Common Weakness Enumeration (CWE)

1,006 CWEs

CWENameCVEsAbstractionLikelihoodDetails
CWE-502Deserialization of Untrusted Data2,946BaseMedium
CWE-269Improper Privilege Management2,876ClassMedium
CWE-918Server-Side Request Forgery (SSRF)2,871Base-
CWE-399CWE-3992,695--
CWE-306Missing Authentication for Critical Function2,516BaseHigh
CWE-310CWE-3102,511--
CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')2,444ClassMedium
CWE-122Heap-based Buffer Overflow2,420VariantHigh
CWE-770Allocation of Resources Without Limits or Throttling1,989BaseHigh
CWE-639Authorization Bypass Through User-Controlled Key1,977BaseHigh
CWE-401Missing Release of Memory after Effective Lifetime1,829VariantMedium
CWE-798Use of Hard-coded Credentials1,736BaseHigh
CWE-732Incorrect Permission Assignment for Critical Resource1,682ClassHigh
CWE-59Improper Link Resolution Before File Access ('Link Following')1,576BaseMedium
CWE-601URL Redirection to Untrusted Site ('Open Redirect')1,563BaseLow
CWE-276Incorrect Default Permissions1,524BaseMedium
CWE-295Improper Certificate Validation1,439Base-
CWE-285Improper Authorization1,399ClassHigh
CWE-522Insufficiently Protected Credentials1,388Class-
CWE-98Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')1,267VariantHigh
CWE-611Improper Restriction of XML External Entity Reference1,264Base-
CWE-189CWE-1891,248--
CWE-427Uncontrolled Search Path Element1,185Base-
CWE-532Insertion of Sensitive Information into Log File1,159BaseMedium
CWE-266Incorrect Privilege Assignment1,005Base-