Common Weakness Enumeration (CWE)

1,006 CWEs

CWENameCVEsAbstractionLikelihoodDetails
CWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')354Base-
CWE-1284Improper Validation of Specified Quantity in Input353Base-
CWE-665Improper Initialization351ClassMedium
CWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere349Base-
CWE-281Improper Preservation of Permissions337Base-
CWE-250Execution with Unnecessary Privileges335BaseMedium
CWE-16CWE-16316--
CWE-451User Interface (UI) Misrepresentation of Critical Information305Class-
CWE-321Use of Hard-coded Cryptographic Key305VariantHigh
CWE-1188Initialization of a Resource with an Insecure Default304Base-
CWE-1236Improper Neutralization of Formula Elements in a CSV File297Base-
CWE-824Access of Uninitialized Pointer289Base-
CWE-640Weak Password Recovery Mechanism for Forgotten Password288BaseHigh
CWE-829Inclusion of Functionality from Untrusted Control Sphere276Base-
CWE-704Incorrect Type Conversion or Cast271Class-
CWE-521Weak Password Requirements258Base-
CWE-707Improper Neutralization252Pillar-
CWE-294Authentication Bypass by Capture-replay235BaseHigh
CWE-19CWE-19235--
CWE-610Externally Controlled Reference to a Resource in Another Sphere235Class-
CWE-425Direct Request ('Forced Browsing')233Base-
CWE-248Uncaught Exception222Base-
CWE-193Off-by-one Error213Base-
CWE-494Download of Code Without Integrity Check209BaseMedium
CWE-256Plaintext Storage of a Password209BaseHigh