Common Weakness Enumeration
Browse CWEs ranked by the number of vulnerabilities referencing them, and pivot to weakness details, mitigations, and related attack patterns.
765 CWEs
API response| CWE | Name | Mapping usage | Occurrences |
|---|---|---|---|
| CWE-44 | Path Equivalence: 'file.name' (Internal Dot) | Allowed | 1 |
| CWE-433 | Unparsed Raw Web Content Delivery | Allowed | 1 |
| CWE-431 | Missing Handler | Allowed | 1 |
| CWE-430 | Deployment of Wrong Handler | Allowed | 1 |
| CWE-43 | Path Equivalence: 'filename....' (Multiple Trailing Dot) | Allowed | 1 |
| CWE-42 | Path Equivalence: 'filename.' (Trailing Dot) | Allowed | 1 |
| CWE-39 | Path Traversal: 'C:dirname' | Allowed | 1 |
| CWE-38 | Path Traversal: '\absolute\pathname\here' | Allowed | 1 |
| CWE-333 | Improper Handling of Insufficient Entropy in TRNG | Allowed | 1 |
| CWE-318 | Cleartext Storage of Sensitive Information in Executable | Allowed | 1 |
| CWE-314 | Cleartext Storage in the Registry | Allowed | 1 |
| CWE-309 | Use of Password System for Primary Authentication | Allowed | 1 |
| CWE-301 | Reflection Attack in an Authentication Protocol | Allowed | 1 |
| CWE-30 | Path Traversal: '\dir\..\filename' | Allowed | 1 |
| CWE-293 | Using Referer Field for Authentication | Allowed | 1 |
| CWE-28 | Path Traversal: '..\filedir' | Allowed | 1 |
| CWE-263 | Password Aging with Long Expiration | Discouraged | 1 |
| CWE-234 | Failure to Handle Missing Parameter | Discouraged | 1 |
| CWE-207 | Observable Behavioral Discrepancy With Equivalent Products | Allowed | 1 |
| CWE-198 | Use of Incorrect Byte Ordering | Allowed | 1 |
| CWE-188 | Reliance on Data/Memory Layout | Allowed | 1 |
| CWE-162 | Improper Neutralization of Trailing Special Elements | Allowed | 1 |
| CWE-154 | Improper Neutralization of Variable Name Delimiters | Allowed | 1 |
| CWE-143 | Improper Neutralization of Record Delimiters | Allowed | 1 |
| CWE-1422 | Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution | Allowed | 1 |
| CWE-1322 | Use of Blocking Code in Single-threaded, Non-blocking Context | Allowed | 1 |
| CWE-1316 | Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges | Allowed | 1 |
| CWE-1314 | Missing Write Protection for Parametric Data Values | Allowed | 1 |
| CWE-1313 | Hardware Allows Activation of Test or Debug Logic at Runtime | Allowed | 1 |
| CWE-1312 | Missing Protection for Mirrored Regions in On-Chip Fabric Firewall | Allowed | 1 |
| CWE-1310 | Missing Ability to Patch ROM Code | Allowed | 1 |
| CWE-1298 | Hardware Logic Contains Race Conditions | Allowed | 1 |
| CWE-1291 | Public Key Re-Use for Signing both Debug and Production Code | Allowed | 1 |
| CWE-1280 | Access Control Check Implemented After Asset is Accessed | Allowed | 1 |
| CWE-1278 | Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques | Allowed | 1 |
| CWE-1272 | Sensitive Information Uncleared Before Debug/Power State Transition | Allowed | 1 |
| CWE-1264 | Hardware Logic with Insecure De-Synchronization between Control and Data Channels | Allowed | 1 |
| CWE-1255 | Comparison Logic is Vulnerable to Power Side-Channel Attacks | Allowed | 1 |
| CWE-1253 | Incorrect Selection of Fuse Values | Allowed | 1 |
| CWE-1224 | Improper Restriction of Write-Once Bit Fields | Allowed | 1 |
| CWE-1222 | Insufficient Granularity of Address Regions Protected by Register Locks | Allowed | 1 |
| CWE-12 | ASP.NET Misconfiguration: Missing Custom Error Page | Allowed | 1 |
| CWE-1190 | DMA Device Enabled Too Early in Boot Phase | Allowed | 1 |
| CWE-1176 | Inefficient CPU Computation | Allowed-with-Review | 1 |
| CWE-1164 | Irrelevant Code | Allowed-with-Review | 1 |