Common Weakness Enumeration (CWE)

1,006 CWEs

CWENameCVEsAbstractionLikelihoodDetails
CWE-261Weak Encoding for Password40Base-
CWE-302Authentication Bypass by Assumed-Immutable Data40Base-
CWE-353Missing Support for Integrity Check40BaseMedium
CWE-273Improper Check for Dropped Privileges39BaseMedium
CWE-185Incorrect Regular Expression39Class-
CWE-183Permissive List of Allowed Inputs39Base-
CWE-349Acceptance of Extraneous Untrusted Data With Trusted Data38Base-
CWE-636Not Failing Securely ('Failing Open')38Class-
CWE-420Unprotected Alternate Channel37Base-
CWE-791Incomplete Filtering of Special Elements37Base-
CWE-289Authentication Bypass by Alternate Name36Base-
CWE-124Buffer Underwrite ('Buffer Underflow')36BaseMedium
CWE-316Cleartext Storage of Sensitive Information in Memory36Variant-
CWE-471Modification of Assumed-Immutable Data (MAID)36Base-
CWE-782Exposed IOCTL with Insufficient Access Control36Variant-
CWE-75Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)35Class-
CWE-202Exposure of Sensitive Information Through Data Queries35BaseMedium
CWE-696Incorrect Behavior Order35Class-
CWE-272Least Privilege Violation35Base-
CWE-924Improper Enforcement of Message Integrity During Transmission in a Communication Channel34Base-
CWE-1385Missing Origin Validation in WebSockets34Variant-
CWE-92DEPRECATED: Improper Sanitization of Custom Special Characters34Base-
CWE-304Missing Critical Step in Authentication33Base-
CWE-424Improper Protection of Alternate Path33Class-
CWE-690Unchecked Return Value to NULL Pointer Dereference33Compound-