: Saving Unserializable Objects to Disk | Variant | Simple | Incomplete | |
Weakness | CWE-595 | Comparison of Object References Instead of Object Contents | Variant | Simple | Incomplete | |
Weakness | CWE-597 | Use of Wrong Operator in String Comparison | Variant | Simple | Draft | |
Weakness | CWE-598 | Use of GET Request Method With Sensitive Query Strings | Variant | Simple | Draft | |
Weakness | CWE-599 | Missing Validation of OpenSSL Certificate | Variant | Simple | Incomplete | |
Weakness | CWE-6 | J2EE Misconfiguration: Insufficient Session-ID Length | Variant | Simple | Incomplete | |
Weakness | CWE-600 | Uncaught Exception in Servlet | Variant | Simple | Draft | |
Weakness | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') | Base | Simple | Draft | |
Weakness | CWE-603 | Use of Client-Side Authentication | Base | Simple | Draft | |
Weakness | CWE-605 | Multiple Binds to the Same Port | Variant | Simple | Draft | |
Weakness | CWE-606 | Unchecked Input for Loop Condition | Base | Simple | Draft | |
Weakness | CWE-607 | Public Static Final Field References Mutable Object | Variant | Simple | Draft | |
Weakness | CWE-608 | Struts: Non-private Field in ActionForm Class | Variant | Simple | Draft | |
Weakness | CWE-609 | Double-Checked Locking | Base | Simple | Draft | |
Weakness | CWE-61 | UNIX Symbolic Link (Symlink) Following | Compound | Composite | Incomplete | |
Weakness | CWE-611 | Improper Restriction of XML External Entity Reference | Base | Simple | Draft | |
Weakness | CWE-612 | Improper Authorization of Index Containing Sensitive Information | Base | Simple | Draft | |
Weakness | CWE-613 | Insufficient Session Expiration | Base | Simple | Incomplete | |
Weakness | CWE-614 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | Variant | Simple | Draft | |
Weakness | CWE-615 | Inclusion of Sensitive Information in Source Code Comments | Variant | Simple | Incomplete | |
Weakness | CWE-616 | Incomplete Identification of Uploaded File Variables (PHP) | Variant | Simple | Incomplete | |
Weakness | CWE-617 | Reachable Assertion | Base | Simple | Draft | |
Weakness | CWE-618 | Exposed Unsafe ActiveX Method | Variant | Simple | Incomplete | |
Weakness | CWE-619 | Dangling Database Cursor ('Cursor Injection') | Base | Simple | Incomplete | |
Weakness | CWE-62 | UNIX Hard Link | Variant | Simple | Incomplete | |
Weakness | CWE-620 | Unverified Password Change | Base | Simple | Draft | |
Weakness | CWE-621 | Variable Extraction Error | Variant | Simple | Incomplete | |
Weakness | CWE-622 | Improper Validation of Function Hook Arguments | Variant | Simple | Draft | |
Weakness | CWE-623 | Unsafe ActiveX Control Marked Safe For Scripting | Variant | Simple | Draft | |
Weakness | CWE-624 | Executable Regular Expression Error | Base | Simple | Incomplete | |
Weakness | CWE-625 | Permissive Regular Expression | Base | Simple | Draft | |
Weakness | CWE-626 | Null Byte Interaction Error (Poison Null Byte) | Variant | Simple | Draft | |
Weakness | CWE-627 | Dynamic Variable Evaluation | Variant | Simple | Incomplete | |
Weakness | CWE-628 | Function Call with Incorrectly Specified Arguments | Base | Simple | Draft | |
Weakness | CWE-636 | Not Failing Securely ('Failing Open') | Class | Simple | Draft | |
Weakness | CWE-637 | Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') | Class | Simple | Draft | |
Weakness | CWE-638 | Not Using Complete Mediation | Class | Simple | Draft | |
Weakness | CWE-640 | Weak Password Recovery Mechanism for Forgotten Password | Base | Simple | Incomplete | |
Weakness | CWE-641 | Improper Restriction of Names for Files and Other Resources | Base | Simple | Incomplete | |
Weakness | CWE-642 | External Control of Critical State Data | Class | Simple | Draft | |
Weakness | CWE-643 | Improper Neutralization of Data within XPath Expressions ('XPath Injection') | Base | Simple | Incomplete | |
Weakness | CWE-644 | Improper Neutralization of HTTP Headers for Scripting Syntax | Variant | Simple | Incomplete | |
Weakness | CWE-646 | Reliance on File Name or Extension of Externally-Supplied File | Variant | Simple | Incomplete | |
Weakness | CWE-647 | Use of Non-Canonical URL Paths for Authorization Decisions | Variant | Simple | Incomplete | |
Weakness | CWE-648 | Incorrect Use of Privileged APIs | Base | Simple | Incomplete | |
Weakness | CWE-649 | Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking | Base | Simple | Incomplete | |
Weakness | CWE-65 | Windows Hard Link | Variant | Simple | Incomplete | |
Weakness | CWE-650 | Trusting HTTP Permission Methods on the Server Side | Variant | Simple | Incomplete | |
Weakness | CWE-651 | Exposure of WSDL File Containing Sensitive Information | Variant | Simple | Incomplete | |
Weakness | CWE-652 | Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') | Base | Simple | Incomplete | |
Weakness | CWE-653 | Improper Isolation or Compartmentalization | Class | Simple | Draft | |
Weakness | CWE-654 | Reliance on a Single Factor in a Security Decision | Base | Simple | Draft | |
Weakness | CWE-656 | Reliance on Security Through Obscurity | Class | Simple | Draft | |
Weakness | CWE-657 | Violation of Secure Design Principles | Class | Simple | Draft | |
Weakness | CWE-66 | Improper Handling of File Names that Identify Virtual Resources | Base | Simple | Draft | |
Weakness | CWE-662 | Improper Synchronization | Class | Simple | Draft | |
Weakness | CWE-663 | Use of a Non-reentrant Function in a Concurrent Context | Base | Simple | Draft | |
Weakness | CWE-664 | Improper Control of a Resource Through its Lifetime | Pillar | Simple | Draft | |
Weakness | CWE-665 | Improper Initialization | Class | Simple | Draft | |
Weakness | CWE-666 | Operation on Resource in Wrong Phase of Lifetime | Class | Simple | Draft | |
Weakness | CWE-667 | Improper Locking | Class | Simple | Draft | |
Weakness | CWE-668 | Exposure of Resource to Wrong Sphere | Class | Simple | Draft | |
Weakness | CWE-669 | Incorrect Resource Transfer Between Spheres | Class | Simple | Draft | |
Weakness | CWE-67 | Improper Handling of Windows Device Names | Variant | Simple | Incomplete | |
Weakness | CWE-670 | Always-Incorrect Control Flow Implementation | Class | Simple | Draft | |
Weakness | CWE-671 | Lack of Administrator Control over Security | Class | Simple | Draft | |
Weakness | CWE-672 | Operation on a Resource after Expiration or Release | Class | Simple | Draft | |
Weakness | CWE-673 | External Influence of Sphere Definition | Class | Simple | Draft | |
Weakness | CWE-674 | Uncontrolled Recursion | Class | Simple | Draft | |
Weakness | CWE-675 | Multiple Operations on Resource in Single-Operation Context | Class | Simple | Draft | |
Weakness | CWE-676 | Use of Potentially Dangerous Function | Base | Simple | Draft | |
Weakness | CWE-681 | Incorrect Conversion between Numeric Types | Base | Simple | Draft | |
Weakness | CWE-682 | Incorrect Calculation | Pillar | Simple | Draft | |
Weakness | CWE-683 | Function Call With Incorrect Order of Arguments | Variant | Simple | Draft | |
Weakness | CWE-684 | Incorrect Provision of Specified Functionality | Class | Simple | Draft | |
Weakness | CWE-685 | Function Call With Incorrect Number of Arguments | Variant | Simple | Draft | |
Weakness | CWE-686 | Function Call With Incorrect Argument Type | Variant | Simple | Draft | |
Weakness | CWE-687 | Function Call With Incorrectly Specified Argument Value | Variant | Simple | Draft | |
Weakness | CWE-688 | Function Call With Incorrect Variable or Reference as Argument | Variant | Simple | Draft | |
Weakness | CWE-689 | Permission Race Condition During Resource Copy | Compound | Composite | Draft | |
Weakness | CWE-69 | Improper Handling of Windows ::DATA Alternate Data Stream | Variant | Simple | Incomplete | |
Weakness | CWE-690 | Unchecked Return Value to NULL Pointer Dereference | Compound | Chain | Draft | |
Weakness | CWE-691 | Insufficient Control Flow Management | Pillar | Simple | Draft | |
Weakness | CWE-693 | Protection Mechanism Failure | Pillar | Simple | Draft | |
Weakness | CWE-694 | Use of Multiple Resources with Duplicate Identifier | Base | Simple | Incomplete | |
Weakness | CWE-695 | Use of Low-Level Functionality | Base | Simple | Incomplete | |
Weakness | CWE-696 | Incorrect Behavior Order | Class | Simple | Incomplete | |
Weakness | CWE-697 | Incorrect Comparison | Pillar | Simple | Incomplete | |
Weakness | CWE-698 | Execution After Redirect (EAR) | Base | Simple | Incomplete | |
Weakness | CWE-7 | J2EE Misconfiguration: Missing Custom Error Page | Variant | Simple | Incomplete | |
Weakness | CWE-703 | Improper Check or Handling of Exceptional Conditions | Pillar | Simple | Incomplete | |
Weakness | CWE-704 | Incorrect Type Conversion or Cast | Class | Simple | Incomplete | |
Weakness | CWE-705 | Incorrect Control Flow Scoping | Class | Simple | Incomplete | |
Weakness | CWE-706 | Use of Incorrectly-Resolved Name or Reference | Class | Simple | Incomplete | |
Weakness | CWE-707 | Improper Neutralization | Pillar | Simple | Incomplete | |
Weakness | CWE-708 | Incorrect Ownership Assignment | Base | Simple | Incomplete | |
Weakness | CWE-710 | Improper Adherence to Coding Standards | Pillar | Simple | Incomplete | |
Weakness | CWE-72 | Improper Handling of Apple HFS+ Alternate Data Stream Path | Variant | Simple | Incomplete | |
Weakness | CWE-73 | External Control of File Name or Path | Base | Simple | Draft | |
Weakness | CWE-732 | Incorrect Permission Assignment for Critical Resource | Class | Simple | Draft | |
Weakness | CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | Class | Simple | Incomplete | |
Weakness | CWE-749 | Exposed Dangerous Method or Function | Base | Simple | Incomplete | |
Weakness | CWE-75 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) | Class | Simple | Draft | |
Weakness | CWE-754 | Improper Check for Unusual or Exceptional Conditions | Class | Simple | Incomplete | |
Weakness | CWE-755 | Improper Handling of Exceptional Conditions | Class | Simple | Incomplete | |
Weakness | CWE-759 | Use of a One-Way Hash without a Salt | Variant | Simple | Incomplete | |
Weakness | CWE-76 | Improper Neutralization of Equivalent Special Elements | Base | Simple | Draft | |
Weakness | CWE-760 | Use of a One-Way Hash with a Predictable Salt | Variant | Simple | Incomplete | |
Weakness | CWE-761 | Free of Pointer not at Start of Buffer | Variant | Simple | Incomplete | |
Weakness | CWE-762 | Mismatched Memory Management Routines | Variant | Simple | Incomplete | |
Weakness | CWE-763 | Release of Invalid Pointer or Reference | Base | Simple | Incomplete | |
Weakness | CWE-764 | Multiple Locks of a Critical Resource | Base | Simple | Incomplete | |
Weakness | CWE-765 | Multiple Unlocks of a Critical Resource | Base | Simple | Incomplete | |
Weakness | CWE-766 | Critical Data Element Declared Public | Base | Simple | Incomplete | |
Weakness | CWE-767 | Access to Critical Private Variable via Public Method | Base | Simple | Incomplete | |
Weakness | CWE-768 | Incorrect Short Circuit Evaluation | Variant | Simple | Incomplete | |
Weakness | CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') | Class | Simple | Draft | |
Weakness | CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') | Class | Simple | Draft | |
Weakness | CWE-770 | Allocation of Resources Without Limits or Throttling | Base | Simple | Incomplete | |
Weakness | CWE-771 | Missing Reference to Active Allocated Resource | Base | Simple | Incomplete | |
Weakness | CWE-772 | Missing Release of Resource after Effective Lifetime | Base | Simple | Draft | |
Weakness | CWE-773 | Missing Reference to Active File Descriptor or Handle | Variant | Simple | Incomplete | |
Weakness | CWE-774 | Allocation of File Descriptors or Handles Without Limits or Throttling | Variant | Simple | Incomplete | |
Weakness | CWE-775 | Missing Release of File Descriptor or Handle after Effective Lifetime | Variant | Simple | Incomplete | |
Weakness | CWE-776 | Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') | Base | Simple | Draft | |
Weakness | CWE-777 | Regular Expression without Anchors | Variant | Simple | Incomplete | |
Weakness | CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | Base | Simple | Stable | |
Weakness | CWE-780 | Use of RSA Algorithm without OAEP | Variant | Simple | Incomplete | |
Weakness | CWE-781 | Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code | Variant | Simple | Draft | |
Weakness | CWE-782 | Exposed IOCTL with Insufficient Access Control | Variant | Simple | Draft | |
Weakness | CWE-783 | Operator Precedence Logic Error | Base | Simple | Draft | |
Weakness | CWE-784 | Reliance on Cookies without Validation and Integrity Checking in a Security Decision | Variant | Simple | Draft | |
Weakness | CWE-785 | Use of Path Manipulation Function without Maximum-sized Buffer | Variant | Simple | Incomplete | |
Weakness | CWE-787 | Out-of-bounds Write | Base | Simple | Draft | |
Weakness | CWE-789 | Memory Allocation with Excessive Size Value | Variant | Simple | Draft | |
Weakness | CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Base | Simple | Stable | |
Weakness | CWE-790 | Improper Filtering of Special Elements | Class | Simple | Incomplete | |
Weakness | CWE-791 | Incomplete Filtering of Special Elements | Base | Simple | Incomplete | |
Weakness | CWE-792 | Incomplete Filtering of One or More Instances of Special Elements | Variant | Simple | Incomplete | |
Weakness | CWE-793 | Only Filtering One Instance of a Special Element | Variant | Simple | Incomplete | |
Weakness | CWE-794 | Incomplete Filtering of Multiple Instances of Special Elements | Variant | Simple | Incomplete | |
Weakness | CWE-795 | Only Filtering Special Elements at a Specified Location | Base | Simple | Incomplete | |
Weakness | CWE-796 | Only Filtering Special Elements Relative to a Marker | Variant | Simple | Incomplete | |
Weakness | CWE-797 | Only Filtering Special Elements at an Absolute Position | Variant | Simple | Incomplete | |
Weakness | CWE-799 | Improper Control of Interaction Frequency | Class | Simple | Incomplete | |
Weakness | CWE-8 | J2EE Misconfiguration: Entity Bean Declared Remote | Variant | Simple | Incomplete | |
Weakness | CWE-80 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | Variant | Simple | Incomplete | |
Weakness | CWE-804 | Guessable CAPTCHA | Base | Simple | Incomplete | |
Weakness | CWE-805 | Buffer Access with Incorrect Length Value | Base | Simple | Incomplete | |
Weakness | CWE-806 | Buffer Access Using Size of Source Buffer | Variant | Simple | Incomplete | |
Weakness | CWE-807 | Reliance on Untrusted Inputs in a Security Decision | Base | Simple | Incomplete | |
Weakness | CWE-81 | Improper Neutralization of Script in an Error Message Web Page | Variant | Simple | Incomplete | |
Weakness | CWE-82 | Improper Neutralization of Script in Attributes of IMG Tags in a Web Page | Variant | Simple | Incomplete | |
Weakness | CWE-827 | Improper Control of Document Type Definition | Variant | Simple | Incomplete | |
Weakness | CWE-829 | Inclusion of Functionality from Untrusted Control Sphere | Base | Simple | Incomplete | |
Weakness | CWE-83 | Improper Neutralization of Script in Attributes in a Web Page | Variant | Simple | Draft | |
Weakness | CWE-830 | Inclusion of Web Functionality from an Untrusted Source | Variant | Simple | Incomplete | |
Weakness | CWE-836 | Use of Password Hash Instead of Password for Authentication | Base | Simple | Incomplete | |
Weakness | CWE-84 | Improper Neutralization of Encoded URI Schemes in a Web Page | Variant | Simple | Draft | |
Weakness | CWE-841 | Improper Enforcement of Behavioral Workflow | Base | Simple | Incomplete | |
Weakness | CWE-842 | Placement of User into Incorrect Group | Base | Simple | Incomplete | |
Weakness | CWE-843 | Access of Resource Using Incompatible Type ('Type Confusion') | Base | Simple | Incomplete | |
Weakness | CWE-85 | Doubled Character XSS Manipulations | Variant | Simple | Draft | |
Weakness | CWE-86 | Improper Neutralization of Invalid Characters in Identifiers in Web Pages | Variant | Simple | Draft | |
Weakness | CWE-862 | Missing Authorization | Class | Simple | Incomplete | |
Weakness | CWE-863 | Incorrect Authorization | Class | Simple | Incomplete | |
Weakness | CWE-87 | Improper Neutralization of Alternate XSS Syntax | Variant | Simple | Draft | |
Weakness | CWE-88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') | Base | Simple | Draft | |
Weakness | CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | Base | Simple | Stable | |
Weakness | CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | Base | Simple | Stable | |
Weakness | CWE-9 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | Variant | Simple | Draft | |
Weakness | CWE-90 | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') | Base | Simple | Draft | |
Weakness | CWE-908 | Use of Uninitialized Resource | Base | Simple | Incomplete | |
Weakness | CWE-909 | Missing Initialization of Resource | Class | Simple | Incomplete | |
Weakness | CWE-91 | XML Injection (aka Blind XPath Injection) | Base | Simple | Draft | |
Weakness | CWE-910 | Use of Expired File Descriptor | Base | Simple | Incomplete | |
Weakness | CWE-911 | Improper Update of Reference Count | Base | Simple | Incomplete | |
Weakness | CWE-912 | Hidden Functionality | Class | Simple | Incomplete | |
Weakness | CWE-913 | Improper Control of Dynamically-Managed Code Resources | Class | Simple | Incomplete | |
Weakness | CWE-914 | Improper Control of Dynamically-Identified Variables | Base | Simple | Incomplete | |
Weakness | CWE-915 | Improperly Controlled Modification of Dynamically-Determined Object Attributes | Base | Simple | Incomplete | |
Weakness | CWE-917 | Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') | Base | Simple | Incomplete | |
Weakness | CWE-918 | Server-Side Request Forgery (SSRF) | Base | Simple | Incomplete | |
Weakness | CWE-922 | Insecure Storage of Sensitive Information | Class | Simple | Incomplete | |
Weakness | CWE-93 | Improper Neutralization of CRLF Sequences ('CRLF Injection') | Base | Simple | Draft | |
Weakness | CWE-939 | Improper Authorization in Handler for Custom URL Scheme | Base | Simple | Incomplete | |
Weakness | CWE-94 | Improper Control of Generation of Code ('Code Injection') | Base | Simple | Draft | |
Weakness | CWE-940 | Improper Verification of Source of a Communication Channel | Base | Simple | Incomplete | |
Weakness | CWE-941 | Incorrectly Specified Destination in a Communication Channel | Base | Simple | Incomplete | |
Weakness | CWE-942 | Permissive Cross-domain Policy with Untrusted Domains | Variant | Simple | Incomplete | |
Weakness | CWE-943 | Improper Neutralization of Special Elements in Data Query Logic | Class | Simple | Incomplete | |
Weakness | CWE-95 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | Variant | Simple | Incomplete | |
Weakness | CWE-95 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | Variant | Simple | Incomplete | |
Weakness | CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') | Base | Simple | Draft | |
Weakness | CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') | Base | Simple | Draft | |
Weakness | CWE-97 | Improper Neutralization of Server-Side Includes (SSI) Within a Web Page | Variant | Simple | Draft | |
Weakness | CWE-98 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | Variant | Simple | Draft | |
Weakness | CWE-99 | Improper Control of Resource Identifiers ('Resource Injection') | Class | Simple | Draft |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...