Weaknesses

CWE weakness types scored by proportion of linked CVEs with active exploitation.

761 weaknesses scored · Page 7 of 8

critical-risk
2
high-risk
1
moderate-risk
11
low-risk
747
Weakness Score Tier
Improper Neutralization of Special Elements 0/100 low-risk
Improper Handling of Physical or Environmental Conditions 0/100 low-risk
Missing Origin Validation in WebSockets 0/100 low-risk
Insecure Operation on Windows Junction / Mount Point 0/100 low-risk
Incorrect Parsing of Numbers with Different Radices 0/100 low-risk
Weak Authentication 0/100 low-risk
Use of Default Credentials 0/100 low-risk
Use of Default Cryptographic Key 0/100 low-risk
Compiler Removal of Code to Clear Buffers 0/100 low-risk
Improper Neutralization of Delimiters 0/100 low-risk
Improper Neutralization of Parameter/Argument Delimiters 0/100 low-risk
Improper Neutralization of Value Delimiters 0/100 low-risk
Improper Neutralization of Expression/Command Delimiters 0/100 low-risk
Improper Neutralization of Input Terminators 0/100 low-risk
Improper Neutralization of Input Leaders 0/100 low-risk
Improper Neutralization of Substitution Characters 0/100 low-risk
Improper Neutralization of Variable Name Delimiters 0/100 low-risk
Improper Neutralization of Wildcards or Matching Symbols 0/100 low-risk
Improper Neutralization of Whitespace 0/100 low-risk
Failure to Sanitize Paired Delimiters 0/100 low-risk
Improper Handling of Invalid Use of Special Elements 0/100 low-risk
Improper Neutralization of Internal Special Elements 0/100 low-risk
Improper Handling of Additional Special Element 0/100 low-risk
Improper Handling of Inconsistent Special Elements 0/100 low-risk
Encoding Error 0/100 low-risk
Improper Handling of Alternate Encoding 0/100 low-risk
Improper Handling of URL Encoding (Hex Encoding) 0/100 low-risk
Incorrect Behavior Order: Early Validation 0/100 low-risk
Incorrect Behavior Order: Validate Before Canonicalize 0/100 low-risk
Collapse of Data into Unsafe Value 0/100 low-risk
Permissive List of Allowed Inputs 0/100 low-risk
Overly Restrictive Regular Expression 0/100 low-risk
Partial String Comparison 0/100 low-risk
Reliance on Data/Memory Layout 0/100 low-risk
Integer Coercion Error 0/100 low-risk
Unexpected Sign Extension 0/100 low-risk
Unsigned to Signed Conversion Error 0/100 low-risk
Use of Incorrect Byte Ordering 0/100 low-risk
Exposure of Sensitive Information Through Data Queries 0/100 low-risk
Observable Behavioral Discrepancy With Equivalent Products 0/100 low-risk
Observable Timing Discrepancy 0/100 low-risk
Self-generated Error Message Containing Sensitive Information 0/100 low-risk
Improper Removal of Sensitive Information Before Storage or Transfer 0/100 low-risk
Exposure of Sensitive Information Due to Incompatible Policies 0/100 low-risk
Invocation of Process Using Visible Sensitive Information 0/100 low-risk
Insertion of Sensitive Information Into Debugging Code 0/100 low-risk
DEPRECATED: Containment Errors (Container Errors) 0/100 low-risk
Omission of Security-relevant Information 0/100 low-risk
Sensitive Information in Resource Not Removed Before Reuse 0/100 low-risk
Improper Handling of Syntactically Invalid Structure 0/100 low-risk
Improper Handling of Values 0/100 low-risk
Improper Handling of Extra Values 0/100 low-risk
Improper Handling of Undefined Values 0/100 low-risk
Failure to Handle Missing Parameter 0/100 low-risk
Improper Handling of Extra Parameters 0/100 low-risk
Improper Handling of Structural Elements 0/100 low-risk
Failure to Handle Incomplete Element 0/100 low-risk
Improper Handling of Inconsistent Structural Elements 0/100 low-risk
Improper Handling of Unexpected Data Type 0/100 low-risk
Use of Inherently Dangerous Function 0/100 low-risk
Improper Clearing of Heap Memory Before Release ('Heap Inspection') 0/100 low-risk
DEPRECATED: Often Misused: Path Manipulation 0/100 low-risk
Plaintext Storage of a Password 0/100 low-risk
Storing Passwords in a Recoverable Format 0/100 low-risk
Empty Password in Configuration File 0/100 low-risk
Path Traversal: '/dir/../filename' 0/100 low-risk
Weak Encoding for Password 0/100 low-risk
Not Using Password Aging 0/100 low-risk
Password Aging with Long Expiration 0/100 low-risk
Privilege Dropping / Lowering Errors 0/100 low-risk
Least Privilege Violation 0/100 low-risk
Improper Handling of Insufficient Privileges 0/100 low-risk
Insecure Preserved Inherited Permissions 0/100 low-risk
Incorrect Execution-Assigned Permissions 0/100 low-risk
Path Traversal: '..\filedir' 0/100 low-risk
Improper Handling of Insufficient Permissions or Privileges 0/100 low-risk
Authentication Bypass by Alternate Name 0/100 low-risk
Reliance on IP Address for Authentication 0/100 low-risk
DEPRECATED: Trusting Self-reported DNS Name 0/100 low-risk
Using Referer Field for Authentication 0/100 low-risk
Improper Following of a Certificate's Chain of Trust 0/100 low-risk
Improper Validation of Certificate with Host Mismatch 0/100 low-risk
Improper Validation of Certificate Expiration 0/100 low-risk
Improper Check for Certificate Revocation 0/100 low-risk
Path Traversal: '\dir\..\filename' 0/100 low-risk
Reflection Attack in an Authentication Protocol 0/100 low-risk
Missing Critical Step in Authentication 0/100 low-risk
Use of Single-factor Authentication 0/100 low-risk
Use of Password System for Primary Authentication 0/100 low-risk
Missing Encryption of Sensitive Data 0/100 low-risk
Cleartext Storage in a File or on Disk 0/100 low-risk
Cleartext Storage in the Registry 0/100 low-risk
Cleartext Storage of Sensitive Information in a Cookie 0/100 low-risk
Cleartext Storage of Sensitive Information in GUI 0/100 low-risk
Cleartext Storage of Sensitive Information in Executable 0/100 low-risk
Key Exchange without Entity Authentication 0/100 low-risk
Reusing a Nonce, Key Pair in Encryption 0/100 low-risk
Use of a Key Past its Expiration Date 0/100 low-risk
Missing Cryptographic Step 0/100 low-risk
Use of Weak Hash 0/100 low-risk
« Prev 1 5 6 7 8 Next »