Common Weakness Enumeration (CWE)

1,006 CWEs

CWENameCVEsAbstractionLikelihoodDetails
CWE-146Improper Neutralization of Expression/Command Delimiters9Variant-
CWE-1274Improper Access Control for Volatile Memory Containing Boot Code9Base-
CWE-1326Missing Immutable Root of Trust in Hardware9Base-
CWE-647Use of Non-Canonical URL Paths for Authorization Decisions9VariantHigh
CWE-616Incomplete Identification of Uploaded File Variables (PHP)9Variant-
CWE-566Authorization Bypass Through User-Controlled SQL Primary Key8Variant-
CWE-199CWE-1998--
CWE-456Missing Initialization of a Variable8Variant-
CWE-371CWE-3718--
CWE-317Cleartext Storage of Sensitive Information in GUI8Variant-
CWE-112Missing XML Validation8Base-
CWE-1173Improper Use of Validation Framework8Base-
CWE-127Buffer Under-read8Variant-
CWE-315Cleartext Storage of Sensitive Information in a Cookie8Variant-
CWE-573Improper Following of Specification by Caller8Class-
CWE-562Return of Stack Variable Address8Base-
CWE-223Omission of Security-relevant Information8Base-
CWE-1282Assumed-Immutable Data is Stored in Writable Memory8Base-
CWE-914Improper Control of Dynamically-Identified Variables8Base-
CWE-421Race Condition During Access to Alternate Channel8Base-
CWE-466Return of Pointer Value Outside of Expected Range8Base-
CWE-705Incorrect Control Flow Scoping8Class-
CWE-361CWE-3617--
CWE-775Missing Release of File Descriptor or Handle after Effective Lifetime7Variant-
CWE-544Missing Standardized Error Handling Mechanism7Base-