QwikSec

Security Database

CVE

CWE

Training

CWE Database

Browse 969 weakness types

Top 25 Most Common Weaknesses

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-287

Improper Authentication

CWE-20

Improper Input Validation

CWE-352

Cross-Site Request Forgery (CSRF)

CWE-434

Unrestricted Upload of File with Dangerous Type

CWE-502

Deserialization of Untrusted Data

CWE-306

Missing Authentication for Critical Function

CWE-798

Use of Hard-coded Credentials

CWE-862

Missing Authorization

CWE-918

Server-Side Request Forgery (SSRF)

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-125

Out-of-bounds Read

CWE-787

Out-of-bounds Write

CWE-416

Use After Free

CWE-476

NULL Pointer Dereference

Pillar

10 weaknesses

IDNameStatus
CWE-284

Improper Access Control

Incomplete
CWE-435

Improper Interaction Between Multiple Correctly-Behaving Entities

Draft
CWE-664

Improper Control of a Resource Through its Lifetime

Draft
CWE-682

Incorrect Calculation

Draft
CWE-691

Insufficient Control Flow Management

Draft
CWE-693

Protection Mechanism Failure

Draft
CWE-697

Incorrect Comparison

Incomplete
CWE-703

Improper Check or Handling of Exceptional Conditions

Incomplete
CWE-707

Improper Neutralization

Incomplete
CWE-710

Improper Adherence to Coding Standards

Incomplete
Class

114 weaknesses

IDNameStatus
CWE-1023

Incomplete Comparison with Missing Factors

Incomplete
CWE-1038

Insecure Automated Optimizations

Draft
CWE-1039

Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism

Incomplete
CWE-1059

Insufficient Technical Documentation

Incomplete
CWE-1061

Insufficient Encapsulation

Incomplete
CWE-1076

Insufficient Adherence to Expected Conventions

Incomplete
CWE-1078

Inappropriate Source Code Style or Formatting

Incomplete
CWE-1093

Excessively Complex Data Representation

Incomplete
CWE-1120

Excessive Code Complexity

Incomplete
CWE-114

Process Control

Incomplete
CWE-116

Improper Encoding or Escaping of Output

Draft
CWE-1164

Irrelevant Code

Incomplete
CWE-1176

Inefficient CPU Computation

Incomplete
CWE-1177

Use of Prohibited Code

Incomplete
CWE-118

Incorrect Access of Indexable Resource ('Range Error')

Incomplete
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Stable
CWE-1229

Creation of Emergent Resource

Incomplete
CWE-1263

Improper Physical Access Control

Incomplete
CWE-1294

Insecure Security Identifier Mechanism

Incomplete
CWE-1357

Reliance on Insufficiently Trustworthy Component

Incomplete

Showing 20 of 114 class weaknesses

Base

539 weaknesses

IDNameStatus
CWE-1007

Insufficient Visual Distinction of Homoglyphs Presented to User

Incomplete
CWE-1021

Improper Restriction of Rendered UI Layers or Frames

Incomplete
CWE-1024

Comparison of Incompatible Types

Incomplete
CWE-1025

Comparison Using Wrong Factors

Incomplete
CWE-1037

Processor Optimization Removal or Modification of Security-critical Code

Incomplete
CWE-1041

Use of Redundant Code

Incomplete
CWE-1043

Data Element Aggregating an Excessively Large Number of Non-Primitive Elements

Incomplete
CWE-1044

Architecture with Number of Horizontal Layers Outside of Expected Range

Incomplete
CWE-1045

Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor

Incomplete
CWE-1046

Creation of Immutable Text Using String Concatenation

Incomplete
CWE-1047

Modules with Circular Dependencies

Incomplete
CWE-1048

Invokable Control Element with Large Number of Outward Calls

Incomplete
CWE-1049

Excessive Data Query Operations in a Large Data Table

Incomplete
CWE-1050

Excessive Platform Resource Consumption within a Loop

Incomplete
CWE-1051

Initialization with Hard-Coded Network Resource Configuration Data

Incomplete
CWE-1052

Excessive Use of Hard-Coded Literals in Initialization

Incomplete
CWE-1053

Missing Documentation for Design

Incomplete
CWE-1054

Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer

Incomplete
CWE-1055

Multiple Inheritance from Concrete Classes

Incomplete
CWE-1056

Invokable Control Element with Variadic Parameters

Incomplete

Showing 20 of 539 base weaknesses

Variant

299 weaknesses

IDNameStatus
CWE-1004

Sensitive Cookie Without 'HttpOnly' Flag

Incomplete
CWE-102

Struts: Duplicate Validation Forms

Incomplete
CWE-1022

Use of Web Link to Untrusted Target with window.opener Access

Incomplete
CWE-103

Struts: Incomplete validate() Method Definition

Draft
CWE-104

Struts: Form Bean Does Not Extend Validation Class

Draft
CWE-1042

Static Member Data Element outside of a Singleton Class Element

Incomplete
CWE-105

Struts: Form Field Without Validator

Draft
CWE-106

Struts: Plug-in Framework not in Use

Draft
CWE-1069

Empty Exception Block

Incomplete
CWE-107

Struts: Unused Validation Form

Draft
CWE-1077

Floating Point Comparison with Incorrect Operator

Incomplete
CWE-108

Struts: Unvalidated Action Form

Incomplete
CWE-109

Struts: Validator Turned Off

Draft
CWE-1096

Singleton Class Instance Creation without Proper Locking or Synchronization

Incomplete
CWE-11

ASP.NET Misconfiguration: Creating Debug Binary

Draft
CWE-110

Struts: Validator Without Form Field

Draft
CWE-111

Direct Use of Unsafe JNI

Draft
CWE-113

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Incomplete
CWE-1174

ASP.NET Misconfiguration: Improper Model Validation

Draft
CWE-12

ASP.NET Misconfiguration: Missing Custom Error Page

Draft

Showing 20 of 299 variant weaknesses

Compound

7 weaknesses

IDNameStatus
CWE-352

Cross-Site Request Forgery (CSRF)

Stable
CWE-384

Session Fixation

Incomplete
CWE-61

UNIX Symbolic Link (Symlink) Following

Incomplete
CWE-680

Integer Overflow to Buffer Overflow

Draft
CWE-689

Permission Race Condition During Resource Copy

Draft
CWE-690

Unchecked Return Value to NULL Pointer Dereference

Draft
CWE-692

Incomplete Denylist to Cross-Site Scripting

Draft