Common Weakness Enumeration

Browse CWEs ranked by the number of vulnerabilities referencing them, and pivot to weakness details, mitigations, and related attack patterns.

Reset

765 CWEs

API response
CWE Name Mapping usage Occurrences
CWE-412 Unrestricted Externally Accessible Lock Allowed 5
CWE-403 Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') Allowed 5
CWE-343 Predictable Value Range from Previous Values Allowed 5
CWE-332 Insufficient Entropy in PRNG Allowed 5
CWE-298 Improper Validation of Certificate Expiration Allowed 5
CWE-219 Storage of File with Sensitive Data Under Web Root Allowed 5
CWE-179 Incorrect Behavior Order: Early Validation Allowed 5
CWE-167 Improper Handling of Additional Special Element Allowed 5
CWE-153 Improper Neutralization of Substitution Characters Allowed 5
CWE-149 Improper Neutralization of Quoting Syntax Allowed 5
CWE-147 Improper Neutralization of Input Terminators Allowed 5
CWE-1421 Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution Allowed 5
CWE-1328 Security Version Number Mutable to Older Versions Allowed 5
CWE-1254 Incorrect Comparison Logic Granularity Allowed 5
CWE-1250 Improper Preservation of Consistency Between Independent Representations of Shared State Allowed 5
CWE-1245 Improper Finite State Machines (FSMs) in Hardware Logic Allowed 5
CWE-1204 Generation of Weak Initialization Vector (IV) Allowed 5
CWE-1088 Synchronous Access of Remote Resource without Timeout Allowed 5
CWE-839 Numeric Range Comparison Without Minimum Check Allowed 4
CWE-792 Incomplete Filtering of One or More Instances of Special Elements Allowed 4
CWE-786 Access of Memory Location Before Start of Buffer Discouraged 4
CWE-777 Regular Expression without Anchors Allowed 4
CWE-767 Access to Critical Private Variable via Public Method Allowed 4
CWE-733 Compiler Optimization Removal or Modification of Security-critical Code Allowed 4
CWE-683 Function Call With Incorrect Order of Arguments Allowed 4
CWE-550 Server-generated Error Message Containing Sensitive Information Allowed 4
CWE-473 PHP External Variable Modification Allowed 4
CWE-467 Use of sizeof() on a Pointer Type Allowed 4
CWE-414 Missing Lock Check Allowed 4
CWE-40 Path Traversal: '\\UNC\share\name\' (Windows UNC Share) Allowed 4
CWE-368 Context Switching Race Condition Allowed 4
CWE-278 Insecure Preserved Inherited Permissions Allowed 4
CWE-240 Improper Handling of Inconsistent Structural Elements Allowed 4
CWE-231 Improper Handling of Extra Values Allowed 4
CWE-216 DEPRECATED: Containment Errors (Container Errors) Prohibited 4
CWE-194 Unexpected Sign Extension Allowed 4
CWE-156 Improper Neutralization of Whitespace Allowed 4
CWE-144 Improper Neutralization of Line Delimiters Allowed 4
CWE-1420 Exposure of Sensitive Information during Transient Execution Allowed-with-Review 4
CWE-1357 Reliance on Insufficiently Trustworthy Component Allowed-with-Review 4
CWE-1319 Improper Protection against Electromagnetic Fault Injection (EM-FI) Allowed 4
CWE-1281 Sequence of Processor Instructions Leads to Unexpected Behavior Allowed 4
CWE-1270 Generation of Incorrect Security Tokens Allowed 4
CWE-1256 Improper Restriction of Software Interfaces to Hardware Features Allowed 4
CWE-1234 Hardware Internal or Debug Modes Allow Override of Locks Allowed 4
CWE-1125 Excessive Attack Surface Prohibited 4
CWE-1077 Floating Point Comparison with Incorrect Operator Allowed 4
CWE-1059 Insufficient Technical Documentation Prohibited 4
CWE-1037 Processor Optimization Removal or Modification of Security-critical Code Allowed 4