Common Weakness Enumeration (CWE)

1,006 CWEs

CWENameCVEsAbstractionLikelihoodDetails
CWE-99Improper Control of Resource Identifiers ('Resource Injection')57ClassHigh
CWE-644Improper Neutralization of HTTP Headers for Scripting Syntax57VariantHigh
CWE-548Exposure of Information Through Directory Listing57Variant-
CWE-325Missing Cryptographic Step57Base-
CWE-123Write-what-where Condition55BaseHigh
CWE-87Improper Neutralization of Alternate XSS Syntax55Variant-
CWE-940Improper Verification of Source of a Communication Channel55Base-
CWE-300Channel Accessible by Non-Endpoint54Class-
CWE-805Buffer Access with Incorrect Length Value54BaseHigh
CWE-841Improper Enforcement of Behavioral Workflow54Base-
CWE-1391Use of Weak Credentials53Class-
CWE-197Numeric Truncation Error52BaseLow
CWE-170Improper Null Termination51BaseMedium
CWE-340Generation of Predictable Numbers or Identifiers48Class-
CWE-378Creation of Temporary File With Insecure Permissions47BaseHigh
CWE-405Asymmetric Resource Consumption (Amplification)46Class-
CWE-385Covert Timing Channel45BaseMedium
CWE-335Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)43Base-
CWE-388CWE-38842--
CWE-664Improper Control of a Resource Through its Lifetime42Pillar-
CWE-323Reusing a Nonce, Key Pair in Encryption42BaseHigh
CWE-1004Sensitive Cookie Without 'HttpOnly' Flag42VariantMedium
CWE-274Improper Handling of Insufficient Privileges41Base-
CWE-440Expected Behavior Violation41Base-
CWE-1393Use of Default Password41Base-