CWE dictionary
CWEid
Name
 
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-264
Permissions, Privileges, and Access Controls
CWE-352
Cross-Site Request Forgery (CSRF)
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-20
Improper Input Validation
CWE-200
Information Exposure
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-287
Improper Authentication
CWE-399
Resource Management Errors
CWE-189
Numeric Errors
CWE-592
Authentication Bypass Issues
CWE-310
Cryptographic Issues
CWE-434
Unrestricted Upload of File with Dangerous Type
CWE-16
Configuration
CWE-284
Improper Access Control
CWE-134
Uncontrolled Format String
CWE-476
NULL Pointer Dereference
CWE-255
Credentials Management
CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-121
Stack-based Buffer Overflow
CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE-285
Improper Authorization
CWE-269
Improper Privilege Management
CWE-306
Missing Authentication for Critical Function
CWE-276
Incorrect Default Permissions
CWE-23
Relative Path Traversal
CWE-321
Use of Hard-coded Cryptographic Key
CWE-611
Information Exposure Through XML External Entity Reference
CWE-502
Deserialization of Untrusted Data
CWE-538
File and Directory Information Exposure
CWE-319
Cleartext Transmission of Sensitive Information
CWE-522
Insufficiently Protected Credentials
CWE-123
Write-what-where Condition
CWE-427
Uncontrolled Search Path Element
CWE-428
Unquoted Search Path or Element
CWE-73
External Control of File Name or Path
CWE-345
Insufficient Verification of Data Authenticity
CWE-862
Missing Authorization
CWE-250
Execution with Unnecessary Privileges
CWE-259
Use of Hard-coded Password
CWE-266
Incorrect Privilege Assignment
CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-122
Heap-based Buffer Overflow
CWE-190
Integer Overflow or Wraparound
CWE-863
Incorrect Authorization
CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE-548
Information Exposure Through Directory Listing
CWE-295
Certificate Issues
CWE-312
Cleartext Storage of Sensitive Information
CWE-598
Information Exposure Through Query Strings in GET Request
CWE-639
Authorization Bypass Through User-Controlled Key
CWE-384
Session Fixation

Copyright 2024, cxsecurity.com

 

Back to Top