Weaknesses

CWE weakness types scored by proportion of linked CVEs with active exploitation.

761 weaknesses scored · Page 2 of 8

critical-risk
2
high-risk
1
moderate-risk
11
low-risk
747
Weakness Score Tier
Incorrect Conversion between Numeric Types 6/100 low-risk
Uncontrolled Resource Consumption 6/100 low-risk
External Control of File Name or Path 6/100 low-risk
Insufficient Resource Pool 6/100 low-risk
Double Free 6/100 low-risk
Incomplete List of Disallowed Inputs 6/100 low-risk
Integer Overflow or Wraparound 6/100 low-risk
Access of Uninitialized Pointer 6/100 low-risk
Improper Access Control 6/100 low-risk
Integer Underflow (Wrap or Wraparound) 6/100 low-risk
Incorrect Authorization 6/100 low-risk
Improper Neutralization of CRLF Sequences ('CRLF Injection') 6/100 low-risk
Numeric Truncation Error 6/100 low-risk
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 6/100 low-risk
CWE-310 6/100 low-risk
CWE-388 6/100 low-risk
Insufficiently Protected Credentials 6/100 low-risk
Buffer Underwrite ('Buffer Underflow') 6/100 low-risk
Use of Uninitialized Resource 5/100 low-risk
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') 5/100 low-risk
Path Traversal: '/../filedir' 5/100 low-risk
Download of Code Without Integrity Check 5/100 low-risk
Return of Stack Variable Address 5/100 low-risk
Hidden Functionality 5/100 low-risk
Operation on a Resource after Expiration or Release 5/100 low-risk
Incorrect Permission Assignment for Critical Resource 5/100 low-risk
Time-of-check Time-of-use (TOCTOU) Race Condition 5/100 low-risk
Out-of-bounds Read 5/100 low-risk
Privilege Context Switching Error 5/100 low-risk
Observable Discrepancy 5/100 low-risk
Incorrect Comparison 5/100 low-risk
Path Traversal: '.../...//' 5/100 low-risk
Externally Controlled Reference to a Resource in Another Sphere 5/100 low-risk
Untrusted Pointer Dereference 5/100 low-risk
External Control of Assumed-Immutable Web Parameter 5/100 low-risk
Missing XML Validation 5/100 low-risk
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 5/100 low-risk
Improper Handling of Exceptional Conditions 5/100 low-risk
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 5/100 low-risk
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 4/100 low-risk
Use of a One-Way Hash with a Predictable Salt 4/100 low-risk
Reachable Assertion 4/100 low-risk
Incorrectly Specified Destination in a Communication Channel 4/100 low-risk
Improper Handling of Missing Values 4/100 low-risk
Placement of User into Incorrect Group 4/100 low-risk
Missing Authorization 4/100 low-risk
Incorrect Resource Transfer Between Spheres 4/100 low-risk
Improper Verification of Cryptographic Signature 4/100 low-risk
Uncontrolled Recursion 4/100 low-risk
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 4/100 low-risk
Incorrect Regular Expression 4/100 low-risk
CWE-275 4/100 low-risk
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') 4/100 low-risk
Path Traversal: '../filedir' 4/100 low-risk
Unverified Password Change 4/100 low-risk
Improper Neutralization of Formula Elements in a CSV File 4/100 low-risk
Insufficient Entropy 4/100 low-risk
Use of Weak Credentials 3/100 low-risk
CWE-16 3/100 low-risk
Origin Validation Error 3/100 low-risk
Trust Boundary Violation 3/100 low-risk
Use of Password Hash Instead of Password for Authentication 3/100 low-risk
Improper Resource Shutdown or Release 3/100 low-risk
Improper Check for Unusual or Exceptional Conditions 3/100 low-risk
Improper Restriction of Security Token Assignment 3/100 low-risk
Unprotected Primary Channel 3/100 low-risk
Improper Filtering of Special Elements 3/100 low-risk
Use of Password Hash With Insufficient Computational Effort 3/100 low-risk
Improper Neutralization of Null Byte or NUL Character 3/100 low-risk
Improper Preservation of Permissions 3/100 low-risk
Loop with Unreachable Exit Condition ('Infinite Loop') 3/100 low-risk
Active Debug Code 3/100 low-risk
NULL Pointer Dereference 3/100 low-risk
Exposure of Private Personal Information to an Unauthorized Actor 3/100 low-risk
Use of Insufficiently Random Values 3/100 low-risk
Generation of Error Message Containing Sensitive Information 3/100 low-risk
Inappropriate Encoding for Output Context 3/100 low-risk
Improper Neutralization 3/100 low-risk
Session Fixation 3/100 low-risk
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') 3/100 low-risk
Use of Hard-coded Cryptographic Key 3/100 low-risk
Improper Restriction of Excessive Authentication Attempts 3/100 low-risk
Missing Release of Resource after Effective Lifetime 3/100 low-risk
Allocation of Resources Without Limits or Throttling 3/100 low-risk
Inadequate Encryption Strength 3/100 low-risk
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') 3/100 low-risk
Untrusted Search Path 3/100 low-risk
Buffer Over-read 3/100 low-risk
Incorrect Implementation of Authentication Algorithm 3/100 low-risk
Improper Validation of Specified Type of Input 2/100 low-risk
Execution After Redirect (EAR) 2/100 low-risk
Improper Control of a Resource Through its Lifetime 2/100 low-risk
Incorrect Check of Function Return Value 2/100 low-risk
Privilege Defined With Unsafe Actions 2/100 low-risk
Unchecked Return Value 2/100 low-risk
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') 2/100 low-risk
Improper Isolation or Compartmentalization 2/100 low-risk
Divide By Zero 2/100 low-risk
Logging of Excessive Data 2/100 low-risk
Race Condition within a Thread 2/100 low-risk
« Prev 1 2 3 4 8 Next »