Common Weakness Enumeration

Browse CWEs ranked by the number of vulnerabilities referencing them, and pivot to weakness details, mitigations, and related attack patterns.

Reset

765 CWEs

API response
CWE Name Mapping usage Occurrences
CWE-1007 Insufficient Visual Distinction of Homoglyphs Presented to User Allowed 4
CWE-925 Improper Verification of Intent by Broadcast Receiver Allowed 3
CWE-910 Use of Expired File Descriptor Allowed 3
CWE-780 Use of RSA Algorithm without OAEP Allowed 3
CWE-774 Allocation of File Descriptors or Handles Without Limits or Throttling Allowed 3
CWE-756 Missing Custom Error Page Allowed 3
CWE-687 Function Call With Incorrectly Specified Argument Value Allowed 3
CWE-686 Function Call With Incorrect Argument Type Allowed 3
CWE-623 Unsafe ActiveX Control Marked Safe For Scripting Allowed 3
CWE-62 UNIX Hard Link Allowed 3
CWE-605 Multiple Binds to the Same Port Allowed 3
CWE-597 Use of Wrong Operator in String Comparison Allowed 3
CWE-588 Attempt to Access Child of a Non-structure Pointer Allowed 3
CWE-534 DEPRECATED: Information Exposure Through Debug Log Files Prohibited 3
CWE-474 Use of Function with Inconsistent Implementations Allowed 3
CWE-468 Incorrect Pointer Scaling Allowed 3
CWE-447 Unimplemented or Unsupported Feature in UI Allowed 3
CWE-446 UI Discrepancy for Security Feature Allowed-with-Review 3
CWE-437 Incomplete Model of Endpoint Features Allowed 3
CWE-435 Improper Interaction Between Multiple Correctly-Behaving Entities Discouraged 3
CWE-344 Use of Invariant Value in Dynamically Changing Context Allowed 3
CWE-239 Failure to Handle Incomplete Element Allowed 3
CWE-237 Improper Handling of Structural Elements Allowed 3
CWE-236 Improper Handling of Undefined Parameters Allowed 3
CWE-210 Self-generated Error Message Containing Sensitive Information Allowed 3
CWE-182 Collapse of Data into Unsafe Value Allowed 3
CWE-168 Improper Handling of Inconsistent Special Elements Allowed 3
CWE-166 Improper Handling of Missing Special Element Allowed 3
CWE-148 Improper Neutralization of Input Leaders Allowed 3
CWE-1426 Improper Validation of Generative AI Output Discouraged 3
CWE-1384 Improper Handling of Physical or Environmental Conditions Allowed-with-Review 3
CWE-1335 Incorrect Bitwise Shift of Integer Allowed 3
CWE-1303 Non-Transparent Sharing of Microarchitectural Resources Allowed 3
CWE-1283 Mutable Attestation or Measurement Reporting Data Allowed 3
CWE-128 Wrap-around Error Allowed 3
CWE-1279 Cryptographic Operations are run Before Supporting Units are Ready Allowed 3
CWE-1247 Improper Protection Against Voltage and Clock Glitches Allowed 3
CWE-1233 Security-Sensitive Hardware Controls with Missing Lock Bit Protection Allowed 3
CWE-1231 Improper Prevention of Lock Bit Modification Allowed 3
CWE-1108 Excessive Reliance on Global Variables Allowed 3
CWE-1068 Inconsistency Between Implementation and Documented Design Prohibited 3
CWE-1049 Excessive Data Query Operations in a Large Data Table Allowed 3
CWE-1039 Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism Allowed-with-Review 3
CWE-85 Doubled Character XSS Manipulations Allowed 2
CWE-827 Improper Control of Document Type Definition Allowed 2
CWE-769 DEPRECATED: Uncontrolled File Descriptor Consumption Prohibited 2