Common Weakness Enumeration (CWE)

1,006 CWEs

CWENameCVEsAbstractionLikelihoodDetails
CWE-409Improper Handling of Highly Compressed Data (Data Amplification)81Base-
CWE-926Improper Export of Android Application Components81Variant-
CWE-912Hidden Functionality80Class-
CWE-591Sensitive Data Storage in Improperly Locked Memory77Variant-
CWE-565Reliance on Cookies without Validation and Integrity Checking76Base-
CWE-90Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')70Base-
CWE-277Insecure Inherited Permissions70Variant-
CWE-15External Control of System or Configuration Setting70Base-
CWE-799Improper Control of Interaction Frequency69Class-
CWE-470Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')67Base-
CWE-653Improper Isolation or Compartmentalization66Class-
CWE-150Improper Neutralization of Escape, Meta, or Control Sequences66Variant-
CWE-648Incorrect Use of Privileged APIs66BaseLow
CWE-943Improper Neutralization of Special Elements in Data Query Logic65Class-
CWE-257Storing Passwords in a Recoverable Format65BaseHigh
CWE-267Privilege Defined With Unsafe Actions64Base-
CWE-923Improper Restriction of Communication Channel to Intended Endpoints64Class-
CWE-29Path Traversal: '\..\filename'64Variant-
CWE-662Improper Synchronization60Class-
CWE-614Sensitive Cookie in HTTPS Session Without 'Secure' Attribute60Variant-
CWE-348Use of Less Trusted Source59Base-
CWE-379Creation of Temporary File in Directory with Insecure Permissions58BaseLow
CWE-1285Improper Validation of Specified Index, Position, or Offset in Input57Base-
CWE-524Use of Cache Containing Sensitive Information57Base-
CWE-297Improper Validation of Certificate with Host Mismatch57VariantHigh