Common Weakness Enumeration
Browse CWEs ranked by the number of vulnerabilities referencing them, and pivot to weakness details, mitigations, and related attack patterns.
765 CWEs
API response| CWE | Name | Mapping usage | Occurrences |
|---|---|---|---|
| CWE-689 | Permission Race Condition During Resource Copy | Allowed | 2 |
| CWE-688 | Function Call With Incorrect Variable or Reference as Argument | Allowed | 2 |
| CWE-675 | Multiple Operations on Resource in Single-Operation Context | Allowed-with-Review | 2 |
| CWE-624 | Executable Regular Expression Error | Allowed | 2 |
| CWE-622 | Improper Validation of Function Hook Arguments | Allowed | 2 |
| CWE-616 | Incomplete Identification of Uploaded File Variables (PHP) | Allowed | 2 |
| CWE-563 | Assignment to Variable without Use | Allowed | 2 |
| CWE-531 | Inclusion of Sensitive Information in Test Code | Allowed | 2 |
| CWE-528 | Exposure of Core Dump File to an Unauthorized Control Sphere | Allowed | 2 |
| CWE-527 | Exposure of Version-Control Repository to an Unauthorized Control Sphere | Allowed | 2 |
| CWE-520 | .NET Misconfiguration: Use of Impersonation | Allowed | 2 |
| CWE-499 | Serializable Class Containing Sensitive Data | Allowed | 2 |
| CWE-479 | Signal Handler Use of a Non-reentrant Function | Allowed | 2 |
| CWE-46 | Path Equivalence: 'filename ' (Trailing Space) | Allowed | 2 |
| CWE-450 | Multiple Interpretations of UI Input | Allowed | 2 |
| CWE-422 | Unprotected Windows Messaging Channel ('Shatter') | Allowed | 2 |
| CWE-396 | Declaration of Catch for Generic Exception | Allowed | 2 |
| CWE-360 | Trust of System Event Data | Allowed | 2 |
| CWE-339 | Small Seed Space in PRNG | Allowed | 2 |
| CWE-336 | Same Seed in Pseudo-Random Number Generator (PRNG) | Allowed | 2 |
| CWE-32 | Path Traversal: '...' (Triple Dot) | Allowed | 2 |
| CWE-205 | Observable Behavioral Discrepancy | Allowed | 2 |
| CWE-186 | Overly Restrictive Regular Expression | Allowed | 2 |
| CWE-173 | Improper Handling of Alternate Encoding | Allowed | 2 |
| CWE-164 | Improper Neutralization of Internal Special Elements | Allowed | 2 |
| CWE-157 | Failure to Sanitize Paired Delimiters | Allowed | 2 |
| CWE-145 | Improper Neutralization of Section Delimiters | Allowed | 2 |
| CWE-1428 | Reliance on HTTP instead of HTTPS | Allowed | 2 |
| CWE-142 | Improper Neutralization of Value Delimiters | Allowed | 2 |
| CWE-135 | Incorrect Calculation of Multi-Byte String Length | Allowed | 2 |
| CWE-1342 | Information Exposure through Microarchitectural State after Transient Execution | Allowed | 2 |
| CWE-1334 | Unauthorized Error Injection Can Degrade Hardware Redundancy | Allowed | 2 |
| CWE-1332 | Improper Handling of Faults that Lead to Instruction Skips | Allowed | 2 |
| CWE-1323 | Improper Management of Sensitive Trace Data | Allowed | 2 |
| CWE-1304 | Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation | Allowed | 2 |
| CWE-1301 | Insufficient or Incomplete Data Removal within Hardware Component | Allowed | 2 |
| CWE-1300 | Improper Protection of Physical Side Channels | Allowed | 2 |
| CWE-1269 | Product Released in Non-Release Configuration | Allowed | 2 |
| CWE-1257 | Improper Access Control Applied to Mirrored or Aliased Memory Regions | Allowed | 2 |
| CWE-1251 | Mirrored Regions with Different Values | Allowed | 2 |
| CWE-1221 | Incorrect Register Defaults or Module Parameters | Allowed | 2 |
| CWE-1112 | Incomplete Documentation of Program Execution | Prohibited | 2 |
| CWE-111 | Direct Use of Unsafe JNI | Allowed | 2 |
| CWE-1107 | Insufficient Isolation of Symbolic Constant Definitions | Prohibited | 2 |
| CWE-1103 | Use of Platform-Dependent Third Party Components | Prohibited | 2 |
| CWE-1100 | Insufficient Isolation of System-Dependent Functions | Allowed | 2 |
| CWE-11 | ASP.NET Misconfiguration: Creating Debug Binary | Allowed | 2 |