Common Weakness Enumeration

Browse CWEs ranked by the number of vulnerabilities referencing them, and pivot to weakness details, mitigations, and related attack patterns.

Reset

765 CWEs

API response
CWE Name Mapping usage Occurrences
CWE-1262 Improper Access Control for Register Interface Allowed 8
CWE-1241 Use of Predictable Algorithm in Random Number Generator Allowed 8
CWE-1189 Improper Isolation of Shared Resources on System-on-a-Chip (SoC) Allowed 8
CWE-82 Improper Neutralization of Script in Attributes of IMG Tags in a Web Page Allowed 7
CWE-771 Missing Reference to Active Allocated Resource Allowed 7
CWE-692 Incomplete Denylist to Cross-Site Scripting Discouraged 7
CWE-662 Improper Synchronization Discouraged 7
CWE-599 Missing Validation of OpenSSL Certificate Allowed 7
CWE-421 Race Condition During Access to Alternate Channel Allowed 7
CWE-317 Cleartext Storage of Sensitive Information in GUI Allowed 7
CWE-1259 Improper Restriction of Security Token Assignment Allowed 7
CWE-112 Missing XML Validation Allowed 7
CWE-941 Incorrectly Specified Destination in a Communication Channel Allowed 6
CWE-914 Improper Control of Dynamically-Identified Variables Allowed 6
CWE-783 Operator Precedence Logic Error Allowed 6
CWE-710 Improper Adherence to Coding Standards Discouraged 6
CWE-671 Lack of Administrator Control over Security Allowed-with-Review 6
CWE-65 Windows Hard Link Allowed 6
CWE-566 Authorization Bypass Through User-Controlled SQL Primary Key Allowed 6
CWE-562 Return of Stack Variable Address Allowed 6
CWE-539 Use of Persistent Cookies Containing Sensitive Information Allowed 6
CWE-408 Incorrect Behavior Order: Early Amplification Allowed 6
CWE-37 Path Traversal: '/absolute/pathname/here' Allowed 6
CWE-342 Predictable Exact Value from Previous Values Allowed 6
CWE-315 Cleartext Storage of Sensitive Information in a Cookie Allowed 6
CWE-262 Not Using Password Aging Allowed 6
CWE-249 DEPRECATED: Often Misused: Path Manipulation Prohibited 6
CWE-235 Improper Handling of Extra Parameters Allowed 6
CWE-192 Integer Coercion Error Allowed 6
CWE-1423 Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution Allowed 6
CWE-1320 Improper Protection for Outbound Error Messages and Alert Signals Allowed 6
CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code Allowed 6
CWE-1173 Improper Use of Validation Framework Allowed 6
CWE-1038 Insecure Automated Optimizations Allowed-with-Review 6
CWE-97 Improper Neutralization of Server-Side Includes (SSI) Within a Web Page Allowed 5
CWE-838 Inappropriate Encoding for Output Context Allowed 5
CWE-794 Incomplete Filtering of Multiple Instances of Special Elements Allowed 5
CWE-784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision Allowed 5
CWE-775 Missing Release of File Descriptor or Handle after Effective Lifetime Allowed 5
CWE-705 Incorrect Control Flow Scoping Allowed-with-Review 5
CWE-67 Improper Handling of Windows Device Names Allowed 5
CWE-649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking Allowed 5
CWE-628 Function Call with Incorrectly Specified Arguments Allowed 5
CWE-627 Dynamic Variable Evaluation Allowed 5
CWE-567 Unsynchronized Access to Shared Data in a Multithreaded Context Allowed 5
CWE-544 Missing Standardized Error Handling Mechanism Allowed 5
CWE-454 External Initialization of Trusted Variables or Data Stores Allowed 5
CWE-448 Obsolete Feature in UI Allowed 5
CWE-412 Unrestricted Externally Accessible Lock Allowed 5