Common Weakness Enumeration

Browse CWEs ranked by the number of vulnerabilities referencing them, and pivot to weakness details, mitigations, and related attack patterns.

Reset

765 CWEs

API response
CWE Name Mapping usage Occurrences
CWE-689 Permission Race Condition During Resource Copy Allowed 2
CWE-688 Function Call With Incorrect Variable or Reference as Argument Allowed 2
CWE-675 Multiple Operations on Resource in Single-Operation Context Allowed-with-Review 2
CWE-624 Executable Regular Expression Error Allowed 2
CWE-622 Improper Validation of Function Hook Arguments Allowed 2
CWE-616 Incomplete Identification of Uploaded File Variables (PHP) Allowed 2
CWE-563 Assignment to Variable without Use Allowed 2
CWE-531 Inclusion of Sensitive Information in Test Code Allowed 2
CWE-528 Exposure of Core Dump File to an Unauthorized Control Sphere Allowed 2
CWE-527 Exposure of Version-Control Repository to an Unauthorized Control Sphere Allowed 2
CWE-520 .NET Misconfiguration: Use of Impersonation Allowed 2
CWE-499 Serializable Class Containing Sensitive Data Allowed 2
CWE-479 Signal Handler Use of a Non-reentrant Function Allowed 2
CWE-46 Path Equivalence: 'filename ' (Trailing Space) Allowed 2
CWE-450 Multiple Interpretations of UI Input Allowed 2
CWE-422 Unprotected Windows Messaging Channel ('Shatter') Allowed 2
CWE-396 Declaration of Catch for Generic Exception Allowed 2
CWE-360 Trust of System Event Data Allowed 2
CWE-339 Small Seed Space in PRNG Allowed 2
CWE-336 Same Seed in Pseudo-Random Number Generator (PRNG) Allowed 2
CWE-32 Path Traversal: '...' (Triple Dot) Allowed 2
CWE-205 Observable Behavioral Discrepancy Allowed 2
CWE-186 Overly Restrictive Regular Expression Allowed 2
CWE-173 Improper Handling of Alternate Encoding Allowed 2
CWE-164 Improper Neutralization of Internal Special Elements Allowed 2
CWE-157 Failure to Sanitize Paired Delimiters Allowed 2
CWE-145 Improper Neutralization of Section Delimiters Allowed 2
CWE-1428 Reliance on HTTP instead of HTTPS Allowed 2
CWE-142 Improper Neutralization of Value Delimiters Allowed 2
CWE-135 Incorrect Calculation of Multi-Byte String Length Allowed 2
CWE-1342 Information Exposure through Microarchitectural State after Transient Execution Allowed 2
CWE-1334 Unauthorized Error Injection Can Degrade Hardware Redundancy Allowed 2
CWE-1332 Improper Handling of Faults that Lead to Instruction Skips Allowed 2
CWE-1323 Improper Management of Sensitive Trace Data Allowed 2
CWE-1304 Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation Allowed 2
CWE-1301 Insufficient or Incomplete Data Removal within Hardware Component Allowed 2
CWE-1300 Improper Protection of Physical Side Channels Allowed 2
CWE-1269 Product Released in Non-Release Configuration Allowed 2
CWE-1257 Improper Access Control Applied to Mirrored or Aliased Memory Regions Allowed 2
CWE-1251 Mirrored Regions with Different Values Allowed 2
CWE-1221 Incorrect Register Defaults or Module Parameters Allowed 2
CWE-1112 Incomplete Documentation of Program Execution Prohibited 2
CWE-111 Direct Use of Unsafe JNI Allowed 2
CWE-1107 Insufficient Isolation of Symbolic Constant Definitions Prohibited 2
CWE-1103 Use of Platform-Dependent Third Party Components Prohibited 2
CWE-1100 Insufficient Isolation of System-Dependent Functions Allowed 2
CWE-11 ASP.NET Misconfiguration: Creating Debug Binary Allowed 2