Common Weakness Enumeration (CWE)

1,006 CWEs

CWENameCVEsAbstractionLikelihoodDetails
CWE-175Improper Handling of Mixed Encoding0Variant-
CWE-181Incorrect Behavior Order: Validate Before Filter0Variant-
CWE-206Observable Internal Behavioral Discrepancy0Variant-
CWE-211Externally-Generated Error Message Containing Sensitive Information0Base-
CWE-217DEPRECATED: Failure to Protect Stored Data from Modification0Base-
CWE-218DEPRECATED: Failure to provide confidentiality for stored data0Base-
CWE-220Storage of File With Sensitive Data Under FTP Root0Variant-
CWE-221Information Loss or Omission0Class-
CWE-224Obscured Security-relevant Information by Alternate Name0Base-
CWE-225DEPRECATED: General Information Management Problems0Base-
CWE-238Improper Handling of Incomplete Structural Elements0Variant-
CWE-243Creation of chroot Jail Without Changing Working Directory0VariantHigh
CWE-245J2EE Bad Practices: Direct Management of Connections0Variant-
CWE-246J2EE Bad Practices: Direct Use of Sockets0Variant-
CWE-247DEPRECATED: Reliance on DNS Lookups in a Security Decision0Base-
CWE-365DEPRECATED: Race Condition in Switch0Base-
CWE-373DEPRECATED: State Synchronization Error0Base-
CWE-375Returning a Mutable Object to an Untrusted Caller0BaseMedium
CWE-382J2EE Bad Practices: Use of System.exit()0Variant-
CWE-383J2EE Bad Practices: Direct Use of Threads0Variant-
CWE-397Declaration of Throws for Generic Exception0Base-
CWE-423DEPRECATED: Proxied Trusted Channel0Base-
CWE-432Dangerous Signal Handler not Disabled During Sensitive Operations0Base-
CWE-439Behavioral Change in New Version or Environment0Base-
CWE-458DEPRECATED: Incorrect Initialization0Base-