Common Weakness Enumeration (CWE)

1,006 CWEs

CWENameCVEsAbstractionLikelihoodDetails
CWE-117Improper Output Neutralization for Logs101BaseMedium
CWE-441Unintended Proxy or Intermediary ('Confused Deputy')100Class-
CWE-1220Insufficient Granularity of Access Control99Base-
CWE-669Incorrect Resource Transfer Between Spheres98Class-
CWE-763Release of Invalid Pointer or Reference98Base-
CWE-823Use of Out-of-range Pointer Offset98Base-
CWE-130Improper Handling of Length Parameter Inconsistency98Base-
CWE-303Incorrect Implementation of Authentication Algorithm95Base-
CWE-377Insecure Temporary File95Class-
CWE-538Insertion of Sensitive Information into Externally-Accessible File or Directory93Base-
CWE-913Improper Control of Dynamically-Managed Code Resources92Class-
CWE-320CWE-32091--
CWE-328Use of Weak Hash90Base-
CWE-840CWE-84089--
CWE-1286Improper Validation of Syntactic Correctness of Input88Base-
CWE-620Unverified Password Change87Base-
CWE-825Expired Pointer Dereference86Base-
CWE-506Embedded Malicious Code85Class-
CWE-776Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')84BaseMedium
CWE-1390Weak Authentication84Class-
CWE-489Active Debug Code84Base-
CWE-178Improper Handling of Case Sensitivity83Base-
CWE-807Reliance on Untrusted Inputs in a Security Decision83BaseHigh
CWE-598Use of GET Request Method With Sensitive Query Strings82Variant-
CWE-672Operation on a Resource after Expiration or Release81Class-