Common Weakness Enumeration (CWE)

1,006 CWEs

CWENameCVEsAbstractionLikelihoodDetails
CWE-114Process Control26Class-
CWE-118Incorrect Access of Indexable Resource ('Range Error')25Class-
CWE-778Insufficient Logging25BaseMedium
CWE-322Key Exchange without Entity Authentication25BaseHigh
CWE-1230Exposure of Sensitive Information Through Metadata25Base-
CWE-758Reliance on Undefined, Unspecified, or Implementation-Defined Behavior25Class-
CWE-1275Sensitive Cookie with Improper SameSite Attribute25VariantMedium
CWE-592DEPRECATED: Authentication Bypass Issues24Class-
CWE-260Password in Configuration File24Base-
CWE-391Unchecked Error Condition24BaseMedium
CWE-350Reliance on Reverse DNS Resolution for a Security-Critical Action24Variant-
CWE-523Unprotected Transport of Credentials24Base-
CWE-939Improper Authorization in Handler for Custom URL Scheme24Base-
CWE-83Improper Neutralization of Script in Attributes in a Web Page24Variant-
CWE-551Incorrect Behavior Order: Authorization Before Parsing and Canonicalization24Base-
CWE-833Deadlock24Base-
CWE-253Incorrect Check of Function Return Value23BaseLow
CWE-402Transmission of Private Resources into a New Sphere ('Resource Leak')23Class-
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')23Base-
CWE-283Unverified Ownership23Base-
CWE-603Use of Client-Side Authentication22Base-
CWE-460Improper Cleanup on Thrown Exception22BaseMedium
CWE-214Invocation of Process Using Visible Sensitive Information22Base-
CWE-268Privilege Chaining22BaseHigh
CWE-1300Improper Protection of Physical Side Channels22Base-