Common Weakness Enumeration
Browse CWEs ranked by the number of vulnerabilities referencing them, and pivot to weakness details, mitigations, and related attack patterns.
765 CWEs
API response| CWE | Name | Mapping usage | Occurrences |
|---|---|---|---|
| CWE-1262 | Improper Access Control for Register Interface | Allowed | 8 |
| CWE-1241 | Use of Predictable Algorithm in Random Number Generator | Allowed | 8 |
| CWE-1189 | Improper Isolation of Shared Resources on System-on-a-Chip (SoC) | Allowed | 8 |
| CWE-82 | Improper Neutralization of Script in Attributes of IMG Tags in a Web Page | Allowed | 7 |
| CWE-771 | Missing Reference to Active Allocated Resource | Allowed | 7 |
| CWE-692 | Incomplete Denylist to Cross-Site Scripting | Discouraged | 7 |
| CWE-662 | Improper Synchronization | Discouraged | 7 |
| CWE-599 | Missing Validation of OpenSSL Certificate | Allowed | 7 |
| CWE-421 | Race Condition During Access to Alternate Channel | Allowed | 7 |
| CWE-317 | Cleartext Storage of Sensitive Information in GUI | Allowed | 7 |
| CWE-1259 | Improper Restriction of Security Token Assignment | Allowed | 7 |
| CWE-112 | Missing XML Validation | Allowed | 7 |
| CWE-941 | Incorrectly Specified Destination in a Communication Channel | Allowed | 6 |
| CWE-914 | Improper Control of Dynamically-Identified Variables | Allowed | 6 |
| CWE-783 | Operator Precedence Logic Error | Allowed | 6 |
| CWE-710 | Improper Adherence to Coding Standards | Discouraged | 6 |
| CWE-671 | Lack of Administrator Control over Security | Allowed-with-Review | 6 |
| CWE-65 | Windows Hard Link | Allowed | 6 |
| CWE-566 | Authorization Bypass Through User-Controlled SQL Primary Key | Allowed | 6 |
| CWE-562 | Return of Stack Variable Address | Allowed | 6 |
| CWE-539 | Use of Persistent Cookies Containing Sensitive Information | Allowed | 6 |
| CWE-408 | Incorrect Behavior Order: Early Amplification | Allowed | 6 |
| CWE-37 | Path Traversal: '/absolute/pathname/here' | Allowed | 6 |
| CWE-342 | Predictable Exact Value from Previous Values | Allowed | 6 |
| CWE-315 | Cleartext Storage of Sensitive Information in a Cookie | Allowed | 6 |
| CWE-262 | Not Using Password Aging | Allowed | 6 |
| CWE-249 | DEPRECATED: Often Misused: Path Manipulation | Prohibited | 6 |
| CWE-235 | Improper Handling of Extra Parameters | Allowed | 6 |
| CWE-192 | Integer Coercion Error | Allowed | 6 |
| CWE-1423 | Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution | Allowed | 6 |
| CWE-1320 | Improper Protection for Outbound Error Messages and Alert Signals | Allowed | 6 |
| CWE-1274 | Improper Access Control for Volatile Memory Containing Boot Code | Allowed | 6 |
| CWE-1173 | Improper Use of Validation Framework | Allowed | 6 |
| CWE-1038 | Insecure Automated Optimizations | Allowed-with-Review | 6 |
| CWE-97 | Improper Neutralization of Server-Side Includes (SSI) Within a Web Page | Allowed | 5 |
| CWE-838 | Inappropriate Encoding for Output Context | Allowed | 5 |
| CWE-794 | Incomplete Filtering of Multiple Instances of Special Elements | Allowed | 5 |
| CWE-784 | Reliance on Cookies without Validation and Integrity Checking in a Security Decision | Allowed | 5 |
| CWE-775 | Missing Release of File Descriptor or Handle after Effective Lifetime | Allowed | 5 |
| CWE-705 | Incorrect Control Flow Scoping | Allowed-with-Review | 5 |
| CWE-67 | Improper Handling of Windows Device Names | Allowed | 5 |
| CWE-649 | Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking | Allowed | 5 |
| CWE-628 | Function Call with Incorrectly Specified Arguments | Allowed | 5 |
| CWE-627 | Dynamic Variable Evaluation | Allowed | 5 |
| CWE-567 | Unsynchronized Access to Shared Data in a Multithreaded Context | Allowed | 5 |
| CWE-544 | Missing Standardized Error Handling Mechanism | Allowed | 5 |
| CWE-454 | External Initialization of Trusted Variables or Data Stores | Allowed | 5 |
| CWE-448 | Obsolete Feature in UI | Allowed | 5 |
| CWE-412 | Unrestricted Externally Accessible Lock | Allowed | 5 |