Common Weakness Enumeration
Browse CWEs ranked by the number of vulnerabilities referencing them, and pivot to weakness details, mitigations, and related attack patterns.
765 CWEs
API response| CWE | Name | Mapping usage | Occurrences |
|---|---|---|---|
| CWE-403 | Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') | Allowed | 5 |
| CWE-343 | Predictable Value Range from Previous Values | Allowed | 5 |
| CWE-332 | Insufficient Entropy in PRNG | Allowed | 5 |
| CWE-298 | Improper Validation of Certificate Expiration | Allowed | 5 |
| CWE-219 | Storage of File with Sensitive Data Under Web Root | Allowed | 5 |
| CWE-179 | Incorrect Behavior Order: Early Validation | Allowed | 5 |
| CWE-167 | Improper Handling of Additional Special Element | Allowed | 5 |
| CWE-153 | Improper Neutralization of Substitution Characters | Allowed | 5 |
| CWE-149 | Improper Neutralization of Quoting Syntax | Allowed | 5 |
| CWE-147 | Improper Neutralization of Input Terminators | Allowed | 5 |
| CWE-1421 | Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution | Allowed | 5 |
| CWE-1389 | Incorrect Parsing of Numbers with Different Radices | Allowed | 5 |
| CWE-1328 | Security Version Number Mutable to Older Versions | Allowed | 5 |
| CWE-1254 | Incorrect Comparison Logic Granularity | Allowed | 5 |
| CWE-1250 | Improper Preservation of Consistency Between Independent Representations of Shared State | Allowed | 5 |
| CWE-1245 | Improper Finite State Machines (FSMs) in Hardware Logic | Allowed | 5 |
| CWE-1204 | Generation of Weak Initialization Vector (IV) | Allowed | 5 |
| CWE-1088 | Synchronous Access of Remote Resource without Timeout | Allowed | 5 |
| CWE-839 | Numeric Range Comparison Without Minimum Check | Allowed | 4 |
| CWE-792 | Incomplete Filtering of One or More Instances of Special Elements | Allowed | 4 |
| CWE-786 | Access of Memory Location Before Start of Buffer | Discouraged | 4 |
| CWE-777 | Regular Expression without Anchors | Allowed | 4 |
| CWE-767 | Access to Critical Private Variable via Public Method | Allowed | 4 |
| CWE-733 | Compiler Optimization Removal or Modification of Security-critical Code | Allowed | 4 |
| CWE-683 | Function Call With Incorrect Order of Arguments | Allowed | 4 |
| CWE-550 | Server-generated Error Message Containing Sensitive Information | Allowed | 4 |
| CWE-473 | PHP External Variable Modification | Allowed | 4 |
| CWE-467 | Use of sizeof() on a Pointer Type | Allowed | 4 |
| CWE-414 | Missing Lock Check | Allowed | 4 |
| CWE-40 | Path Traversal: '\\UNC\share\name\' (Windows UNC Share) | Allowed | 4 |
| CWE-368 | Context Switching Race Condition | Allowed | 4 |
| CWE-278 | Insecure Preserved Inherited Permissions | Allowed | 4 |
| CWE-240 | Improper Handling of Inconsistent Structural Elements | Allowed | 4 |
| CWE-231 | Improper Handling of Extra Values | Allowed | 4 |
| CWE-216 | DEPRECATED: Containment Errors (Container Errors) | Prohibited | 4 |
| CWE-194 | Unexpected Sign Extension | Allowed | 4 |
| CWE-156 | Improper Neutralization of Whitespace | Allowed | 4 |
| CWE-144 | Improper Neutralization of Line Delimiters | Allowed | 4 |
| CWE-1420 | Exposure of Sensitive Information during Transient Execution | Allowed-with-Review | 4 |
| CWE-1357 | Reliance on Insufficiently Trustworthy Component | Allowed-with-Review | 4 |
| CWE-1319 | Improper Protection against Electromagnetic Fault Injection (EM-FI) | Allowed | 4 |
| CWE-1281 | Sequence of Processor Instructions Leads to Unexpected Behavior | Allowed | 4 |
| CWE-1270 | Generation of Incorrect Security Tokens | Allowed | 4 |
| CWE-1256 | Improper Restriction of Software Interfaces to Hardware Features | Allowed | 4 |
| CWE-1234 | Hardware Internal or Debug Modes Allow Override of Locks | Allowed | 4 |
| CWE-1125 | Excessive Attack Surface | Prohibited | 4 |
| CWE-1077 | Floating Point Comparison with Incorrect Operator | Allowed | 4 |
| CWE-1059 | Insufficient Technical Documentation | Prohibited | 4 |
| CWE-1037 | Processor Optimization Removal or Modification of Security-critical Code | Allowed | 4 |