|
| CWE-20 Improper Input Validation |
 |
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|
|
CWE-668 Exposure of Resource to Wrong Sphere |
|
CWE-41 Improper Resolution of Path Equivalence |
|
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
|
CWE-770 Allocation of Resources Without Limits or Throttling |
|
| CWE-46 Path Equivalence: 'filename ' (Trailing Space) |
|
CWE-289 Authentication Bypass by Alternate Name |
|
| CWE-52 Path Equivalence: '/multiple/trailing/slash//' |
|
CWE-289 Authentication Bypass by Alternate Name |
|
| CWE-73 External Control of File Name or Path |
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|
CWE-41 Improper Resolution of Path Equivalence |
|
CWE-434 Unrestricted Upload of File with Dangerous Type |
|
CWE-59 Improper Link Resolution Before File Access ('Link Following') |
|
CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') |
|
|
CWE-94 Improper Control of Generation of Code ('Code Injection') |
|
| CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') |
|
CWE-117 Improper Output Neutralization for Logs |
|
| CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') |
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
|
|
CWE-494 Download of Code Without Integrity Check |
|
| CWE-116 Improper Encoding or Escaping of Output |
|
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
|
| CWE-128 Wrap-around Error |
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
| CWE-129 Improper Validation of Array Index |
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
CWE-789 Memory Allocation with Excessive Size Value |
|
|
CWE-476 NULL Pointer Dereference |
|
CWE-823 Use of Out-of-range Pointer Offset |
|
|
CWE-125 Out-of-bounds Read |
|
|
CWE-787 Out-of-bounds Write |
|
| CWE-130 Improper Handling of Length Parameter Inconsistency |
|
CWE-805 Buffer Access with Incorrect Length Value |
|
| CWE-131 Incorrect Calculation of Buffer Size |
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
| CWE-134 Use of Externally-Controlled Format String |
|
CWE-123 Write-what-where Condition |
|
| CWE-172 Encoding Error |
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|
CWE-41 Improper Resolution of Path Equivalence |
|
| CWE-173 Improper Handling of Alternate Encoding |
|
CWE-289 Authentication Bypass by Alternate Name |
|
| CWE-178 Improper Handling of Case Sensitivity |
|
CWE-289 Authentication Bypass by Alternate Name |
|
CWE-433 Unparsed Raw Web Content Delivery |
|
| CWE-183 Permissive List of Allowed Inputs |
|
CWE-434 Unrestricted Upload of File with Dangerous Type |
|
| CWE-184 Incomplete List of Disallowed Inputs |
|
CWE-434 Unrestricted Upload of File with Dangerous Type |
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
|
CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') |
|
| CWE-185 Incorrect Regular Expression |
|
CWE-182 Collapse of Data into Unsafe Value |
|
|
CWE-33 Path Traversal: '....' (Multiple Dot) |
|
|
CWE-34 Path Traversal: '....//' |
|
|
CWE-35 Path Traversal: '.../...//' |
|
CWE-187 Partial String Comparison |
|
| CWE-190 Integer Overflow or Wraparound |
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
| CWE-193 Off-by-one Error |
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
CWE-170 Improper Null Termination |
|
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
|
|
|
CWE-123 Write-what-where Condition |
|
|
CWE-126 Buffer Over-read |
|
CWE-617 Reachable Assertion |
|
| CWE-205 Observable Behavioral Discrepancy |
|
CWE-514 Covert Channel |
|
| CWE-208 Observable Timing Discrepancy |
|
CWE-327 Use of a Broken or Risky Cryptographic Algorithm |
|
CWE-385 Covert Timing Channel |
|
| CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer |
|
CWE-201 Insertion of Sensitive Information Into Sent Data |
|
| CWE-226 Sensitive Information in Resource Not Removed Before Reuse |
|
CWE-201 Insertion of Sensitive Information Into Sent Data |
|
| CWE-231 Improper Handling of Extra Values |
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
|
| CWE-244 Improper Clearing of Heap Memory Before Release ('Heap Inspection') |
|
CWE-669 Incorrect Resource Transfer Between Spheres |
|
| CWE-252 Unchecked Return Value |
|
CWE-476 NULL Pointer Dereference |
|
| CWE-322 Key Exchange without Entity Authentication |
|
CWE-923 Improper Restriction of Communication Channel to Intended Endpoints |
|
| CWE-330 Use of Insufficiently Random Values |
|
CWE-804 Guessable CAPTCHA |
|
| CWE-340 Generation of Predictable Numbers or Identifiers (also a composite component) |
|
CWE-384 Session Fixation (also a composite) |
|
| CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action |
|
CWE-923 Improper Restriction of Communication Channel to Intended Endpoints |
|
| CWE-363 Race Condition Enabling Link Following |
|
CWE-59 Improper Link Resolution Before File Access ('Link Following') |
|
| CWE-364 Signal Handler Race Condition |
|
CWE-123 Write-what-where Condition |
|
CWE-415 Double Free |
|
CWE-416 Use After Free |
|
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
|
|
CWE-123 Write-what-where Condition |
|
| CWE-390 Detection of Error Condition Without Action |
|
CWE-401 Missing Release of Memory after Effective Lifetime |
|
| CWE-404 Improper Resource Shutdown or Release |
|
CWE-619 Dangling Database Cursor ('Cursor Injection') |
|
| CWE-410 Insufficient Resource Pool |
|
CWE-400 Uncontrolled Resource Consumption |
|
| CWE-425 Direct Request ('Forced Browsing') |
|
CWE-471 Modification of Assumed-Immutable Data (MAID) |
|
CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') |
|
| CWE-430 Deployment of Wrong Handler |
|
CWE-433 Unparsed Raw Web Content Delivery |
|
| CWE-431 Missing Handler |
|
CWE-433 Unparsed Raw Web Content Delivery |
|
| CWE-441 Unintended Proxy or Intermediary ('Confused Deputy') (also a composite component) |
|
CWE-668 Exposure of Resource to Wrong Sphere |
|
| CWE-456 Missing Initialization of a Variable |
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
|
CWE-457 Use of Uninitialized Variable |
|
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
|
CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') |
|
| CWE-473 PHP External Variable Modification |
|
CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') |
|
| CWE-479 Signal Handler Use of a Non-reentrant Function |
|
CWE-123 Write-what-where Condition |
|
| CWE-481 Assigning instead of Comparing |
|
CWE-697 Incorrect Comparison |
|
| CWE-489 Active Debug Code |
|
CWE-215 Insertion of Sensitive Information Into Debugging Code |
|
| CWE-498 Cloneable Class Containing Sensitive Information |
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor |
|
| CWE-499 Serializable Class Containing Sensitive Data |
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor |
|
| CWE-562 Return of Stack Variable Address |
|
CWE-672 Operation on a Resource after Expiration or Release |
|
CWE-825 Expired Pointer Dereference |
|
|
CWE-125 Out-of-bounds Read |
|
|
CWE-787 Out-of-bounds Write |
|
| CWE-567 Unsynchronized Access to Shared Data in a Multithreaded Context |
|
CWE-488 Exposure of Data Element to Wrong Session |
|
| CWE-570 Expression is Always False |
|
CWE-561 Dead Code |
|
| CWE-571 Expression is Always True |
|
CWE-561 Dead Code |
|
| CWE-590 Free of Memory not on the Heap |
|
CWE-123 Write-what-where Condition |
|
| CWE-600 Uncaught Exception in Servlet |
|
CWE-209 Generation of Error Message Containing Sensitive Information |
|
| CWE-602 Client-Side Enforcement of Server-Side Security |
|
CWE-471 Modification of Assumed-Immutable Data (MAID) |
|
| CWE-606 Unchecked Input for Loop Condition |
|
CWE-834 Excessive Iteration |
|
| CWE-609 Double-Checked Locking |
|
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition |
|
| CWE-613 Insufficient Session Expiration (also a composite component) |
|
CWE-287 Improper Authentication |
|
| CWE-621 Variable Extraction Error |
|
CWE-471 Modification of Assumed-Immutable Data (MAID) |
|
| CWE-656 Reliance on Security Through Obscurity |
|
CWE-259 Use of Hard-coded Password |
|
CWE-321 Use of Hard-coded Cryptographic Key |
|
CWE-472 External Control of Assumed-Immutable Web Parameter (also a composite component) |
|
| CWE-662 Improper Synchronization |
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (also a composite component) |
|
|
CWE-416 Use After Free |
|
|
CWE-476 NULL Pointer Dereference |
|
| CWE-681 Incorrect Conversion between Numeric Types |
|
CWE-682 Incorrect Calculation |
|
|
CWE-170 Improper Null Termination |
|
| CWE-754 Improper Check for Unusual or Exceptional Conditions |
|
CWE-416 Use After Free |
|
| CWE-756 Missing Custom Error Page |
|
CWE-209 Generation of Error Message Containing Sensitive Information |
|
| CWE-782 Exposed IOCTL with Insufficient Access Control |
|
CWE-781 Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code |
|
|
CWE-822 Untrusted Pointer Dereference |
|
|
|
CWE-125 Out-of-bounds Read |
|
|
|
CWE-787 Out-of-bounds Write |
|
| CWE-824 Access of Uninitialized Pointer |
|
CWE-125 Out-of-bounds Read |
|
CWE-787 Out-of-bounds Write |
|
| CWE-826 Premature Release of Resource During Expected Lifetime |
|
CWE-672 Operation on a Resource after Expiration or Release |
|
| CWE-827 Improper Control of Document Type Definition |
|
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') |
|
| CWE-839 Numeric Range Comparison Without Minimum Check |
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
CWE-124 Buffer Underwrite ('Buffer Underflow') |
|
CWE-195 Signed to Unsigned Conversion Error |
|
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
CWE-682 Incorrect Calculation |
|
| CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') |
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
| CWE-909 Missing Initialization of Resource |
|
CWE-908 Use of Uninitialized Resource |
|
| CWE-911 Improper Update of Reference Count |
|
CWE-672 Operation on a Resource after Expiration or Release |
|
CWE-772 Missing Release of Resource after Effective Lifetime |
|
| CWE-941 Incorrectly Specified Destination in a Communication Channel |
|
CWE-406 Insufficient Control of Network Message Volume (Network Amplification) |
|
| CWE-942 Permissive Cross-domain Policy with Untrusted Domains |
|
CWE-668 Exposure of Resource to Wrong Sphere |
|
| CWE-1257 Improper Access Control Applied to Mirrored or Aliased Memory Regions |
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
| CWE-1260 Improper Handling of Overlap Between Protected Memory Ranges |
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
| CWE-1265 Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls |
|
CWE-416 Use After Free |
|
| CWE-1272 Sensitive Information Uncleared Before Debug/Power State Transition |
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor |
|
| CWE-1275 Sensitive Cookie with Improper SameSite Attribute |
|
CWE-352 Cross-Site Request Forgery (CSRF) (also a composite) |
|
| CWE-1282 Assumed-Immutable Data is Stored in Writable Memory |
|
CWE-471 Modification of Assumed-Immutable Data (MAID) |
|
| CWE-1284 Improper Validation of Specified Quantity in Input |
|
CWE-789 Memory Allocation with Excessive Size Value |
|
| CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') |
|
CWE-471 Modification of Assumed-Immutable Data (MAID) |
|
| CWE-1322 Use of Blocking Code in Single-threaded, Non-blocking Context |
|
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') |
|
| CWE-1325 Improperly Controlled Sequential Memory Allocation |
|
CWE-476 NULL Pointer Dereference |
|
| CWE-1339 Insufficient Precision or Accuracy of a Real Number |
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
CWE-834 Excessive Iteration |
|
| CWE-1341 Multiple Releases of Same Resource or Handle |
|
CWE-672 Operation on a Resource after Expiration or Release |
