Common Weakness Enumeration
Browse CWEs ranked by the number of vulnerabilities referencing them, and pivot to weakness details, mitigations, and related attack patterns.
765 CWEs
API response| CWE | Name | Mapping usage | Occurrences |
|---|---|---|---|
| CWE-1007 | Insufficient Visual Distinction of Homoglyphs Presented to User | Allowed | 4 |
| CWE-925 | Improper Verification of Intent by Broadcast Receiver | Allowed | 3 |
| CWE-910 | Use of Expired File Descriptor | Allowed | 3 |
| CWE-780 | Use of RSA Algorithm without OAEP | Allowed | 3 |
| CWE-774 | Allocation of File Descriptors or Handles Without Limits or Throttling | Allowed | 3 |
| CWE-756 | Missing Custom Error Page | Allowed | 3 |
| CWE-687 | Function Call With Incorrectly Specified Argument Value | Allowed | 3 |
| CWE-686 | Function Call With Incorrect Argument Type | Allowed | 3 |
| CWE-623 | Unsafe ActiveX Control Marked Safe For Scripting | Allowed | 3 |
| CWE-62 | UNIX Hard Link | Allowed | 3 |
| CWE-605 | Multiple Binds to the Same Port | Allowed | 3 |
| CWE-597 | Use of Wrong Operator in String Comparison | Allowed | 3 |
| CWE-588 | Attempt to Access Child of a Non-structure Pointer | Allowed | 3 |
| CWE-534 | DEPRECATED: Information Exposure Through Debug Log Files | Prohibited | 3 |
| CWE-474 | Use of Function with Inconsistent Implementations | Allowed | 3 |
| CWE-468 | Incorrect Pointer Scaling | Allowed | 3 |
| CWE-447 | Unimplemented or Unsupported Feature in UI | Allowed | 3 |
| CWE-446 | UI Discrepancy for Security Feature | Allowed-with-Review | 3 |
| CWE-437 | Incomplete Model of Endpoint Features | Allowed | 3 |
| CWE-435 | Improper Interaction Between Multiple Correctly-Behaving Entities | Discouraged | 3 |
| CWE-344 | Use of Invariant Value in Dynamically Changing Context | Allowed | 3 |
| CWE-239 | Failure to Handle Incomplete Element | Allowed | 3 |
| CWE-237 | Improper Handling of Structural Elements | Allowed | 3 |
| CWE-236 | Improper Handling of Undefined Parameters | Allowed | 3 |
| CWE-210 | Self-generated Error Message Containing Sensitive Information | Allowed | 3 |
| CWE-182 | Collapse of Data into Unsafe Value | Allowed | 3 |
| CWE-168 | Improper Handling of Inconsistent Special Elements | Allowed | 3 |
| CWE-166 | Improper Handling of Missing Special Element | Allowed | 3 |
| CWE-148 | Improper Neutralization of Input Leaders | Allowed | 3 |
| CWE-1426 | Improper Validation of Generative AI Output | Discouraged | 3 |
| CWE-1384 | Improper Handling of Physical or Environmental Conditions | Allowed-with-Review | 3 |
| CWE-1335 | Incorrect Bitwise Shift of Integer | Allowed | 3 |
| CWE-1303 | Non-Transparent Sharing of Microarchitectural Resources | Allowed | 3 |
| CWE-1283 | Mutable Attestation or Measurement Reporting Data | Allowed | 3 |
| CWE-128 | Wrap-around Error | Allowed | 3 |
| CWE-1279 | Cryptographic Operations are run Before Supporting Units are Ready | Allowed | 3 |
| CWE-1247 | Improper Protection Against Voltage and Clock Glitches | Allowed | 3 |
| CWE-1233 | Security-Sensitive Hardware Controls with Missing Lock Bit Protection | Allowed | 3 |
| CWE-1231 | Improper Prevention of Lock Bit Modification | Allowed | 3 |
| CWE-1108 | Excessive Reliance on Global Variables | Allowed | 3 |
| CWE-1068 | Inconsistency Between Implementation and Documented Design | Prohibited | 3 |
| CWE-1049 | Excessive Data Query Operations in a Large Data Table | Allowed | 3 |
| CWE-1039 | Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism | Allowed-with-Review | 3 |
| CWE-85 | Doubled Character XSS Manipulations | Allowed | 2 |
| CWE-827 | Improper Control of Document Type Definition | Allowed | 2 |
| CWE-769 | DEPRECATED: Uncontrolled File Descriptor Consumption | Prohibited | 2 |