Common Weakness Enumeration (CWE)

1,006 CWEs

CWENameCVEsAbstractionLikelihoodDetails
CWE-602Client-Side Enforcement of Server-Side Security145ClassMedium
CWE-95Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')144VariantMedium
CWE-1287Improper Validation of Specified Type of Input142Base-
CWE-670Always-Incorrect Control Flow Implementation141Class-
CWE-472External Control of Assumed-Immutable Web Parameter137Base-
CWE-331Insufficient Entropy134Base-
CWE-915Improperly Controlled Modification of Dynamically-Determined Object Attributes134Base-
CWE-358Improperly Implemented Security Check for Standard132Base-
CWE-36Absolute Path Traversal130Base-
CWE-91XML Injection (aka Blind XPath Injection)129Base-
CWE-682Incorrect Calculation128PillarHigh
CWE-681Incorrect Conversion between Numeric Types121BaseHigh
CWE-916Use of Password Hash With Insufficient Computational Effort119Base-
CWE-436Interpretation Conflict119Class-
CWE-407Inefficient Algorithmic Complexity117ClassLow
CWE-212Improper Removal of Sensitive Information Before Storage or Transfer116Base-
CWE-706Use of Incorrectly-Resolved Name or Reference114Class-
CWE-24Path Traversal: '../filedir'111Variant-
CWE-275CWE-275110--
CWE-834Excessive Iteration108Class-
CWE-942Permissive Cross-domain Policy with Untrusted Domains107Variant-
CWE-1392Use of Default Credentials106Base-
CWE-680Integer Overflow to Buffer Overflow105Compound-
CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')104Variant-
CWE-909Missing Initialization of Resource102ClassMedium