Weakness browsing - CVE-Search

CWE ID	Description
CWE-20	Improper Input Validation
CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-75	Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
CWE-77	Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-99	Improper Control of Resource Identifiers ('Resource Injection')
CWE-114	Process Control
CWE-116	Improper Encoding or Escaping of Output
CWE-118	Incorrect Access of Indexable Resource ('Range Error')
CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-138	Improper Neutralization of Special Elements
CWE-159	Improper Handling of Invalid Use of Special Elements
CWE-172	Encoding Error
CWE-185	Incorrect Regular Expression
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-221	Information Loss or Omission
CWE-228	Improper Handling of Syntactically Invalid Structure
CWE-269	Improper Privilege Management
CWE-271	Privilege Dropping / Lowering Errors
CWE-282	Improper Ownership Management
CWE-285	Improper Authorization
CWE-286	Incorrect User Management
CWE-287	Improper Authentication
CWE-300	Channel Accessible by Non-Endpoint
CWE-311	Missing Encryption of Sensitive Data
CWE-326	Inadequate Encryption Strength
CWE-327	Use of a Broken or Risky Cryptographic Algorithm
CWE-330	Use of Insufficiently Random Values
CWE-340	Generation of Predictable Numbers or Identifiers
CWE-345	Insufficient Verification of Data Authenticity
CWE-346	Origin Validation Error
CWE-362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-377	Insecure Temporary File
CWE-400	Uncontrolled Resource Consumption
CWE-402	Transmission of Private Resources into a New Sphere ('Resource Leak')
CWE-404	Improper Resource Shutdown or Release
CWE-405	Asymmetric Resource Consumption (Amplification)
CWE-406	Insufficient Control of Network Message Volume (Network Amplification)
CWE-407	Inefficient Algorithmic Complexity
CWE-424	Improper Protection of Alternate Path
CWE-436	Interpretation Conflict
CWE-441	Unintended Proxy or Intermediary ('Confused Deputy')
CWE-446	UI Discrepancy for Security Feature
CWE-451	User Interface (UI) Misrepresentation of Critical Information
CWE-506	Embedded Malicious Code
CWE-514	Covert Channel
CWE-522	Insufficiently Protected Credentials
CWE-573	Improper Following of Specification by Caller
CWE-602	Client-Side Enforcement of Server-Side Security
CWE-610	Externally Controlled Reference to a Resource in Another Sphere
CWE-636	Not Failing Securely ('Failing Open')
CWE-637	Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')
CWE-638	Not Using Complete Mediation
CWE-642	External Control of Critical State Data
CWE-653	Improper Isolation or Compartmentalization
CWE-655	Insufficient Psychological Acceptability
CWE-656	Reliance on Security Through Obscurity
CWE-657	Violation of Secure Design Principles
CWE-662	Improper Synchronization
CWE-665	Improper Initialization
CWE-666	Operation on Resource in Wrong Phase of Lifetime
CWE-667	Improper Locking
CWE-668	Exposure of Resource to Wrong Sphere
CWE-669	Incorrect Resource Transfer Between Spheres
CWE-670	Always-Incorrect Control Flow Implementation
CWE-671	Lack of Administrator Control over Security
CWE-672	Operation on a Resource after Expiration or Release
CWE-673	External Influence of Sphere Definition
CWE-674	Uncontrolled Recursion
CWE-675	Multiple Operations on Resource in Single-Operation Context
CWE-684	Incorrect Provision of Specified Functionality
CWE-696	Incorrect Behavior Order
CWE-704	Incorrect Type Conversion or Cast
CWE-705	Incorrect Control Flow Scoping
CWE-706	Use of Incorrectly-Resolved Name or Reference
CWE-732	Incorrect Permission Assignment for Critical Resource
CWE-754	Improper Check for Unusual or Exceptional Conditions
CWE-755	Improper Handling of Exceptional Conditions
CWE-758	Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CWE-790	Improper Filtering of Special Elements
CWE-799	Improper Control of Interaction Frequency
CWE-834	Excessive Iteration
CWE-862	Missing Authorization
CWE-863	Incorrect Authorization
CWE-909	Missing Initialization of Resource
CWE-912	Hidden Functionality
CWE-913	Improper Control of Dynamically-Managed Code Resources
CWE-922	Insecure Storage of Sensitive Information
CWE-923	Improper Restriction of Communication Channel to Intended Endpoints
CWE-943	Improper Neutralization of Special Elements in Data Query Logic
CWE-1023	Incomplete Comparison with Missing Factors
CWE-1038	Insecure Automated Optimizations
CWE-1039	Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations
CWE-1059	Insufficient Technical Documentation
CWE-1061	Insufficient Encapsulation
CWE-1076	Insufficient Adherence to Expected Conventions
CWE-1078	Inappropriate Source Code Style or Formatting
CWE-1093	Excessively Complex Data Representation
CWE-1120	Excessive Code Complexity
CWE-1164	Irrelevant Code
CWE-1176	Inefficient CPU Computation
CWE-1177	Use of Prohibited Code
CWE-1229	Creation of Emergent Resource
CWE-1263	Improper Physical Access Control
CWE-1294	Insecure Security Identifier Mechanism
CWE-1357	Reliance on Insufficiently Trustworthy Component
CWE-1384	Improper Handling of Physical or Environmental Conditions
CWE-1390	Weak Authentication
CWE-1391	Use of Weak Credentials
CWE-1395	Dependency on Vulnerable Third-Party Component
CWE-1419	Incorrect Initialization of Resource

CWE-20

Improper Input Validation

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-75

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-99

Improper Control of Resource Identifiers ('Resource Injection')

CWE-114

Process Control

CWE-116

Improper Encoding or Escaping of Output

CWE-118

Incorrect Access of Indexable Resource ('Range Error')

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-138

Improper Neutralization of Special Elements

CWE-159

Improper Handling of Invalid Use of Special Elements

CWE-172

Encoding Error

CWE-185

Incorrect Regular Expression

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-221

Information Loss or Omission

CWE-228

Improper Handling of Syntactically Invalid Structure

CWE-269

Improper Privilege Management

CWE-271

Privilege Dropping / Lowering Errors

CWE-282

Improper Ownership Management

CWE-285

Improper Authorization

CWE-286

Incorrect User Management

CWE-287

Improper Authentication

CWE-300

Channel Accessible by Non-Endpoint

CWE-311

Missing Encryption of Sensitive Data

CWE-326

Inadequate Encryption Strength

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

CWE-330

Use of Insufficiently Random Values

CWE-340

Generation of Predictable Numbers or Identifiers

CWE-345

Insufficient Verification of Data Authenticity

CWE-346

Origin Validation Error

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-377

Insecure Temporary File

CWE-400

Uncontrolled Resource Consumption

CWE-402

Transmission of Private Resources into a New Sphere ('Resource Leak')

CWE-404

Improper Resource Shutdown or Release

CWE-405

Asymmetric Resource Consumption (Amplification)

CWE-406

Insufficient Control of Network Message Volume (Network Amplification)

CWE-407

Inefficient Algorithmic Complexity

CWE-424

Improper Protection of Alternate Path

CWE-436

Interpretation Conflict

CWE-441

Unintended Proxy or Intermediary ('Confused Deputy')

CWE-446

UI Discrepancy for Security Feature

CWE-451

User Interface (UI) Misrepresentation of Critical Information

CWE-506

Embedded Malicious Code

CWE-514

Covert Channel

CWE-522

Insufficiently Protected Credentials

CWE-573

Improper Following of Specification by Caller

CWE-602

Client-Side Enforcement of Server-Side Security

CWE-610

Externally Controlled Reference to a Resource in Another Sphere

CWE-636

Not Failing Securely ('Failing Open')

CWE-637

Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')

CWE-638

Not Using Complete Mediation

CWE-642

External Control of Critical State Data

CWE-653

Improper Isolation or Compartmentalization

CWE-655

Insufficient Psychological Acceptability

CWE-656

Reliance on Security Through Obscurity

CWE-657

Violation of Secure Design Principles

CWE-662

Improper Synchronization

CWE-665

Improper Initialization

CWE-666

Operation on Resource in Wrong Phase of Lifetime

CWE-667

Improper Locking

CWE-668

Exposure of Resource to Wrong Sphere

CWE-669

Incorrect Resource Transfer Between Spheres

CWE-670

Always-Incorrect Control Flow Implementation

CWE-671

Lack of Administrator Control over Security

CWE-672

Operation on a Resource after Expiration or Release

CWE-673

External Influence of Sphere Definition

CWE-674

Uncontrolled Recursion

CWE-675

Multiple Operations on Resource in Single-Operation Context

CWE-684

Incorrect Provision of Specified Functionality

CWE-696

Incorrect Behavior Order

CWE-704

Incorrect Type Conversion or Cast

CWE-705

Incorrect Control Flow Scoping

CWE-706

Use of Incorrectly-Resolved Name or Reference

CWE-732

Incorrect Permission Assignment for Critical Resource

CWE-754

Improper Check for Unusual or Exceptional Conditions

CWE-755

Improper Handling of Exceptional Conditions

CWE-758

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

CWE-790

Improper Filtering of Special Elements

CWE-799

Improper Control of Interaction Frequency

CWE-834

Excessive Iteration

CWE-862

Missing Authorization

CWE-863

Incorrect Authorization

CWE-909

Missing Initialization of Resource

CWE-912

Hidden Functionality

CWE-913

Improper Control of Dynamically-Managed Code Resources

CWE-922

Insecure Storage of Sensitive Information

CWE-923

Improper Restriction of Communication Channel to Intended Endpoints

CWE-943

Improper Neutralization of Special Elements in Data Query Logic

CWE-1023

Incomplete Comparison with Missing Factors

CWE-1038

Insecure Automated Optimizations

CWE-1039

Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations

CWE-1059

Insufficient Technical Documentation

CWE-1061

Insufficient Encapsulation

CWE-1076

Insufficient Adherence to Expected Conventions

CWE-1078

Inappropriate Source Code Style or Formatting

CWE-1093

Excessively Complex Data Representation

CWE-1120

Excessive Code Complexity

CWE-1164

Irrelevant Code

CWE-1176

Inefficient CPU Computation

CWE-1177

Use of Prohibited Code

CWE-1229

Creation of Emergent Resource

CWE-1263

Improper Physical Access Control

CWE-1294

Insecure Security Identifier Mechanism

CWE-1357

Reliance on Insufficiently Trustworthy Component

CWE-1384

Improper Handling of Physical or Environmental Conditions

CWE-1390

Weak Authentication

CWE-1391

Use of Weak Credentials

CWE-1395

Dependency on Vulnerable Third-Party Component

CWE-1419

Incorrect Initialization of Resource