Common Weakness Enumeration

Browse CWEs ranked by the number of vulnerabilities referencing them, and pivot to weakness details, mitigations, and related attack patterns.

Reset

765 CWEs

API response
CWE Name Mapping usage Occurrences
CWE-44 Path Equivalence: 'file.name' (Internal Dot) Allowed 1
CWE-433 Unparsed Raw Web Content Delivery Allowed 1
CWE-431 Missing Handler Allowed 1
CWE-430 Deployment of Wrong Handler Allowed 1
CWE-43 Path Equivalence: 'filename....' (Multiple Trailing Dot) Allowed 1
CWE-42 Path Equivalence: 'filename.' (Trailing Dot) Allowed 1
CWE-39 Path Traversal: 'C:dirname' Allowed 1
CWE-38 Path Traversal: '\absolute\pathname\here' Allowed 1
CWE-333 Improper Handling of Insufficient Entropy in TRNG Allowed 1
CWE-318 Cleartext Storage of Sensitive Information in Executable Allowed 1
CWE-314 Cleartext Storage in the Registry Allowed 1
CWE-309 Use of Password System for Primary Authentication Allowed 1
CWE-301 Reflection Attack in an Authentication Protocol Allowed 1
CWE-30 Path Traversal: '\dir\..\filename' Allowed 1
CWE-293 Using Referer Field for Authentication Allowed 1
CWE-28 Path Traversal: '..\filedir' Allowed 1
CWE-263 Password Aging with Long Expiration Discouraged 1
CWE-234 Failure to Handle Missing Parameter Discouraged 1
CWE-207 Observable Behavioral Discrepancy With Equivalent Products Allowed 1
CWE-198 Use of Incorrect Byte Ordering Allowed 1
CWE-188 Reliance on Data/Memory Layout Allowed 1
CWE-162 Improper Neutralization of Trailing Special Elements Allowed 1
CWE-154 Improper Neutralization of Variable Name Delimiters Allowed 1
CWE-143 Improper Neutralization of Record Delimiters Allowed 1
CWE-1422 Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution Allowed 1
CWE-1322 Use of Blocking Code in Single-threaded, Non-blocking Context Allowed 1
CWE-1316 Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges Allowed 1
CWE-1314 Missing Write Protection for Parametric Data Values Allowed 1
CWE-1313 Hardware Allows Activation of Test or Debug Logic at Runtime Allowed 1
CWE-1312 Missing Protection for Mirrored Regions in On-Chip Fabric Firewall Allowed 1
CWE-1310 Missing Ability to Patch ROM Code Allowed 1
CWE-1298 Hardware Logic Contains Race Conditions Allowed 1
CWE-1291 Public Key Re-Use for Signing both Debug and Production Code Allowed 1
CWE-1280 Access Control Check Implemented After Asset is Accessed Allowed 1
CWE-1278 Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques Allowed 1
CWE-1272 Sensitive Information Uncleared Before Debug/Power State Transition Allowed 1
CWE-1264 Hardware Logic with Insecure De-Synchronization between Control and Data Channels Allowed 1
CWE-1255 Comparison Logic is Vulnerable to Power Side-Channel Attacks Allowed 1
CWE-1253 Incorrect Selection of Fuse Values Allowed 1
CWE-1224 Improper Restriction of Write-Once Bit Fields Allowed 1
CWE-1222 Insufficient Granularity of Address Regions Protected by Register Locks Allowed 1
CWE-12 ASP.NET Misconfiguration: Missing Custom Error Page Allowed 1
CWE-1190 DMA Device Enabled Too Early in Boot Phase Allowed 1
CWE-1176 Inefficient CPU Computation Allowed-with-Review 1
CWE-1164 Irrelevant Code Allowed-with-Review 1