CWE-702: Weaknesses Introduced During Implementation

ID CWE-702

Type Implicit

Status Incomplete

Number of CVEs 1

This view (slice) lists weaknesses that can be introduced during implementation.

Relationships

Type	# ID	Name	Abstraction	Structure	Status
Weakness	CWE-1004	Sensitive Cookie Without 'HttpOnly' Flag	Variant	Simple	Incomplete
Weakness	CWE-1007	Insufficient Visual Distinction of Homoglyphs Presented to User	Base	Simple	Incomplete
Weakness	CWE-102	Struts: Duplicate Validation Forms	Variant	Simple	Incomplete
Weakness	CWE-1021	Improper Restriction of Rendered UI Layers or Frames	Base	Simple	Incomplete
Weakness	CWE-1022	Use of Web Link to Untrusted Target with window.opener Access	Variant	Simple	Incomplete
Weakness	CWE-1023	Incomplete Comparison with Missing Factors	Class	Simple	Incomplete
Weakness	CWE-1024	Comparison of Incompatible Types	Base	Simple	Incomplete
Weakness	CWE-1025	Comparison Using Wrong Factors	Base	Simple	Incomplete
Weakness	CWE-103	Struts: Incomplete validate() Method Definition	Variant	Simple	Draft
Weakness	CWE-104	Struts: Form Bean Does Not Extend Validation Class	Variant	Simple	Draft
Weakness	CWE-105	Struts: Form Field Without Validator	Variant	Simple	Draft
Weakness	CWE-106	Struts: Plug-in Framework not in Use	Variant	Simple	Draft
Weakness	CWE-1068	Inconsistency Between Implementation and Documented Design	Base	Simple	Incomplete
Weakness	CWE-107	Struts: Unused Validation Form	Variant	Simple	Draft
Weakness	CWE-108	Struts: Unvalidated Action Form	Variant	Simple	Incomplete
Weakness	CWE-109	Struts: Validator Turned Off	Variant	Simple	Draft
Weakness	CWE-11	ASP.NET Misconfiguration: Creating Debug Binary	Variant	Simple	Draft
Weakness	CWE-110	Struts: Validator Without Form Field	Variant	Simple	Draft
Weakness	CWE-111	Direct Use of Unsafe JNI	Variant	Simple	Draft
Weakness	CWE-112	Missing XML Validation	Base	Simple	Draft
Weakness	CWE-113	Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')	Variant	Simple	Incomplete
Weakness	CWE-114	Process Control	Class	Simple	Incomplete
Weakness	CWE-115	Misinterpretation of Input	Base	Simple	Incomplete
Weakness	CWE-116	Improper Encoding or Escaping of Output	Class	Simple	Draft
Weakness	CWE-117	Improper Output Neutralization for Logs	Base	Simple	Draft
Weakness	CWE-1173	Improper Use of Validation Framework	Base	Simple	Draft
Weakness	CWE-1174	ASP.NET Misconfiguration: Improper Model Validation	Variant	Simple	Draft
Weakness	CWE-1176	Inefficient CPU Computation	Class	Simple	Incomplete
Weakness	CWE-1177	Use of Prohibited Code	Class	Simple	Incomplete
Weakness	CWE-118	Incorrect Access of Indexable Resource ('Range Error')	Class	Simple	Incomplete
Weakness	CWE-1189	Improper Isolation of Shared Resources on System-on-a-Chip (SoC)	Base	Simple	Stable
Weakness	CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer	Class	Simple	Stable
Weakness	CWE-1191	On-Chip Debug and Test Interface With Improper Access Control	Base	Simple	Stable
Weakness	CWE-1192	Improper Identifier for IP Block used in System-On-Chip (SOC)	Base	Simple	Draft
Weakness	CWE-12	ASP.NET Misconfiguration: Missing Custom Error Page	Variant	Simple	Draft
Weakness	CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')	Base	Simple	Incomplete
Weakness	CWE-1204	Generation of Weak Initialization Vector (IV)	Base	Simple	Incomplete
Weakness	CWE-1209	Failure to Disable Reserved Bits	Base	Simple	Incomplete
Weakness	CWE-121	Stack-based Buffer Overflow	Variant	Simple	Draft
Weakness	CWE-122	Heap-based Buffer Overflow	Variant	Simple	Draft
Weakness	CWE-1220	Insufficient Granularity of Access Control	Base	Simple	Incomplete
Weakness	CWE-1221	Incorrect Register Defaults or Module Parameters	Base	Simple	Incomplete
Weakness	CWE-1224	Improper Restriction of Write-Once Bit Fields	Base	Simple	Incomplete
Weakness	CWE-123	Write-what-where Condition	Base	Simple	Draft
Weakness	CWE-1231	Improper Prevention of Lock Bit Modification	Base	Simple	Stable
Weakness	CWE-1232	Improper Lock Behavior After Power State Transition	Base	Simple	Incomplete
Weakness	CWE-1233	Security-Sensitive Hardware Controls with Missing Lock Bit Protection	Base	Simple	Stable
Weakness	CWE-1234	Hardware Internal or Debug Modes Allow Override of Locks	Base	Simple	Incomplete
Weakness	CWE-1235	Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations	Base	Simple	Incomplete
Weakness	CWE-1236	Improper Neutralization of Formula Elements in a CSV File	Base	Simple	Incomplete
Weakness	CWE-1239	Improper Zeroization of Hardware Register	Variant	Simple	Draft
Weakness	CWE-124	Buffer Underwrite ('Buffer Underflow')	Base	Simple	Incomplete
Weakness	CWE-1240	Use of a Cryptographic Primitive with a Risky Implementation	Base	Simple	Draft
Weakness	CWE-1241	Use of Predictable Algorithm in Random Number Generator	Base	Simple	Draft
Weakness	CWE-1242	Inclusion of Undocumented Features or Chicken Bits	Base	Simple	Incomplete
Weakness	CWE-1243	Sensitive Non-Volatile Information Not Protected During Debug	Base	Simple	Incomplete
Weakness	CWE-1244	Internal Asset Exposed to Unsafe Debug Access Level or State	Base	Simple	Stable
Weakness	CWE-1245	Improper Finite State Machines (FSMs) in Hardware Logic	Base	Simple	Incomplete
Weakness	CWE-1246	Improper Write Handling in Limited-write Non-Volatile Memories	Base	Simple	Incomplete
Weakness	CWE-1249	Application-Level Admin Tool with Inconsistent View of Underlying Operating System	Base	Simple	Incomplete
Weakness	CWE-125	Out-of-bounds Read	Base	Simple	Draft
Weakness	CWE-1253	Incorrect Selection of Fuse Values	Base	Simple	Draft
Weakness	CWE-1254	Incorrect Comparison Logic Granularity	Base	Simple	Draft
Weakness	CWE-1255	Comparison Logic is Vulnerable to Power Side-Channel Attacks	Variant	Simple	Draft
Weakness	CWE-1256	Improper Restriction of Software Interfaces to Hardware Features	Base	Simple	Stable
Weakness	CWE-1257	Improper Access Control Applied to Mirrored or Aliased Memory Regions	Base	Simple	Incomplete
Weakness	CWE-1258	Exposure of Sensitive System Information Due to Uncleared Debug Information	Base	Simple	Draft
Weakness	CWE-1259	Improper Restriction of Security Token Assignment	Base	Simple	Incomplete
Weakness	CWE-126	Buffer Over-read	Variant	Simple	Draft
Weakness	CWE-1260	Improper Handling of Overlap Between Protected Memory Ranges	Base	Simple	Stable
Weakness	CWE-1261	Improper Handling of Single Event Upsets	Base	Simple	Draft
Weakness	CWE-1262	Improper Access Control for Register Interface	Base	Simple	Stable
Weakness	CWE-1264	Hardware Logic with Insecure De-Synchronization between Control and Data Channels	Base	Simple	Incomplete
Weakness	CWE-1266	Improper Scrubbing of Sensitive Data from Decommissioned Device	Base	Simple	Incomplete
Weakness	CWE-1267	Policy Uses Obsolete Encoding	Base	Simple	Draft
Weakness	CWE-1268	Policy Privileges are not Assigned Consistently Between Control and Data Agents	Base	Simple	Draft
Weakness	CWE-1269	Product Released in Non-Release Configuration	Base	Simple	Incomplete
Weakness	CWE-127	Buffer Under-read	Variant	Simple	Draft
Weakness	CWE-1270	Generation of Incorrect Security Tokens	Base	Simple	Incomplete
Weakness	CWE-1271	Uninitialized Value on Reset for Registers Holding Security Settings	Base	Simple	Incomplete
Weakness	CWE-1275	Sensitive Cookie with Improper SameSite Attribute	Variant	Simple	Incomplete
Weakness	CWE-1276	Hardware Child Block Incorrectly Connected to Parent System	Base	Simple	Incomplete
Weakness	CWE-1277	Firmware Not Updateable	Base	Simple	Draft
Weakness	CWE-1279	Cryptographic Operations are run Before Supporting Units are Ready	Base	Simple	Incomplete
Weakness	CWE-128	Wrap-around Error	Base	Simple	Incomplete
Weakness	CWE-1280	Access Control Check Implemented After Asset is Accessed	Base	Simple	Incomplete
Weakness	CWE-1281	Sequence of Processor Instructions Leads to Unexpected Behavior	Base	Simple	Incomplete
Weakness	CWE-1282	Assumed-Immutable Data is Stored in Writable Memory	Base	Simple	Incomplete
Weakness	CWE-1283	Mutable Attestation or Measurement Reporting Data	Base	Simple	Incomplete
Weakness	CWE-1284	Improper Validation of Specified Quantity in Input	Base	Simple	Incomplete
Weakness	CWE-1285	Improper Validation of Specified Index, Position, or Offset in Input	Base	Simple	Incomplete
Weakness	CWE-1286	Improper Validation of Syntactic Correctness of Input	Base	Simple	Incomplete
Weakness	CWE-1287	Improper Validation of Specified Type of Input	Base	Simple	Incomplete
Weakness	CWE-1288	Improper Validation of Consistency within Input	Base	Simple	Incomplete
Weakness	CWE-1289	Improper Validation of Unsafe Equivalence in Input	Base	Simple	Incomplete
Weakness	CWE-129	Improper Validation of Array Index	Variant	Simple	Draft
Weakness	CWE-1290	Incorrect Decoding of Security Identifiers	Base	Simple	Incomplete
Weakness	CWE-1291	Public Key Re-Use for Signing both Debug and Production Code	Base	Simple	Draft
Weakness	CWE-1292	Incorrect Conversion of Security Identifiers	Base	Simple	Draft
Weakness	CWE-1293	Missing Source Correlation of Multiple Independent Data	Base	Simple	Draft
Weakness	CWE-1294	Insecure Security Identifier Mechanism	Class	Simple	Incomplete
Weakness	CWE-1295	Debug Messages Revealing Unnecessary Information	Base	Simple	Incomplete
Weakness	CWE-1296	Incorrect Chaining or Granularity of Debug Components	Base	Simple	Incomplete
Weakness	CWE-1297	Unprotected Confidential Information on Device is Accessible by OSAT Vendors	Base	Simple	Incomplete
Weakness	CWE-1298	Hardware Logic Contains Race Conditions	Base	Simple	Draft
Weakness	CWE-1299	Missing Protection Mechanism for Alternate Hardware Interface	Base	Simple	Draft
Weakness	CWE-13	ASP.NET Misconfiguration: Password in Configuration File	Variant	Simple	Draft
Weakness	CWE-130	Improper Handling of Length Parameter Inconsistency	Base	Simple	Incomplete
Weakness	CWE-1300	Improper Protection of Physical Side Channels	Base	Simple	Stable
Weakness	CWE-1301	Insufficient or Incomplete Data Removal within Hardware Component	Base	Simple	Incomplete
Weakness	CWE-1302	Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)	Base	Simple	Incomplete
Weakness	CWE-1303	Non-Transparent Sharing of Microarchitectural Resources	Base	Simple	Draft
Weakness	CWE-131	Incorrect Calculation of Buffer Size	Base	Simple	Draft
Weakness	CWE-1310	Missing Ability to Patch ROM Code	Base	Simple	Draft
Weakness	CWE-1311	Improper Translation of Security Attributes by Fabric Bridge	Base	Simple	Draft
Weakness	CWE-1312	Missing Protection for Mirrored Regions in On-Chip Fabric Firewall	Base	Simple	Draft
Weakness	CWE-1313	Hardware Allows Activation of Test or Debug Logic at Runtime	Base	Simple	Draft
Weakness	CWE-1314	Missing Write Protection for Parametric Data Values	Base	Simple	Draft
Weakness	CWE-1315	Improper Setting of Bus Controlling Capability in Fabric End-point	Base	Simple	Incomplete
Weakness	CWE-1316	Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges	Base	Simple	Draft
Weakness	CWE-1317	Improper Access Control in Fabric Bridge	Base	Simple	Draft
Weakness	CWE-1318	Missing Support for Security Features in On-chip Fabrics or Buses	Base	Simple	Incomplete
Weakness	CWE-1319	Improper Protection against Electromagnetic Fault Injection (EM-FI)	Base	Simple	Incomplete
Weakness	CWE-1320	Improper Protection for Outbound Error Messages and Alert Signals	Base	Simple	Draft
Weakness	CWE-1321	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	Variant	Simple	Incomplete
Weakness	CWE-1322	Use of Blocking Code in Single-threaded, Non-blocking Context	Base	Simple	Incomplete
Weakness	CWE-1323	Improper Management of Sensitive Trace Data	Base	Simple	Draft
Weakness	CWE-1325	Improperly Controlled Sequential Memory Allocation	Base	Simple	Incomplete
Weakness	CWE-1326	Missing Immutable Root of Trust in Hardware	Base	Simple	Draft
Weakness	CWE-1328	Security Version Number Mutable to Older Versions	Base	Simple	Draft
Weakness	CWE-1329	Reliance on Component That is Not Updateable	Base	Simple	Incomplete
Weakness	CWE-1330	Remanent Data Readable after Memory Erase	Variant	Simple	Draft
Weakness	CWE-1331	Improper Isolation of Shared Resources in Network On Chip (NoC)	Base	Simple	Stable
Weakness	CWE-1332	Improper Handling of Faults that Lead to Instruction Skips	Base	Simple	Stable
Weakness	CWE-1333	Inefficient Regular Expression Complexity	Base	Simple	Draft
Weakness	CWE-1334	Unauthorized Error Injection Can Degrade Hardware Redundancy	Base	Simple	Draft
Weakness	CWE-1335	Incorrect Bitwise Shift of Integer	Base	Simple	Draft
Weakness	CWE-1336	Improper Neutralization of Special Elements Used in a Template Engine	Base	Simple	Incomplete
Weakness	CWE-1338	Improper Protections Against Hardware Overheating	Base	Simple	Draft
Weakness	CWE-1339	Insufficient Precision or Accuracy of a Real Number	Base	Simple	Draft
Weakness	CWE-134	Use of Externally-Controlled Format String	Base	Simple	Draft
Weakness	CWE-134	Use of Externally-Controlled Format String	Base	Simple	Draft
Weakness	CWE-1341	Multiple Releases of Same Resource or Handle	Base	Simple	Incomplete
Weakness	CWE-135	Incorrect Calculation of Multi-Byte String Length	Base	Simple	Draft
Weakness	CWE-1351	Improper Handling of Hardware Behavior in Exceptionally Cold Environments	Base	Simple	Incomplete
Weakness	CWE-138	Improper Neutralization of Special Elements	Class	Simple	Draft
Weakness	CWE-1385	Missing Origin Validation in WebSockets	Variant	Simple	Incomplete
Weakness	CWE-1386	Insecure Operation on Windows Junction / Mount Point	Base	Simple	Incomplete
Weakness	CWE-1389	Incorrect Parsing of Numbers with Different Radices	Base	Simple	Incomplete
Weakness	CWE-1389	Incorrect Parsing of Numbers with Different Radices	Base	Simple	Incomplete
Weakness	CWE-1390	Weak Authentication	Class	Simple	Incomplete
Weakness	CWE-1395	Dependency on Vulnerable Third-Party Component	Class	Simple	Incomplete
Weakness	CWE-14	Compiler Removal of Code to Clear Buffers	Variant	Simple	Draft
Weakness	CWE-140	Improper Neutralization of Delimiters	Base	Simple	Draft
Weakness	CWE-141	Improper Neutralization of Parameter/Argument Delimiters	Variant	Simple	Draft
Weakness	CWE-1419	Incorrect Initialization of Resource	Class	Simple	Incomplete
Weakness	CWE-142	Improper Neutralization of Value Delimiters	Variant	Simple	Draft
Weakness	CWE-1420	Exposure of Sensitive Information during Transient Execution	Base	Simple	Incomplete
Weakness	CWE-1421	Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution	Base	Simple	Incomplete
Weakness	CWE-1423	Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution	Base	Simple	Incomplete
Weakness	CWE-1426	Improper Validation of Generative AI Output	Base	Simple	Incomplete
Weakness	CWE-143	Improper Neutralization of Record Delimiters	Variant	Simple	Draft
Weakness	CWE-144	Improper Neutralization of Line Delimiters	Variant	Simple	Draft
Weakness	CWE-145	Improper Neutralization of Section Delimiters	Variant	Simple	Incomplete
Weakness	CWE-146	Improper Neutralization of Expression/Command Delimiters	Variant	Simple	Incomplete
Weakness	CWE-147	Improper Neutralization of Input Terminators	Variant	Simple	Draft
Weakness	CWE-148	Improper Neutralization of Input Leaders	Variant	Simple	Draft
Weakness	CWE-149	Improper Neutralization of Quoting Syntax	Variant	Simple	Draft
Weakness	CWE-15	External Control of System or Configuration Setting	Base	Simple	Incomplete
Weakness	CWE-15	External Control of System or Configuration Setting	Base	Simple	Incomplete
Weakness	CWE-150	Improper Neutralization of Escape, Meta, or Control Sequences	Variant	Simple	Incomplete
Weakness	CWE-151	Improper Neutralization of Comment Delimiters	Variant	Simple	Draft
Weakness	CWE-152	Improper Neutralization of Macro Symbols	Variant	Simple	Draft
Weakness	CWE-153	Improper Neutralization of Substitution Characters	Variant	Simple	Draft
Weakness	CWE-154	Improper Neutralization of Variable Name Delimiters	Variant	Simple	Incomplete
Weakness	CWE-155	Improper Neutralization of Wildcards or Matching Symbols	Variant	Simple	Draft
Weakness	CWE-156	Improper Neutralization of Whitespace	Variant	Simple	Draft
Weakness	CWE-157	Failure to Sanitize Paired Delimiters	Variant	Simple	Draft
Weakness	CWE-158	Improper Neutralization of Null Byte or NUL Character	Variant	Simple	Incomplete
Weakness	CWE-159	Improper Handling of Invalid Use of Special Elements	Class	Simple	Draft
Weakness	CWE-160	Improper Neutralization of Leading Special Elements	Variant	Simple	Incomplete
Weakness	CWE-161	Improper Neutralization of Multiple Leading Special Elements	Variant	Simple	Incomplete
Weakness	CWE-162	Improper Neutralization of Trailing Special Elements	Variant	Simple	Incomplete
Weakness	CWE-163	Improper Neutralization of Multiple Trailing Special Elements	Variant	Simple	Incomplete
Weakness	CWE-164	Improper Neutralization of Internal Special Elements	Variant	Simple	Incomplete
Weakness	CWE-165	Improper Neutralization of Multiple Internal Special Elements	Variant	Simple	Incomplete
Weakness	CWE-166	Improper Handling of Missing Special Element	Base	Simple	Draft
Weakness	CWE-167	Improper Handling of Additional Special Element	Base	Simple	Draft
Weakness	CWE-168	Improper Handling of Inconsistent Special Elements	Base	Simple	Draft
Weakness	CWE-170	Improper Null Termination	Base	Simple	Incomplete
Weakness	CWE-172	Encoding Error	Class	Simple	Draft
Weakness	CWE-173	Improper Handling of Alternate Encoding	Variant	Simple	Draft
Weakness	CWE-174	Double Decoding of the Same Data	Variant	Simple	Draft
Weakness	CWE-175	Improper Handling of Mixed Encoding	Variant	Simple	Draft
Weakness	CWE-176	Improper Handling of Unicode Encoding	Variant	Simple	Draft
Weakness	CWE-177	Improper Handling of URL Encoding (Hex Encoding)	Variant	Simple	Draft
Weakness	CWE-178	Improper Handling of Case Sensitivity	Base	Simple	Incomplete
Weakness	CWE-179	Incorrect Behavior Order: Early Validation	Base	Simple	Incomplete
Weakness	CWE-180	Incorrect Behavior Order: Validate Before Canonicalize	Variant	Simple	Draft
Weakness	CWE-181	Incorrect Behavior Order: Validate Before Filter	Variant	Simple	Draft
Weakness	CWE-182	Collapse of Data into Unsafe Value	Base	Simple	Draft
Weakness	CWE-183	Permissive List of Allowed Inputs	Base	Simple	Draft
Weakness	CWE-184	Incomplete List of Disallowed Inputs	Base	Simple	Draft
Weakness	CWE-185	Incorrect Regular Expression	Class	Simple	Draft
Weakness	CWE-186	Overly Restrictive Regular Expression	Base	Simple	Draft
Weakness	CWE-187	Partial String Comparison	Variant	Simple	Incomplete
Weakness	CWE-188	Reliance on Data/Memory Layout	Base	Simple	Draft
Weakness	CWE-190	Integer Overflow or Wraparound	Base	Simple	Stable
Weakness	CWE-191	Integer Underflow (Wrap or Wraparound)	Base	Simple	Draft
Weakness	CWE-192	Integer Coercion Error	Variant	Simple	Incomplete
Weakness	CWE-193	Off-by-one Error	Base	Simple	Draft
Weakness	CWE-194	Unexpected Sign Extension	Variant	Simple	Incomplete
Weakness	CWE-195	Signed to Unsigned Conversion Error	Variant	Simple	Draft
Weakness	CWE-196	Unsigned to Signed Conversion Error	Variant	Simple	Draft
Weakness	CWE-197	Numeric Truncation Error	Base	Simple	Incomplete
Weakness	CWE-198	Use of Incorrect Byte Ordering	Variant	Simple	Draft
Weakness	CWE-20	Improper Input Validation	Class	Simple	Stable
Weakness	CWE-200	Exposure of Sensitive Information to an Unauthorized Actor	Class	Simple	Draft
Weakness	CWE-201	Insertion of Sensitive Information Into Sent Data	Base	Simple	Draft
Weakness	CWE-202	Exposure of Sensitive Information Through Data Queries	Base	Simple	Draft
Weakness	CWE-203	Observable Discrepancy	Base	Simple	Incomplete
Weakness	CWE-204	Observable Response Discrepancy	Base	Simple	Incomplete
Weakness	CWE-205	Observable Behavioral Discrepancy	Base	Simple	Incomplete
Weakness	CWE-206	Observable Internal Behavioral Discrepancy	Variant	Simple	Incomplete
Weakness	CWE-207	Observable Behavioral Discrepancy With Equivalent Products	Variant	Simple	Draft
Weakness	CWE-208	Observable Timing Discrepancy	Base	Simple	Incomplete
Weakness	CWE-209	Generation of Error Message Containing Sensitive Information	Base	Simple	Draft
Weakness	CWE-210	Self-generated Error Message Containing Sensitive Information	Base	Simple	Draft
Weakness	CWE-211	Externally-Generated Error Message Containing Sensitive Information	Base	Simple	Incomplete
Weakness	CWE-212	Improper Removal of Sensitive Information Before Storage or Transfer	Base	Simple	Incomplete
Weakness	CWE-213	Exposure of Sensitive Information Due to Incompatible Policies	Base	Simple	Draft
Weakness	CWE-214	Invocation of Process Using Visible Sensitive Information	Base	Simple	Incomplete
Weakness	CWE-215	Insertion of Sensitive Information Into Debugging Code	Base	Simple	Draft
Weakness	CWE-219	Storage of File with Sensitive Data Under Web Root	Variant	Simple	Draft
Weakness	CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	Base	Simple	Stable
Weakness	CWE-221	Information Loss or Omission	Class	Simple	Incomplete
Weakness	CWE-222	Truncation of Security-relevant Information	Base	Simple	Draft
Weakness	CWE-223	Omission of Security-relevant Information	Base	Simple	Draft
Weakness	CWE-224	Obscured Security-relevant Information by Alternate Name	Base	Simple	Incomplete
Weakness	CWE-226	Sensitive Information in Resource Not Removed Before Reuse	Base	Simple	Draft
Weakness	CWE-228	Improper Handling of Syntactically Invalid Structure	Class	Simple	Incomplete
Weakness	CWE-229	Improper Handling of Values	Base	Simple	Incomplete
Weakness	CWE-23	Relative Path Traversal	Base	Simple	Draft
Weakness	CWE-230	Improper Handling of Missing Values	Variant	Simple	Draft
Weakness	CWE-231	Improper Handling of Extra Values	Variant	Simple	Draft
Weakness	CWE-232	Improper Handling of Undefined Values	Variant	Simple	Draft
Weakness	CWE-233	Improper Handling of Parameters	Base	Simple	Incomplete
Weakness	CWE-234	Failure to Handle Missing Parameter	Variant	Simple	Incomplete
Weakness	CWE-235	Improper Handling of Extra Parameters	Variant	Simple	Draft
Weakness	CWE-236	Improper Handling of Undefined Parameters	Variant	Simple	Draft
Weakness	CWE-238	Improper Handling of Incomplete Structural Elements	Variant	Simple	Draft
Weakness	CWE-239	Failure to Handle Incomplete Element	Variant	Simple	Draft
Weakness	CWE-24	Path Traversal: '../filedir'	Variant	Simple	Incomplete
Weakness	CWE-240	Improper Handling of Inconsistent Structural Elements	Base	Simple	Draft
Weakness	CWE-241	Improper Handling of Unexpected Data Type	Base	Simple	Draft
Weakness	CWE-242	Use of Inherently Dangerous Function	Base	Simple	Draft
Weakness	CWE-243	Creation of chroot Jail Without Changing Working Directory	Variant	Simple	Draft
Weakness	CWE-244	Improper Clearing of Heap Memory Before Release ('Heap Inspection')	Variant	Simple	Draft
Weakness	CWE-245	J2EE Bad Practices: Direct Management of Connections	Variant	Simple	Draft
Weakness	CWE-246	J2EE Bad Practices: Direct Use of Sockets	Variant	Simple	Draft
Weakness	CWE-248	Uncaught Exception	Base	Simple	Draft
Weakness	CWE-25	Path Traversal: '/../filedir'	Variant	Simple	Incomplete
Weakness	CWE-250	Execution with Unnecessary Privileges	Base	Simple	Draft
Weakness	CWE-252	Unchecked Return Value	Base	Simple	Draft
Weakness	CWE-253	Incorrect Check of Function Return Value	Base	Simple	Incomplete
Weakness	CWE-258	Empty Password in Configuration File	Variant	Simple	Incomplete
Weakness	CWE-259	Use of Hard-coded Password	Variant	Simple	Draft
Weakness	CWE-26	Path Traversal: '/dir/../filename'	Variant	Simple	Draft
Weakness	CWE-260	Password in Configuration File	Base	Simple	Incomplete
Weakness	CWE-266	Incorrect Privilege Assignment	Base	Simple	Draft
Weakness	CWE-267	Privilege Defined With Unsafe Actions	Base	Simple	Incomplete
Weakness	CWE-268	Privilege Chaining	Base	Simple	Draft
Weakness	CWE-269	Improper Privilege Management	Class	Simple	Draft
Weakness	CWE-27	Path Traversal: 'dir/../../filename'	Variant	Simple	Draft
Weakness	CWE-270	Privilege Context Switching Error	Base	Simple	Draft
Weakness	CWE-271	Privilege Dropping / Lowering Errors	Class	Simple	Incomplete
Weakness	CWE-272	Least Privilege Violation	Base	Simple	Incomplete
Weakness	CWE-273	Improper Check for Dropped Privileges	Base	Simple	Incomplete
Weakness	CWE-274	Improper Handling of Insufficient Privileges	Base	Simple	Draft
Weakness	CWE-276	Incorrect Default Permissions	Base	Simple	Draft
Weakness	CWE-277	Insecure Inherited Permissions	Variant	Simple	Draft
Weakness	CWE-279	Incorrect Execution-Assigned Permissions	Variant	Simple	Draft
Weakness	CWE-28	Path Traversal: '..\filedir'	Variant	Simple	Incomplete
Weakness	CWE-280	Improper Handling of Insufficient Permissions or Privileges	Base	Simple	Draft
Weakness	CWE-281	Improper Preservation of Permissions	Base	Simple	Draft
Weakness	CWE-284	Improper Access Control	Pillar	Simple	Incomplete
Weakness	CWE-285	Improper Authorization	Class	Simple	Draft
Weakness	CWE-286	Incorrect User Management	Class	Simple	Incomplete
Weakness	CWE-287	Improper Authentication	Class	Simple	Draft
Weakness	CWE-289	Authentication Bypass by Alternate Name	Base	Simple	Incomplete
Weakness	CWE-29	Path Traversal: '\..\filename'	Variant	Simple	Incomplete
Weakness	CWE-290	Authentication Bypass by Spoofing	Base	Simple	Incomplete
Weakness	CWE-295	Improper Certificate Validation	Base	Simple	Draft
Weakness	CWE-295	Improper Certificate Validation	Base	Simple	Draft
Weakness	CWE-296	Improper Following of a Certificate's Chain of Trust	Base	Simple	Draft
Weakness	CWE-296	Improper Following of a Certificate's Chain of Trust	Base	Simple	Draft
Weakness	CWE-297	Improper Validation of Certificate with Host Mismatch	Variant	Simple	Incomplete
Weakness	CWE-297	Improper Validation of Certificate with Host Mismatch	Variant	Simple	Incomplete
Weakness	CWE-298	Improper Validation of Certificate Expiration	Variant	Simple	Draft
Weakness	CWE-298	Improper Validation of Certificate Expiration	Variant	Simple	Draft
Weakness	CWE-299	Improper Check for Certificate Revocation	Base	Simple	Draft
Weakness	CWE-299	Improper Check for Certificate Revocation	Base	Simple	Draft
Weakness	CWE-30	Path Traversal: '\dir\..\filename'	Variant	Simple	Draft
Weakness	CWE-302	Authentication Bypass by Assumed-Immutable Data	Base	Simple	Incomplete
Weakness	CWE-303	Incorrect Implementation of Authentication Algorithm	Base	Simple	Draft
Weakness	CWE-304	Missing Critical Step in Authentication	Base	Simple	Draft
Weakness	CWE-305	Authentication Bypass by Primary Weakness	Base	Simple	Draft
Weakness	CWE-31	Path Traversal: 'dir\..\..\filename'	Variant	Simple	Draft
Weakness	CWE-318	Cleartext Storage of Sensitive Information in Executable	Variant	Simple	Draft
Weakness	CWE-32	Path Traversal: '...' (Triple Dot)	Variant	Simple	Incomplete
Weakness	CWE-325	Missing Cryptographic Step	Base	Simple	Draft
Weakness	CWE-327	Use of a Broken or Risky Cryptographic Algorithm	Class	Simple	Draft
Weakness	CWE-329	Generation of Predictable IV with CBC Mode	Variant	Simple	Draft
Weakness	CWE-33	Path Traversal: '....' (Multiple Dot)	Variant	Simple	Incomplete
Weakness	CWE-330	Use of Insufficiently Random Values	Class	Simple	Stable
Weakness	CWE-331	Insufficient Entropy	Base	Simple	Draft
Weakness	CWE-332	Insufficient Entropy in PRNG	Variant	Simple	Draft
Weakness	CWE-333	Improper Handling of Insufficient Entropy in TRNG	Variant	Simple	Draft
Weakness	CWE-334	Small Space of Random Values	Base	Simple	Draft
Weakness	CWE-335	Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)	Base	Simple	Draft
Weakness	CWE-336	Same Seed in Pseudo-Random Number Generator (PRNG)	Variant	Simple	Draft
Weakness	CWE-337	Predictable Seed in Pseudo-Random Number Generator (PRNG)	Variant	Simple	Draft
Weakness	CWE-338	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	Base	Simple	Draft
Weakness	CWE-339	Small Seed Space in PRNG	Variant	Simple	Draft
Weakness	CWE-34	Path Traversal: '....//'	Variant	Simple	Incomplete
Weakness	CWE-340	Generation of Predictable Numbers or Identifiers	Class	Simple	Incomplete
Weakness	CWE-341	Predictable from Observable State	Base	Simple	Draft
Weakness	CWE-342	Predictable Exact Value from Previous Values	Base	Simple	Draft
Weakness	CWE-343	Predictable Value Range from Previous Values	Base	Simple	Draft
Weakness	CWE-344	Use of Invariant Value in Dynamically Changing Context	Base	Simple	Draft
Weakness	CWE-345	Insufficient Verification of Data Authenticity	Class	Simple	Draft
Weakness	CWE-346	Origin Validation Error	Class	Simple	Draft
Weakness	CWE-347	Improper Verification of Cryptographic Signature	Base	Simple	Draft
Weakness	CWE-348	Use of Less Trusted Source	Base	Simple	Draft
Weakness	CWE-349	Acceptance of Extraneous Untrusted Data With Trusted Data	Base	Simple	Draft
Weakness	CWE-35	Path Traversal: '.../...//'	Variant	Simple	Incomplete
Weakness	CWE-351	Insufficient Type Distinction	Base	Simple	Draft
Weakness	CWE-353	Missing Support for Integrity Check	Base	Simple	Draft
Weakness	CWE-354	Improper Validation of Integrity Check Value	Base	Simple	Draft
Weakness	CWE-356	Product UI does not Warn User of Unsafe Actions	Base	Simple	Incomplete
Weakness	CWE-357	Insufficient UI Warning of Dangerous Operations	Base	Simple	Draft
Weakness	CWE-358	Improperly Implemented Security Check for Standard	Base	Simple	Draft
Weakness	CWE-359	Exposure of Private Personal Information to an Unauthorized Actor	Base	Simple	Incomplete
Weakness	CWE-36	Absolute Path Traversal	Base	Simple	Draft
Weakness	CWE-360	Trust of System Event Data	Base	Simple	Incomplete
Weakness	CWE-362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Class	Simple	Draft
Weakness	CWE-363	Race Condition Enabling Link Following	Base	Simple	Draft
Weakness	CWE-364	Signal Handler Race Condition	Base	Simple	Incomplete
Weakness	CWE-366	Race Condition within a Thread	Base	Simple	Draft
Weakness	CWE-367	Time-of-check Time-of-use (TOCTOU) Race Condition	Base	Simple	Incomplete
Weakness	CWE-368	Context Switching Race Condition	Base	Simple	Draft
Weakness	CWE-369	Divide By Zero	Base	Simple	Draft
Weakness	CWE-37	Path Traversal: '/absolute/pathname/here'	Variant	Simple	Draft
Weakness	CWE-370	Missing Check for Certificate Revocation after Initial Check	Variant	Simple	Draft
Weakness	CWE-372	Incomplete Internal State Distinction	Base	Simple	Draft
Weakness	CWE-374	Passing Mutable Objects to an Untrusted Method	Base	Simple	Draft
Weakness	CWE-375	Returning a Mutable Object to an Untrusted Caller	Base	Simple	Draft
Weakness	CWE-377	Insecure Temporary File	Class	Simple	Incomplete
Weakness	CWE-378	Creation of Temporary File With Insecure Permissions	Base	Simple	Draft
Weakness	CWE-379	Creation of Temporary File in Directory with Insecure Permissions	Base	Simple	Incomplete
Weakness	CWE-38	Path Traversal: '\absolute\pathname\here'	Variant	Simple	Draft
Weakness	CWE-382	J2EE Bad Practices: Use of System.exit()	Variant	Simple	Draft
Weakness	CWE-383	J2EE Bad Practices: Direct Use of Threads	Variant	Simple	Draft
Weakness	CWE-384	Session Fixation	Compound	Composite	Incomplete
Weakness	CWE-385	Covert Timing Channel	Base	Simple	Incomplete
Weakness	CWE-386	Symbolic Name not Mapping to Correct Object	Base	Simple	Draft
Weakness	CWE-39	Path Traversal: 'C:dirname'	Variant	Simple	Draft
Weakness	CWE-390	Detection of Error Condition Without Action	Base	Simple	Draft
Weakness	CWE-391	Unchecked Error Condition	Base	Simple	Incomplete
Weakness	CWE-392	Missing Report of Error Condition	Base	Simple	Draft
Weakness	CWE-393	Return of Wrong Status Code	Base	Simple	Draft
Weakness	CWE-394	Unexpected Status Code or Return Value	Base	Simple	Draft
Weakness	CWE-395	Use of NullPointerException Catch to Detect NULL Pointer Dereference	Base	Simple	Draft
Weakness	CWE-396	Declaration of Catch for Generic Exception	Base	Simple	Draft
Weakness	CWE-397	Declaration of Throws for Generic Exception	Base	Simple	Draft
Weakness	CWE-40	Path Traversal: '\\UNC\share\name\' (Windows UNC Share)	Variant	Simple	Draft
Weakness	CWE-400	Uncontrolled Resource Consumption	Class	Simple	Draft
Weakness	CWE-401	Missing Release of Memory after Effective Lifetime	Variant	Simple	Draft
Weakness	CWE-402	Transmission of Private Resources into a New Sphere ('Resource Leak')	Class	Simple	Draft
Weakness	CWE-403	Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')	Base	Simple	Draft
Weakness	CWE-404	Improper Resource Shutdown or Release	Class	Simple	Draft
Weakness	CWE-405	Asymmetric Resource Consumption (Amplification)	Class	Simple	Incomplete
Weakness	CWE-406	Insufficient Control of Network Message Volume (Network Amplification)	Class	Simple	Incomplete
Weakness	CWE-407	Inefficient Algorithmic Complexity	Class	Simple	Incomplete
Weakness	CWE-408	Incorrect Behavior Order: Early Amplification	Base	Simple	Draft
Weakness	CWE-409	Improper Handling of Highly Compressed Data (Data Amplification)	Base	Simple	Incomplete
Weakness	CWE-41	Improper Resolution of Path Equivalence	Base	Simple	Incomplete
Weakness	CWE-410	Insufficient Resource Pool	Base	Simple	Incomplete
Weakness	CWE-412	Unrestricted Externally Accessible Lock	Base	Simple	Incomplete
Weakness	CWE-413	Improper Resource Locking	Base	Simple	Draft
Weakness	CWE-414	Missing Lock Check	Base	Simple	Draft
Weakness	CWE-415	Double Free	Variant	Simple	Draft
Weakness	CWE-416	Use After Free	Variant	Simple	Stable
Weakness	CWE-419	Unprotected Primary Channel	Base	Simple	Draft
Weakness	CWE-42	Path Equivalence: 'filename.' (Trailing Dot)	Variant	Simple	Incomplete
Weakness	CWE-420	Unprotected Alternate Channel	Base	Simple	Draft
Weakness	CWE-425	Direct Request ('Forced Browsing')	Base	Simple	Incomplete
Weakness	CWE-426	Untrusted Search Path	Base	Simple	Stable
Weakness	CWE-427	Uncontrolled Search Path Element	Base	Simple	Draft
Weakness	CWE-428	Unquoted Search Path or Element	Base	Simple	Draft
Weakness	CWE-43	Path Equivalence: 'filename....' (Multiple Trailing Dot)	Variant	Simple	Incomplete
Weakness	CWE-430	Deployment of Wrong Handler	Base	Simple	Incomplete
Weakness	CWE-431	Missing Handler	Base	Simple	Draft
Weakness	CWE-432	Dangerous Signal Handler not Disabled During Sensitive Operations	Base	Simple	Draft
Weakness	CWE-433	Unparsed Raw Web Content Delivery	Variant	Simple	Incomplete
Weakness	CWE-434	Unrestricted Upload of File with Dangerous Type	Base	Simple	Draft
Weakness	CWE-435	Improper Interaction Between Multiple Correctly-Behaving Entities	Pillar	Simple	Draft
Weakness	CWE-436	Interpretation Conflict	Class	Simple	Incomplete
Weakness	CWE-437	Incomplete Model of Endpoint Features	Base	Simple	Incomplete
Weakness	CWE-439	Behavioral Change in New Version or Environment	Base	Simple	Draft
Weakness	CWE-44	Path Equivalence: 'file.name' (Internal Dot)	Variant	Simple	Incomplete
Weakness	CWE-440	Expected Behavior Violation	Base	Simple	Draft
Weakness	CWE-444	Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')	Base	Simple	Incomplete
Weakness	CWE-446	UI Discrepancy for Security Feature	Class	Simple	Incomplete
Weakness	CWE-447	Unimplemented or Unsupported Feature in UI	Base	Simple	Draft
Weakness	CWE-448	Obsolete Feature in UI	Base	Simple	Draft
Weakness	CWE-449	The UI Performs the Wrong Action	Base	Simple	Incomplete
Weakness	CWE-45	Path Equivalence: 'file...name' (Multiple Internal Dot)	Variant	Simple	Incomplete
Weakness	CWE-450	Multiple Interpretations of UI Input	Base	Simple	Draft
Weakness	CWE-451	User Interface (UI) Misrepresentation of Critical Information	Class	Simple	Draft
Weakness	CWE-453	Insecure Default Variable Initialization	Variant	Simple	Draft
Weakness	CWE-454	External Initialization of Trusted Variables or Data Stores	Base	Simple	Draft
Weakness	CWE-455	Non-exit on Failed Initialization	Base	Simple	Draft
Weakness	CWE-456	Missing Initialization of a Variable	Variant	Simple	Draft
Weakness	CWE-457	Use of Uninitialized Variable	Variant	Simple	Draft
Weakness	CWE-459	Incomplete Cleanup	Base	Simple	Draft
Weakness	CWE-46	Path Equivalence: 'filename ' (Trailing Space)	Variant	Simple	Incomplete
Weakness	CWE-460	Improper Cleanup on Thrown Exception	Base	Simple	Draft
Weakness	CWE-462	Duplicate Key in Associative List (Alist)	Variant	Simple	Incomplete
Weakness	CWE-463	Deletion of Data Structure Sentinel	Base	Simple	Incomplete
Weakness	CWE-464	Addition of Data Structure Sentinel	Base	Simple	Incomplete
Weakness	CWE-466	Return of Pointer Value Outside of Expected Range	Base	Simple	Draft
Weakness	CWE-467	Use of sizeof() on a Pointer Type	Variant	Simple	Draft
Weakness	CWE-468	Incorrect Pointer Scaling	Base	Simple	Incomplete
Weakness	CWE-469	Use of Pointer Subtraction to Determine Size	Base	Simple	Draft
Weakness	CWE-47	Path Equivalence: ' filename' (Leading Space)	Variant	Simple	Incomplete
Weakness	CWE-470	Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')	Base	Simple	Draft
Weakness	CWE-471	Modification of Assumed-Immutable Data (MAID)	Base	Simple	Draft
Weakness	CWE-472	External Control of Assumed-Immutable Web Parameter	Base	Simple	Draft
Weakness	CWE-473	PHP External Variable Modification	Variant	Simple	Draft
Weakness	CWE-474	Use of Function with Inconsistent Implementations	Base	Simple	Draft
Weakness	CWE-475	Undefined Behavior for Input to API	Base	Simple	Incomplete
Weakness	CWE-476	NULL Pointer Dereference	Base	Simple	Stable
Weakness	CWE-477	Use of Obsolete Function	Base	Simple	Draft
Weakness	CWE-478	Missing Default Case in Multiple Condition Expression	Base	Simple	Draft
Weakness	CWE-479	Signal Handler Use of a Non-reentrant Function	Variant	Simple	Draft
Weakness	CWE-48	Path Equivalence: 'file name' (Internal Whitespace)	Variant	Simple	Incomplete
Weakness	CWE-480	Use of Incorrect Operator	Base	Simple	Draft
Weakness	CWE-481	Assigning instead of Comparing	Variant	Simple	Draft
Weakness	CWE-482	Comparing instead of Assigning	Variant	Simple	Draft
Weakness	CWE-483	Incorrect Block Delimitation	Base	Simple	Draft
Weakness	CWE-484	Omitted Break Statement in Switch	Base	Simple	Draft
Weakness	CWE-486	Comparison of Classes by Name	Variant	Simple	Draft
Weakness	CWE-487	Reliance on Package-level Scope	Base	Simple	Incomplete
Weakness	CWE-488	Exposure of Data Element to Wrong Session	Base	Simple	Draft
Weakness	CWE-489	Active Debug Code	Base	Simple	Draft
Weakness	CWE-49	Path Equivalence: 'filename/' (Trailing Slash)	Variant	Simple	Incomplete
Weakness	CWE-491	Public cloneable() Method Without Final ('Object Hijack')	Variant	Simple	Draft
Weakness	CWE-492	Use of Inner Class Containing Sensitive Data	Variant	Simple	Draft
Weakness	CWE-493	Critical Public Variable Without Final Modifier	Variant	Simple	Draft
Weakness	CWE-494	Download of Code Without Integrity Check	Base	Simple	Draft
Weakness	CWE-495	Private Data Structure Returned From A Public Method	Variant	Simple	Draft
Weakness	CWE-496	Public Data Assigned to Private Array-Typed Field	Variant	Simple	Incomplete
Weakness	CWE-497	Exposure of Sensitive System Information to an Unauthorized Control Sphere	Base	Simple	Incomplete
Weakness	CWE-498	Cloneable Class Containing Sensitive Information	Variant	Simple	Draft
Weakness	CWE-499	Serializable Class Containing Sensitive Data	Variant	Simple	Draft
Weakness	CWE-5	J2EE Misconfiguration: Data Transmission Without Encryption	Variant	Simple	Draft
Weakness	CWE-50	Path Equivalence: '//multiple/leading/slash'	Variant	Simple	Incomplete
Weakness	CWE-500	Public Static Field Not Marked Final	Variant	Simple	Draft
Weakness	CWE-502	Deserialization of Untrusted Data	Base	Simple	Draft
Weakness	CWE-506	Embedded Malicious Code	Class	Simple	Incomplete
Weakness	CWE-507	Trojan Horse	Base	Simple	Incomplete
Weakness	CWE-508	Non-Replicating Malicious Code	Base	Simple	Incomplete
Weakness	CWE-509	Replicating Malicious Code (Virus or Worm)	Base	Simple	Incomplete
Weakness	CWE-51	Path Equivalence: '/multiple//internal/slash'	Variant	Simple	Incomplete
Weakness	CWE-510	Trapdoor	Base	Simple	Incomplete
Weakness	CWE-511	Logic/Time Bomb	Base	Simple	Incomplete
Weakness	CWE-512	Spyware	Base	Simple	Incomplete
Weakness	CWE-514	Covert Channel	Class	Simple	Incomplete
Weakness	CWE-515	Covert Storage Channel	Base	Simple	Incomplete
Weakness	CWE-52	Path Equivalence: '/multiple/trailing/slash//'	Variant	Simple	Incomplete
Weakness	CWE-520	.NET Misconfiguration: Use of Impersonation	Variant	Simple	Incomplete
Weakness	CWE-521	Weak Password Requirements	Base	Simple	Draft
Weakness	CWE-522	Insufficiently Protected Credentials	Class	Simple	Incomplete
Weakness	CWE-524	Use of Cache Containing Sensitive Information	Base	Simple	Incomplete
Weakness	CWE-525	Use of Web Browser Cache Containing Sensitive Information	Variant	Simple	Incomplete
Weakness	CWE-526	Cleartext Storage of Sensitive Information in an Environment Variable	Variant	Simple	Incomplete
Weakness	CWE-53	Path Equivalence: '\multiple\\internal\backslash'	Variant	Simple	Incomplete
Weakness	CWE-532	Insertion of Sensitive Information into Log File	Base	Simple	Incomplete
Weakness	CWE-535	Exposure of Information Through Shell Error Message	Variant	Simple	Incomplete
Weakness	CWE-536	Servlet Runtime Error Message Containing Sensitive Information	Variant	Simple	Incomplete
Weakness	CWE-537	Java Runtime Error Message Containing Sensitive Information	Variant	Simple	Incomplete
Weakness	CWE-538	Insertion of Sensitive Information into Externally-Accessible File or Directory	Base	Simple	Draft
Weakness	CWE-539	Use of Persistent Cookies Containing Sensitive Information	Variant	Simple	Incomplete
Weakness	CWE-54	Path Equivalence: 'filedir\' (Trailing Backslash)	Variant	Simple	Incomplete
Weakness	CWE-540	Inclusion of Sensitive Information in Source Code	Base	Simple	Incomplete
Weakness	CWE-541	Inclusion of Sensitive Information in an Include File	Variant	Simple	Incomplete
Weakness	CWE-543	Use of Singleton Pattern Without Synchronization in a Multithreaded Context	Variant	Simple	Incomplete
Weakness	CWE-546	Suspicious Comment	Variant	Simple	Draft
Weakness	CWE-547	Use of Hard-coded, Security-relevant Constants	Base	Simple	Draft
Weakness	CWE-548	Exposure of Information Through Directory Listing	Variant	Simple	Draft
Weakness	CWE-549	Missing Password Field Masking	Base	Simple	Draft
Weakness	CWE-55	Path Equivalence: '/./' (Single Dot Directory)	Variant	Simple	Incomplete
Weakness	CWE-550	Server-generated Error Message Containing Sensitive Information	Variant	Simple	Incomplete
Weakness	CWE-551	Incorrect Behavior Order: Authorization Before Parsing and Canonicalization	Base	Simple	Incomplete
Weakness	CWE-552	Files or Directories Accessible to External Parties	Base	Simple	Draft
Weakness	CWE-553	Command Shell in Externally Accessible Directory	Variant	Simple	Incomplete
Weakness	CWE-554	ASP.NET Misconfiguration: Not Using Input Validation Framework	Variant	Simple	Draft
Weakness	CWE-555	J2EE Misconfiguration: Plaintext Password in Configuration File	Variant	Simple	Draft
Weakness	CWE-556	ASP.NET Misconfiguration: Use of Identity Impersonation	Variant	Simple	Incomplete
Weakness	CWE-558	Use of getlogin() in Multithreaded Application	Variant	Simple	Draft
Weakness	CWE-56	Path Equivalence: 'filedir*' (Wildcard)	Variant	Simple	Incomplete
Weakness	CWE-560	Use of umask() with chmod-style Argument	Variant	Simple	Draft
Weakness	CWE-561	Dead Code	Base	Simple	Draft
Weakness	CWE-562	Return of Stack Variable Address	Base	Simple	Draft
Weakness	CWE-563	Assignment to Variable without Use	Base	Simple	Draft
Weakness	CWE-564	SQL Injection: Hibernate	Variant	Simple	Incomplete
Weakness	CWE-565	Reliance on Cookies without Validation and Integrity Checking	Base	Simple	Incomplete
Weakness	CWE-566	Authorization Bypass Through User-Controlled SQL Primary Key	Variant	Simple	Incomplete
Weakness	CWE-567	Unsynchronized Access to Shared Data in a Multithreaded Context	Base	Simple	Draft
Weakness	CWE-568	finalize() Method Without super.finalize()	Variant	Simple	Draft
Weakness	CWE-57	Path Equivalence: 'fakedir/../realdir/filename'	Variant	Simple	Incomplete
Weakness	CWE-570	Expression is Always False	Base	Simple	Draft
Weakness	CWE-571	Expression is Always True	Base	Simple	Draft
Weakness	CWE-572	Call to Thread run() instead of start()	Variant	Simple	Draft
Weakness	CWE-573	Improper Following of Specification by Caller	Class	Simple	Draft
Weakness	CWE-574	EJB Bad Practices: Use of Synchronization Primitives	Variant	Simple	Draft
Weakness	CWE-575	EJB Bad Practices: Use of AWT Swing	Variant	Simple	Draft
Weakness	CWE-576	EJB Bad Practices: Use of Java I/O	Variant	Simple	Draft
Weakness	CWE-577	EJB Bad Practices: Use of Sockets	Variant	Simple	Draft
Weakness	CWE-578	EJB Bad Practices: Use of Class Loader	Variant	Simple	Draft
Weakness	CWE-579	J2EE Bad Practices: Non-serializable Object Stored in Session	Variant	Simple	Draft
Weakness	CWE-58	Path Equivalence: Windows 8.3 Filename	Variant	Simple	Incomplete
Weakness	CWE-580	clone() Method Without super.clone()	Variant	Simple	Draft
Weakness	CWE-581	Object Model Violation: Just One of Equals and Hashcode Defined	Variant	Simple	Draft
Weakness	CWE-582	Array Declared Public, Final, and Static	Variant	Simple	Draft
Weakness	CWE-583	finalize() Method Declared Public	Variant	Simple	Incomplete
Weakness	CWE-584	Return Inside Finally Block	Base	Simple	Draft
Weakness	CWE-585	Empty Synchronized Block	Variant	Simple	Draft
Weakness	CWE-586	Explicit Call to Finalize()	Base	Simple	Draft
Weakness	CWE-587	Assignment of a Fixed Address to a Pointer	Variant	Simple	Draft
Weakness	CWE-588	Attempt to Access Child of a Non-structure Pointer	Variant	Simple	Incomplete
Weakness	CWE-589	Call to Non-ubiquitous API	Variant	Simple	Incomplete
Weakness	CWE-59	Improper Link Resolution Before File Access ('Link Following')	Base	Simple	Draft
Weakness	CWE-590	Free of Memory not on the Heap	Variant	Simple	Incomplete
Weakness	CWE-591	Sensitive Data Storage in Improperly Locked Memory	Variant	Simple	Draft
Weakness	CWE-593	Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created	Variant	Simple	Draft
Weakness	CWE-594	J2EE Framework: Saving Unserializable Objects to Disk	Variant	Simple	Incomplete
Weakness	CWE-595	Comparison of Object References Instead of Object Contents	Variant	Simple	Incomplete
Weakness	CWE-597	Use of Wrong Operator in String Comparison	Variant	Simple	Draft
Weakness	CWE-598	Use of GET Request Method With Sensitive Query Strings	Variant	Simple	Draft
Weakness	CWE-599	Missing Validation of OpenSSL Certificate	Variant	Simple	Incomplete
Weakness	CWE-6	J2EE Misconfiguration: Insufficient Session-ID Length	Variant	Simple	Incomplete
Weakness	CWE-600	Uncaught Exception in Servlet	Variant	Simple	Draft
Weakness	CWE-601	URL Redirection to Untrusted Site ('Open Redirect')	Base	Simple	Draft
Weakness	CWE-603	Use of Client-Side Authentication	Base	Simple	Draft
Weakness	CWE-605	Multiple Binds to the Same Port	Variant	Simple	Draft
Weakness	CWE-606	Unchecked Input for Loop Condition	Base	Simple	Draft
Weakness	CWE-607	Public Static Final Field References Mutable Object	Variant	Simple	Draft
Weakness	CWE-608	Struts: Non-private Field in ActionForm Class	Variant	Simple	Draft
Weakness	CWE-609	Double-Checked Locking	Base	Simple	Draft
Weakness	CWE-61	UNIX Symbolic Link (Symlink) Following	Compound	Composite	Incomplete
Weakness	CWE-611	Improper Restriction of XML External Entity Reference	Base	Simple	Draft
Weakness	CWE-612	Improper Authorization of Index Containing Sensitive Information	Base	Simple	Draft
Weakness	CWE-613	Insufficient Session Expiration	Base	Simple	Incomplete
Weakness	CWE-614	Sensitive Cookie in HTTPS Session Without 'Secure' Attribute	Variant	Simple	Draft
Weakness	CWE-615	Inclusion of Sensitive Information in Source Code Comments	Variant	Simple	Incomplete
Weakness	CWE-616	Incomplete Identification of Uploaded File Variables (PHP)	Variant	Simple	Incomplete
Weakness	CWE-617	Reachable Assertion	Base	Simple	Draft
Weakness	CWE-618	Exposed Unsafe ActiveX Method	Variant	Simple	Incomplete
Weakness	CWE-619	Dangling Database Cursor ('Cursor Injection')	Base	Simple	Incomplete
Weakness	CWE-62	UNIX Hard Link	Variant	Simple	Incomplete
Weakness	CWE-620	Unverified Password Change	Base	Simple	Draft
Weakness	CWE-621	Variable Extraction Error	Variant	Simple	Incomplete
Weakness	CWE-622	Improper Validation of Function Hook Arguments	Variant	Simple	Draft
Weakness	CWE-623	Unsafe ActiveX Control Marked Safe For Scripting	Variant	Simple	Draft
Weakness	CWE-624	Executable Regular Expression Error	Base	Simple	Incomplete
Weakness	CWE-625	Permissive Regular Expression	Base	Simple	Draft
Weakness	CWE-626	Null Byte Interaction Error (Poison Null Byte)	Variant	Simple	Draft
Weakness	CWE-627	Dynamic Variable Evaluation	Variant	Simple	Incomplete
Weakness	CWE-628	Function Call with Incorrectly Specified Arguments	Base	Simple	Draft
Weakness	CWE-636	Not Failing Securely ('Failing Open')	Class	Simple	Draft
Weakness	CWE-637	Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')	Class	Simple	Draft
Weakness	CWE-638	Not Using Complete Mediation	Class	Simple	Draft
Weakness	CWE-640	Weak Password Recovery Mechanism for Forgotten Password	Base	Simple	Incomplete
Weakness	CWE-641	Improper Restriction of Names for Files and Other Resources	Base	Simple	Incomplete
Weakness	CWE-642	External Control of Critical State Data	Class	Simple	Draft
Weakness	CWE-643	Improper Neutralization of Data within XPath Expressions ('XPath Injection')	Base	Simple	Incomplete
Weakness	CWE-644	Improper Neutralization of HTTP Headers for Scripting Syntax	Variant	Simple	Incomplete
Weakness	CWE-646	Reliance on File Name or Extension of Externally-Supplied File	Variant	Simple	Incomplete
Weakness	CWE-647	Use of Non-Canonical URL Paths for Authorization Decisions	Variant	Simple	Incomplete
Weakness	CWE-648	Incorrect Use of Privileged APIs	Base	Simple	Incomplete
Weakness	CWE-649	Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking	Base	Simple	Incomplete
Weakness	CWE-65	Windows Hard Link	Variant	Simple	Incomplete
Weakness	CWE-650	Trusting HTTP Permission Methods on the Server Side	Variant	Simple	Incomplete
Weakness	CWE-651	Exposure of WSDL File Containing Sensitive Information	Variant	Simple	Incomplete
Weakness	CWE-652	Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')	Base	Simple	Incomplete
Weakness	CWE-653	Improper Isolation or Compartmentalization	Class	Simple	Draft
Weakness	CWE-654	Reliance on a Single Factor in a Security Decision	Base	Simple	Draft
Weakness	CWE-656	Reliance on Security Through Obscurity	Class	Simple	Draft
Weakness	CWE-657	Violation of Secure Design Principles	Class	Simple	Draft
Weakness	CWE-66	Improper Handling of File Names that Identify Virtual Resources	Base	Simple	Draft
Weakness	CWE-662	Improper Synchronization	Class	Simple	Draft
Weakness	CWE-663	Use of a Non-reentrant Function in a Concurrent Context	Base	Simple	Draft
Weakness	CWE-664	Improper Control of a Resource Through its Lifetime	Pillar	Simple	Draft
Weakness	CWE-665	Improper Initialization	Class	Simple	Draft
Weakness	CWE-666	Operation on Resource in Wrong Phase of Lifetime	Class	Simple	Draft
Weakness	CWE-667	Improper Locking	Class	Simple	Draft
Weakness	CWE-668	Exposure of Resource to Wrong Sphere	Class	Simple	Draft
Weakness	CWE-669	Incorrect Resource Transfer Between Spheres	Class	Simple	Draft
Weakness	CWE-67	Improper Handling of Windows Device Names	Variant	Simple	Incomplete
Weakness	CWE-670	Always-Incorrect Control Flow Implementation	Class	Simple	Draft
Weakness	CWE-671	Lack of Administrator Control over Security	Class	Simple	Draft
Weakness	CWE-672	Operation on a Resource after Expiration or Release	Class	Simple	Draft
Weakness	CWE-673	External Influence of Sphere Definition	Class	Simple	Draft
Weakness	CWE-674	Uncontrolled Recursion	Class	Simple	Draft
Weakness	CWE-675	Multiple Operations on Resource in Single-Operation Context	Class	Simple	Draft
Weakness	CWE-676	Use of Potentially Dangerous Function	Base	Simple	Draft
Weakness	CWE-681	Incorrect Conversion between Numeric Types	Base	Simple	Draft
Weakness	CWE-682	Incorrect Calculation	Pillar	Simple	Draft
Weakness	CWE-683	Function Call With Incorrect Order of Arguments	Variant	Simple	Draft
Weakness	CWE-684	Incorrect Provision of Specified Functionality	Class	Simple	Draft
Weakness	CWE-685	Function Call With Incorrect Number of Arguments	Variant	Simple	Draft
Weakness	CWE-686	Function Call With Incorrect Argument Type	Variant	Simple	Draft
Weakness	CWE-687	Function Call With Incorrectly Specified Argument Value	Variant	Simple	Draft
Weakness	CWE-688	Function Call With Incorrect Variable or Reference as Argument	Variant	Simple	Draft
Weakness	CWE-689	Permission Race Condition During Resource Copy	Compound	Composite	Draft
Weakness	CWE-69	Improper Handling of Windows ::DATA Alternate Data Stream	Variant	Simple	Incomplete
Weakness	CWE-690	Unchecked Return Value to NULL Pointer Dereference	Compound	Chain	Draft
Weakness	CWE-691	Insufficient Control Flow Management	Pillar	Simple	Draft
Weakness	CWE-693	Protection Mechanism Failure	Pillar	Simple	Draft
Weakness	CWE-694	Use of Multiple Resources with Duplicate Identifier	Base	Simple	Incomplete
Weakness	CWE-695	Use of Low-Level Functionality	Base	Simple	Incomplete
Weakness	CWE-696	Incorrect Behavior Order	Class	Simple	Incomplete
Weakness	CWE-697	Incorrect Comparison	Pillar	Simple	Incomplete
Weakness	CWE-698	Execution After Redirect (EAR)	Base	Simple	Incomplete
Weakness	CWE-7	J2EE Misconfiguration: Missing Custom Error Page	Variant	Simple	Incomplete
Weakness	CWE-703	Improper Check or Handling of Exceptional Conditions	Pillar	Simple	Incomplete
Weakness	CWE-704	Incorrect Type Conversion or Cast	Class	Simple	Incomplete
Weakness	CWE-705	Incorrect Control Flow Scoping	Class	Simple	Incomplete
Weakness	CWE-706	Use of Incorrectly-Resolved Name or Reference	Class	Simple	Incomplete
Weakness	CWE-707	Improper Neutralization	Pillar	Simple	Incomplete
Weakness	CWE-708	Incorrect Ownership Assignment	Base	Simple	Incomplete
Weakness	CWE-710	Improper Adherence to Coding Standards	Pillar	Simple	Incomplete
Weakness	CWE-72	Improper Handling of Apple HFS+ Alternate Data Stream Path	Variant	Simple	Incomplete
Weakness	CWE-73	External Control of File Name or Path	Base	Simple	Draft
Weakness	CWE-732	Incorrect Permission Assignment for Critical Resource	Class	Simple	Draft
Weakness	CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')	Class	Simple	Incomplete
Weakness	CWE-749	Exposed Dangerous Method or Function	Base	Simple	Incomplete
Weakness	CWE-75	Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)	Class	Simple	Draft
Weakness	CWE-754	Improper Check for Unusual or Exceptional Conditions	Class	Simple	Incomplete
Weakness	CWE-755	Improper Handling of Exceptional Conditions	Class	Simple	Incomplete
Weakness	CWE-759	Use of a One-Way Hash without a Salt	Variant	Simple	Incomplete
Weakness	CWE-76	Improper Neutralization of Equivalent Special Elements	Base	Simple	Draft
Weakness	CWE-760	Use of a One-Way Hash with a Predictable Salt	Variant	Simple	Incomplete
Weakness	CWE-761	Free of Pointer not at Start of Buffer	Variant	Simple	Incomplete
Weakness	CWE-762	Mismatched Memory Management Routines	Variant	Simple	Incomplete
Weakness	CWE-763	Release of Invalid Pointer or Reference	Base	Simple	Incomplete
Weakness	CWE-764	Multiple Locks of a Critical Resource	Base	Simple	Incomplete
Weakness	CWE-765	Multiple Unlocks of a Critical Resource	Base	Simple	Incomplete
Weakness	CWE-766	Critical Data Element Declared Public	Base	Simple	Incomplete
Weakness	CWE-767	Access to Critical Private Variable via Public Method	Base	Simple	Incomplete
Weakness	CWE-768	Incorrect Short Circuit Evaluation	Variant	Simple	Incomplete
Weakness	CWE-77	Improper Neutralization of Special Elements used in a Command ('Command Injection')	Class	Simple	Draft
Weakness	CWE-77	Improper Neutralization of Special Elements used in a Command ('Command Injection')	Class	Simple	Draft
Weakness	CWE-770	Allocation of Resources Without Limits or Throttling	Base	Simple	Incomplete
Weakness	CWE-771	Missing Reference to Active Allocated Resource	Base	Simple	Incomplete
Weakness	CWE-772	Missing Release of Resource after Effective Lifetime	Base	Simple	Draft
Weakness	CWE-773	Missing Reference to Active File Descriptor or Handle	Variant	Simple	Incomplete
Weakness	CWE-774	Allocation of File Descriptors or Handles Without Limits or Throttling	Variant	Simple	Incomplete
Weakness	CWE-775	Missing Release of File Descriptor or Handle after Effective Lifetime	Variant	Simple	Incomplete
Weakness	CWE-776	Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')	Base	Simple	Draft
Weakness	CWE-777	Regular Expression without Anchors	Variant	Simple	Incomplete
Weakness	CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')	Base	Simple	Stable
Weakness	CWE-780	Use of RSA Algorithm without OAEP	Variant	Simple	Incomplete
Weakness	CWE-781	Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code	Variant	Simple	Draft
Weakness	CWE-782	Exposed IOCTL with Insufficient Access Control	Variant	Simple	Draft
Weakness	CWE-783	Operator Precedence Logic Error	Base	Simple	Draft
Weakness	CWE-784	Reliance on Cookies without Validation and Integrity Checking in a Security Decision	Variant	Simple	Draft
Weakness	CWE-785	Use of Path Manipulation Function without Maximum-sized Buffer	Variant	Simple	Incomplete
Weakness	CWE-787	Out-of-bounds Write	Base	Simple	Draft
Weakness	CWE-789	Memory Allocation with Excessive Size Value	Variant	Simple	Draft
Weakness	CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Base	Simple	Stable
Weakness	CWE-790	Improper Filtering of Special Elements	Class	Simple	Incomplete
Weakness	CWE-791	Incomplete Filtering of Special Elements	Base	Simple	Incomplete
Weakness	CWE-792	Incomplete Filtering of One or More Instances of Special Elements	Variant	Simple	Incomplete
Weakness	CWE-793	Only Filtering One Instance of a Special Element	Variant	Simple	Incomplete
Weakness	CWE-794	Incomplete Filtering of Multiple Instances of Special Elements	Variant	Simple	Incomplete
Weakness	CWE-795	Only Filtering Special Elements at a Specified Location	Base	Simple	Incomplete
Weakness	CWE-796	Only Filtering Special Elements Relative to a Marker	Variant	Simple	Incomplete
Weakness	CWE-797	Only Filtering Special Elements at an Absolute Position	Variant	Simple	Incomplete
Weakness	CWE-799	Improper Control of Interaction Frequency	Class	Simple	Incomplete
Weakness	CWE-8	J2EE Misconfiguration: Entity Bean Declared Remote	Variant	Simple	Incomplete
Weakness	CWE-80	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)	Variant	Simple	Incomplete
Weakness	CWE-804	Guessable CAPTCHA	Base	Simple	Incomplete
Weakness	CWE-805	Buffer Access with Incorrect Length Value	Base	Simple	Incomplete
Weakness	CWE-806	Buffer Access Using Size of Source Buffer	Variant	Simple	Incomplete
Weakness	CWE-807	Reliance on Untrusted Inputs in a Security Decision	Base	Simple	Incomplete
Weakness	CWE-81	Improper Neutralization of Script in an Error Message Web Page	Variant	Simple	Incomplete
Weakness	CWE-82	Improper Neutralization of Script in Attributes of IMG Tags in a Web Page	Variant	Simple	Incomplete
Weakness	CWE-827	Improper Control of Document Type Definition	Variant	Simple	Incomplete
Weakness	CWE-829	Inclusion of Functionality from Untrusted Control Sphere	Base	Simple	Incomplete
Weakness	CWE-83	Improper Neutralization of Script in Attributes in a Web Page	Variant	Simple	Draft
Weakness	CWE-830	Inclusion of Web Functionality from an Untrusted Source	Variant	Simple	Incomplete
Weakness	CWE-836	Use of Password Hash Instead of Password for Authentication	Base	Simple	Incomplete
Weakness	CWE-84	Improper Neutralization of Encoded URI Schemes in a Web Page	Variant	Simple	Draft
Weakness	CWE-841	Improper Enforcement of Behavioral Workflow	Base	Simple	Incomplete
Weakness	CWE-842	Placement of User into Incorrect Group	Base	Simple	Incomplete
Weakness	CWE-843	Access of Resource Using Incompatible Type ('Type Confusion')	Base	Simple	Incomplete
Weakness	CWE-85	Doubled Character XSS Manipulations	Variant	Simple	Draft
Weakness	CWE-86	Improper Neutralization of Invalid Characters in Identifiers in Web Pages	Variant	Simple	Draft
Weakness	CWE-862	Missing Authorization	Class	Simple	Incomplete
Weakness	CWE-863	Incorrect Authorization	Class	Simple	Incomplete
Weakness	CWE-87	Improper Neutralization of Alternate XSS Syntax	Variant	Simple	Draft
Weakness	CWE-88	Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')	Base	Simple	Draft
Weakness	CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')	Base	Simple	Stable
Weakness	CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')	Base	Simple	Stable
Weakness	CWE-9	J2EE Misconfiguration: Weak Access Permissions for EJB Methods	Variant	Simple	Draft
Weakness	CWE-90	Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')	Base	Simple	Draft
Weakness	CWE-908	Use of Uninitialized Resource	Base	Simple	Incomplete
Weakness	CWE-909	Missing Initialization of Resource	Class	Simple	Incomplete
Weakness	CWE-91	XML Injection (aka Blind XPath Injection)	Base	Simple	Draft
Weakness	CWE-910	Use of Expired File Descriptor	Base	Simple	Incomplete
Weakness	CWE-911	Improper Update of Reference Count	Base	Simple	Incomplete
Weakness	CWE-912	Hidden Functionality	Class	Simple	Incomplete
Weakness	CWE-913	Improper Control of Dynamically-Managed Code Resources	Class	Simple	Incomplete
Weakness	CWE-914	Improper Control of Dynamically-Identified Variables	Base	Simple	Incomplete
Weakness	CWE-915	Improperly Controlled Modification of Dynamically-Determined Object Attributes	Base	Simple	Incomplete
Weakness	CWE-917	Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')	Base	Simple	Incomplete
Weakness	CWE-918	Server-Side Request Forgery (SSRF)	Base	Simple	Incomplete
Weakness	CWE-922	Insecure Storage of Sensitive Information	Class	Simple	Incomplete
Weakness	CWE-93	Improper Neutralization of CRLF Sequences ('CRLF Injection')	Base	Simple	Draft
Weakness	CWE-939	Improper Authorization in Handler for Custom URL Scheme	Base	Simple	Incomplete
Weakness	CWE-94	Improper Control of Generation of Code ('Code Injection')	Base	Simple	Draft
Weakness	CWE-940	Improper Verification of Source of a Communication Channel	Base	Simple	Incomplete
Weakness	CWE-941	Incorrectly Specified Destination in a Communication Channel	Base	Simple	Incomplete
Weakness	CWE-942	Permissive Cross-domain Policy with Untrusted Domains	Variant	Simple	Incomplete
Weakness	CWE-943	Improper Neutralization of Special Elements in Data Query Logic	Class	Simple	Incomplete
Weakness	CWE-95	Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')	Variant	Simple	Incomplete
Weakness	CWE-95	Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')	Variant	Simple	Incomplete
Weakness	CWE-96	Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')	Base	Simple	Draft
Weakness	CWE-96	Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')	Base	Simple	Draft
Weakness	CWE-97	Improper Neutralization of Server-Side Includes (SSI) Within a Web Page	Variant	Simple	Draft
Weakness	CWE-98	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	Variant	Simple	Draft
Weakness	CWE-99	Improper Control of Resource Identifiers ('Resource Injection')	Class	Simple	Draft

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date