logo

View: Weaknesses Introduced During Implementation

Incomplete
Type: Implicit
Objective

This view (slice) lists weaknesses that can be introduced during implementation.

Membership
IDNameDescription
CWE-1004Sensitive Cookie Without 'HttpOnly' FlagThis vulnerability occurs when an application stores sensitive data in a cookie but fails to set the 'HttpOnly' flag, leaving the cookie accessible to client-side scripts.
CWE-1007Insufficient Visual Distinction of Homoglyphs Presented to UserThis vulnerability occurs when an application shows text or symbols to users without clearly distinguishing between characters that look identical or very similar (called homoglyphs). Because users can't easily tell these characters apart, they might misinterpret information and accidentally perform unsafe actions, like clicking a malicious link.
CWE-102Struts: Duplicate Validation FormsThis vulnerability occurs when an application defines multiple Struts validation forms with identical names. The framework then unpredictably selects only one form for validation, potentially bypassing intended security checks.
CWE-1021Improper Restriction of Rendered UI Layers or FramesThis vulnerability occurs when a web application fails to properly control whether its pages can be embedded within frames or UI layers from other websites, potentially misleading users about which site they are interacting with.
CWE-1022Use of Web Link to Untrusted Target with window.opener AccessThis vulnerability occurs when a web application links to an external, untrusted site without protecting its own window from being manipulated by that site. Specifically, it fails to prevent the external page from altering security-sensitive properties of the `window.opener` object, such as the page's location.
CWE-1023Incomplete Comparison with Missing FactorsThis weakness occurs when a program compares two items but fails to check all the necessary attributes that define their true relationship. The incomplete check can cause the software to treat different items as identical or make incorrect security decisions.
CWE-1024Comparison of Incompatible TypesThis vulnerability occurs when code directly compares two values of fundamentally different data types, which can lead to unreliable or incorrect results because the comparison logic doesn't handle the type mismatch properly.
CWE-1025Comparison Using Wrong FactorsThis weakness occurs when a program compares two items but checks the wrong properties or attributes. This flawed comparison leads to incorrect decisions, creating security and logic errors.
CWE-103Struts: Incomplete validate() Method DefinitionThis vulnerability occurs in a Struts application when a validator form either completely omits a validate() method or includes one but fails to call super.validate() within it.
CWE-1039Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition MechanismThis vulnerability occurs when a system uses automated AI or machine learning to classify complex inputs like images, audio, or text, but fails to correctly identify or process inputs that have been deliberately altered. Attackers can exploit this by crafting subtle modifications that cause the system to misclassify the input, leading to incorrect and potentially harmful decisions.
CWE-104Struts: Form Bean Does Not Extend Validation ClassThis vulnerability occurs in Apache Struts applications when a form bean class does not properly extend the framework's validation class. This bypasses the built-in Validator framework, leaving the application without structured input validation and open to various injection and data manipulation attacks.
CWE-105Struts: Form Field Without ValidatorThis vulnerability occurs when a Struts application form contains an input field that lacks a corresponding validator, leaving it open to unverified user input.
CWE-106Struts: Plug-in Framework not in UseThis weakness occurs when a Java application, particularly one using the Struts framework, does not implement a structured input validation plugin like the Struts Validator. Skipping this framework forces developers to write custom validation logic, which is often error-prone and increases the risk of security flaws from improperly handled user input.
CWE-1068Inconsistency Between Implementation and Documented DesignThis weakness occurs when the actual code implementation deviates from the intended design described in its official documentation, creating a mismatch between how the system is supposed to work and how it actually does.
CWE-107Struts: Unused Validation FormThis vulnerability occurs when a Struts application contains validation form definitions that are no longer linked to any active form or action, leaving outdated security rules in the codebase.
CWE-108Struts: Unvalidated Action FormIn Apache Struts, every Action Form that processes user input must have a corresponding validation form configured. Missing this validation exposes the application to unvalidated data.
CWE-109Struts: Validator Turned OffThis vulnerability occurs when an application built with Apache Struts intentionally disables its built-in validation framework. By turning off the Struts Validator bean, developers remove critical automatic input filtering and custom validation rules, leaving the application unprotected against malicious or malformed data.
CWE-11ASP.NET Misconfiguration: Creating Debug BinaryDeploying an ASP.NET application with debug binaries enabled exposes detailed system information, which attackers can use to map your infrastructure and plan targeted exploits.
CWE-110Struts: Validator Without Form FieldThis vulnerability occurs when a Struts application's validation configuration file references form fields that no longer exist in the corresponding ActionForm class. This mismatch indicates outdated validation logic that can fail to properly check user input.
CWE-111Direct Use of Unsafe JNIThis weakness occurs when a Java application directly calls native code through the Java Native Interface (JNI), exposing the entire application to security risks present in that external code, even if Java itself is safe from those specific flaws.
CWE-112Missing XML ValidationThis vulnerability occurs when an application processes XML data from an untrusted source without first validating its structure and content against a defined schema.
CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')This vulnerability occurs when an application accepts user-supplied data and includes it directly in HTTP headers without properly filtering out carriage return (CR) and line feed (LF) characters. This allows an attacker to inject new headers or split a single HTTP response into two separate responses, corrupting the intended communication flow.
CWE-114Process ControlProcess Control vulnerabilities occur when an application executes commands or loads libraries from an untrusted source or environment, allowing an attacker to run malicious code.
CWE-115Misinterpretation of InputThis vulnerability occurs when software incorrectly interprets or processes input data, leading to unintended and potentially harmful security consequences. The flawed interpretation can come from user-provided data, external systems, or other components.
CWE-116Improper Encoding or Escaping of OutputThis vulnerability occurs when an application builds a structured message—like a query, command, or request—for another component but fails to properly encode or escape user-supplied data. Because the output's structure isn't preserved, an attacker can inject malicious instructions that the receiving component will execute.
CWE-117Improper Output Neutralization for LogsThis vulnerability occurs when an application creates log entries using unvalidated external data, allowing attackers to inject malicious characters or commands that can corrupt log files, trigger parsing errors, or enable log injection attacks.
CWE-1173Improper Use of Validation FrameworkThis vulnerability occurs when a software application either fails to use or incorrectly implements a built-in or library-provided input validation framework.
CWE-1174ASP.NET Misconfiguration: Improper Model ValidationThis vulnerability occurs when an ASP.NET application either completely bypasses the built-in model validation system or implements it incorrectly, allowing untrusted data to flow into the application without proper checks.
CWE-1176Inefficient CPU ComputationThis weakness occurs when software uses inefficient algorithms or suboptimal CPU operations, performing unnecessary or overly complex calculations that waste processing power and slow down performance.
CWE-1177Use of Prohibited CodeThis vulnerability occurs when software incorporates a function, library, or third-party component that has been explicitly banned by the development team or the customer.
CWE-118Incorrect Access of Indexable Resource ('Range Error')This vulnerability occurs when software fails to properly check the boundaries of an indexed resource, like an array, buffer, or file, before accessing it. This allows reading from or writing to memory locations outside the intended range.
CWE-1189Improper Isolation of Shared Resources on System-on-a-Chip (SoC)This vulnerability occurs when a System-on-a-Chip (SoC) fails to properly separate shared hardware resources between secure (trusted) and non-secure (untrusted) components.
CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferThis vulnerability occurs when software accesses a memory buffer but reads from or writes to a location outside its allocated boundary. This can corrupt adjacent data, crash the program, or allow attackers to execute arbitrary code.
CWE-1191On-Chip Debug and Test Interface With Improper Access ControlThis vulnerability occurs when a hardware chip's debug or test interface (like JTAG) lacks proper access controls. Without correct authorization checks, unauthorized users can read or modify sensitive internal registers and bypass the chip's built-in security protections.
CWE-1192Improper Identifier for IP Block used in System-On-Chip (SOC)This weakness occurs when a System-on-Chip (SoC) lacks a secure, unique, and permanent identifier for its internal hardware components (IP blocks). Without this, the system cannot reliably distinguish between different parts of the chip, leading to security and reliability failures.
CWE-12ASP.NET Misconfiguration: Missing Custom Error PageThis vulnerability occurs when an ASP.NET application fails to configure custom error pages, allowing attackers to extract sensitive information from the framework's default error messages.
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')This vulnerability occurs when a program copies data from one memory location to another without first verifying that the source data will fit within the destination buffer's allocated space.
CWE-1204Generation of Weak Initialization Vector (IV)This vulnerability occurs when software uses a weak or predictable Initialization Vector (IV) for cryptographic operations. Many encryption algorithms require IVs to be both unique and unpredictable to ensure security, and failing to meet these requirements can compromise the entire encryption process.
CWE-1209Failure to Disable Reserved BitsThis vulnerability occurs when reserved bits in a hardware design are left active in production. Designers sometimes use these bits for debugging or future features, but if not disabled, attackers can manipulate them to compromise the hardware's state.
CWE-121Stack-based Buffer OverflowA stack-based buffer overflow occurs when a program writes more data to a buffer located on the call stack than it can hold, corrupting adjacent memory and potentially hijacking the program's execution flow.
CWE-122Heap-based Buffer OverflowA heap-based buffer overflow occurs when a program writes more data to a memory buffer allocated in the heap than it can hold, corrupting adjacent memory structures. This typically involves buffers created with functions like malloc(), calloc(), or realloc().
CWE-1220Insufficient Granularity of Access ControlThis vulnerability occurs when a system's access controls are too broad, allowing unauthorized users or processes to read or modify sensitive resources. Instead of implementing precise, fine-grained permissions, the security policy uses overly permissive rules that fail to properly restrict access to critical assets like configuration data, keys, or system registers.
CWE-1221Incorrect Register Defaults or Module ParametersThis vulnerability occurs when hardware description language (HDL) code sets insecure default values for hardware registers or configurable module parameters. These hardcoded values leave the hardware in an unsafe state after a reset, creating a permanent security weakness that software cannot patch.
CWE-1224Improper Restriction of Write-Once Bit FieldsThis vulnerability occurs when hardware write-once protection mechanisms, often called 'sticky bits,' are incorrectly implemented, allowing software to reprogram them multiple times.
CWE-123Write-what-where ConditionA write-what-where condition occurs when an attacker can control both the data written and the exact memory location where it's written, often due to a severe memory corruption flaw like a buffer overflow.
CWE-1231Improper Prevention of Lock Bit ModificationThis vulnerability occurs when hardware or firmware uses a lock bit to protect critical system registers or memory regions, but fails to properly prevent that lock bit from being changed after it has been enabled. This design flaw allows attackers to bypass hardware-enforced security restrictions.
CWE-1232Improper Lock Behavior After Power State TransitionThis vulnerability occurs when a hardware lock bit, designed to protect critical system configuration registers, is improperly reset or becomes programmable after a device transitions between power states, such as entering or waking from a low-power sleep mode. This allows the protected configuration to be altered after it should be permanently locked.
CWE-1233Security-Sensitive Hardware Controls with Missing Lock Bit ProtectionThis vulnerability occurs when a hardware device uses a lock bit to protect critical configuration registers, but the lock fails to prevent writes to all registers that can alter the protected system settings. Essentially, the security mechanism is incomplete, allowing software to bypass it and modify sensitive hardware configurations.
CWE-1234Hardware Internal or Debug Modes Allow Override of LocksHardware debug modes or internal states can bypass critical system lock protections, allowing unauthorized changes to device configuration.
CWE-1235Incorrect Use of Autoboxing and Unboxing for Performance Critical OperationsThis weakness occurs when a program relies on automatic boxing and unboxing of primitive types within performance-sensitive code sections, causing unnecessary computational overhead and potential resource strain.
CWE-1236Improper Neutralization of Formula Elements in a CSV FileThis vulnerability occurs when an application writes user-supplied data into a CSV file without properly sanitizing special characters. Spreadsheet programs like Excel or Google Sheets interpret entries starting with '=' as executable formulas, which can lead to malicious command execution when the file is opened.
CWE-1239Improper Zeroization of Hardware RegisterThis vulnerability occurs when a hardware component fails to properly erase sensitive data from its internal registers before a new user or process gains access to the hardware block.
CWE-124Buffer Underwrite ('Buffer Underflow')A buffer underwrite, also known as buffer underflow, happens when a program writes data to a memory location before the official start of a buffer.
CWE-1240Use of a Cryptographic Primitive with a Risky ImplementationThis weakness occurs when a product uses a custom, unverified, or non-compliant implementation of a cryptographic algorithm instead of a trusted, standard solution.
CWE-1241Use of Predictable Algorithm in Random Number GeneratorThis vulnerability occurs when a device or application relies on a predictable algorithm to generate pseudo-random numbers, making the output sequence foreseeable.
CWE-1242Inclusion of Undocumented Features or Chicken BitsThis vulnerability occurs when a hardware device or chip includes undocumented configuration bits (often called 'chicken bits') or hidden features that can disable security controls or enable privileged functions.
CWE-1243Sensitive Non-Volatile Information Not Protected During DebugThis vulnerability occurs when security-critical data stored in hardware fuses is left unprotected and accessible during debug modes.
CWE-1244Internal Asset Exposed to Unsafe Debug Access Level or StateThis vulnerability occurs when a system's debug or test interface supports multiple access levels, but an internal asset is incorrectly assigned a permissive debug access level. This mistake allows untrusted debug agents to access sensitive internal assets they should not be able to reach.
CWE-1245Improper Finite State Machines (FSMs) in Hardware LogicThis vulnerability occurs when hardware logic contains flawed Finite State Machines (FSMs). Attackers can exploit these design errors to force the system into an undefined or unstable condition, potentially leading to a denial of service (DoS) or allowing privilege escalation.
CWE-1246Improper Write Handling in Limited-write Non-Volatile MemoriesThis vulnerability occurs when a system fails to properly manage write operations on memory hardware that has a limited lifespan, such as Flash or EEPROM. Without correct wear leveling, specific memory cells wear out faster than intended, leading to premature device failure.
CWE-1249Application-Level Admin Tool with Inconsistent View of Underlying Operating SystemThis vulnerability occurs when an administrative tool (like a web interface or API) fails to accurately display the true state of the underlying operating system it manages. The tool's view becomes inconsistent with reality, hiding critical resources like user accounts, processes, or files from the administrator.
CWE-125Out-of-bounds ReadAn out-of-bounds read occurs when software accesses memory outside the boundaries of a buffer, array, or similar data structure, reading data it wasn't intended to see.
CWE-1253Incorrect Selection of Fuse ValuesThis vulnerability occurs when a hardware security fuse is incorrectly programmed to represent a 'secure' state as logic 0 (unblown). An attacker can permanently force the system into an insecure mode simply by blowing the fuse, which flips its value to logic 1.
CWE-1254Incorrect Comparison Logic GranularityThis vulnerability occurs when a system compares sensitive data, like passwords or authentication tokens, piece-by-piece instead of as a complete unit. If the comparison stops at the first mismatch, attackers can measure tiny timing differences to gradually guess the correct value.
CWE-1255Comparison Logic is Vulnerable to Power Side-Channel AttacksThis vulnerability occurs when a device's power consumption is monitored during security checks, allowing attackers to deduce secret reference values by analyzing subtle differences in energy usage during comparison operations.
CWE-1256Improper Restriction of Software Interfaces to Hardware FeaturesThis vulnerability occurs when a system's software interfaces to hardware features—like power, clock, or performance management—are not properly locked down. This allows attackers to misuse these interfaces from software to tamper with hardware memory or registers, or to gather sensitive data by observing physical side effects, without needing physical access to the device.
CWE-1257Improper Access Control Applied to Mirrored or Aliased Memory RegionsThis vulnerability occurs when a hardware design maps the same physical memory to multiple addresses (aliasing or mirroring) but fails to apply consistent read/write permissions across all these addresses. An attacker blocked from accessing a protected memory region might still reach the same data through its unprotected aliased address, bypassing security controls.
CWE-1258Exposure of Sensitive System Information Due to Uncleared Debug InformationThis vulnerability occurs when hardware fails to erase sensitive data like cryptographic keys and intermediate values before entering debug mode, leaving them exposed.
CWE-1259Improper Restriction of Security Token AssignmentThis vulnerability occurs when a System-on-a-Chip (SoC) fails to properly secure its Security Token mechanism. These tokens control which actions different system components are allowed to perform, but inadequate protection allows them to be manipulated.
CWE-126Buffer Over-readThis vulnerability occurs when a program reads data from a memory buffer using an index or pointer that points beyond the buffer's allocated boundary, accessing unintended memory locations.
CWE-1260Improper Handling of Overlap Between Protected Memory RangesThis vulnerability occurs when a system incorrectly allows different memory protection ranges to overlap. This flaw can let attackers bypass security controls and access restricted memory areas.
CWE-1261Improper Handling of Single Event UpsetsThis vulnerability occurs when hardware logic fails to properly manage single-event upsets (SEUs), which are temporary bit flips caused by environmental factors.
CWE-1262Improper Access Control for Register InterfaceThis vulnerability occurs when a system's hardware registers, which act as a software-to-hardware control panel, lack proper access restrictions. Malicious or flawed software can directly manipulate these registers, leading to unauthorized changes in hardware behavior.
CWE-1264Hardware Logic with Insecure De-Synchronization between Control and Data ChannelsThis vulnerability occurs when a hardware design incorrectly forwards data before its security or permission checks have finished processing. It's a timing flaw where the data channel gets ahead of the control channel, potentially leaking information.
CWE-1266Improper Scrubbing of Sensitive Data from Decommissioned DeviceThis vulnerability occurs when a system lacks a reliable method for administrators to permanently erase sensitive information before taking hardware or software out of service. The data scrubbing feature might be missing, ineffective, or flawed, leaving confidential data behind.
CWE-1267Policy Uses Obsolete EncodingThis vulnerability occurs when a hardware system uses outdated or deprecated encoding methods to enforce security policies and access controls.
CWE-1268Policy Privileges are not Assigned Consistently Between Control and Data AgentsThis vulnerability occurs when hardware access control policies are inconsistent, allowing an agent with control privileges to modify write permissions even when it shouldn't have direct write access.
CWE-1269Product Released in Non-Release ConfigurationThis vulnerability occurs when a product ships to customers while still configured with its pre-production or manufacturing settings, which typically include powerful debugging and testing features not intended for real-world use.
CWE-127Buffer Under-readA buffer under-read occurs when a program attempts to read data from a memory location positioned before the start of an allocated buffer.
CWE-1270Generation of Incorrect Security TokensThis vulnerability occurs when a system's security token mechanism, designed to control permissions for different entities or agents, generates tokens that are fundamentally flawed or incorrect.
CWE-1271Uninitialized Value on Reset for Registers Holding Security SettingsSecurity-critical hardware registers start with random, unpredictable values when a device powers on or resets, creating an immediate vulnerability window before software can initialize them.
CWE-1275Sensitive Cookie with Improper SameSite AttributeThis vulnerability occurs when a sensitive cookie does not have a secure SameSite attribute configured, leaving it exposed to cross-site request forgery (CSRF) attacks.
CWE-1276Hardware Child Block Incorrectly Connected to Parent SystemThis vulnerability occurs when a hardware component (IP block) is wired incorrectly to the main system, creating hidden security flaws even if basic functions appear to work.
CWE-1277Firmware Not UpdateableThis vulnerability occurs when a hardware product lacks a mechanism for users to install firmware updates, leaving known security flaws permanently unpatched.
CWE-1279Cryptographic Operations are run Before Supporting Units are ReadyThis vulnerability occurs when cryptographic processes start before their required dependencies are properly initialized and ready to supply valid data, potentially compromising security.
CWE-128Wrap-around ErrorA wrap-around error happens when a variable exceeds the maximum value its data type can hold, causing it to unexpectedly reset to a very small, negative, or undefined number instead of increasing further.
CWE-1280Access Control Check Implemented After Asset is AccessedThis vulnerability occurs when a hardware-based security check runs after the protected resource has already been accessed, creating a dangerous timing window.
CWE-1281Sequence of Processor Instructions Leads to Unexpected BehaviorCertain sequences of valid and invalid processor instructions can cause the CPU to lock up or behave unpredictably, often requiring a hard reset to recover.
CWE-1282Assumed-Immutable Data is Stored in Writable MemoryThis vulnerability occurs when data that should be permanent and unchangeable—like a bootloader, device IDs, or one-time configuration settings—is placed in memory that can be rewritten or updated after deployment.
CWE-1283Mutable Attestation or Measurement Reporting DataThis vulnerability occurs when the hardware registers storing boot integrity measurements can be altered by an attacker, allowing them to forge verification data and hide a compromised boot process.
CWE-1284Improper Validation of Specified Quantity in InputThis vulnerability occurs when an application accepts user input meant to define a quantity—like a number, size, or count—but fails to properly check if that value is safe and reasonable before using it.
CWE-1285Improper Validation of Specified Index, Position, or Offset in InputThis vulnerability occurs when software accepts user input to determine a location—like an array index, file position, or memory offset—but fails to properly check if that location is safe and valid before using it.
CWE-1286Improper Validation of Syntactic Correctness of InputThis vulnerability occurs when software expects input in a specific, well-structured format but fails to properly check that the incoming data actually follows those rules.
CWE-1287Improper Validation of Specified Type of InputThis vulnerability occurs when software expects a specific type of data as input but fails to properly check that the incoming data actually matches that type.
CWE-1288Improper Validation of Consistency within InputThis vulnerability occurs when an application accepts structured input containing multiple related fields but fails to verify that the values across those fields are logically consistent with each other.
CWE-1289Improper Validation of Unsafe Equivalence in InputThis vulnerability occurs when an application accepts user input as a reference (like a file path or resource identifier) but fails to properly check if that input is functionally equivalent to a dangerous or restricted value.
CWE-129Improper Validation of Array IndexThis vulnerability occurs when software uses unverified, external input to calculate or access an array index, without properly checking that the index points to a valid location within the array's bounds.
CWE-1290Incorrect Decoding of Security Identifiers This vulnerability occurs when a hardware decoder incorrectly interprets security identifiers in bus transactions, allowing untrusted agents to gain unauthorized access to protected assets.
CWE-1291Public Key Re-Use for Signing both Debug and Production CodeThis vulnerability occurs when the same cryptographic key is used to sign both development/debug software builds and final production releases. This insecure practice allows debug versions, which often contain powerful diagnostic features, to be validated and run on live production systems.
CWE-1292Incorrect Conversion of Security IdentifiersThis vulnerability occurs when a hardware system incorrectly translates security identifiers during bus protocol conversion. An improper mapping allows untrusted agents to bypass security checks and gain unauthorized access to protected assets or functions.
CWE-1293Missing Source Correlation of Multiple Independent DataThis vulnerability occurs when a system trusts a single source of data without verification, making it impossible to detect if that source has been tampered with or compromised by an attacker.
CWE-1294Insecure Security Identifier MechanismThis vulnerability occurs when a System-on-Chip (SoC) implements a Security Identifier mechanism to control transaction permissions, but the implementation contains flaws that undermine its security.
CWE-1295Debug Messages Revealing Unnecessary InformationThe product's debug messages or logs expose excessive internal system details, potentially revealing sensitive information that could aid an attacker.
CWE-1296Incorrect Chaining or Granularity of Debug ComponentsThis vulnerability occurs when hardware debug components, such as test ports and scan chains, are incorrectly connected or organized within a chip's design. This misconfiguration can create unintended access paths, potentially exposing sensitive internal data or functions.
CWE-1297Unprotected Confidential Information on Device is Accessible by OSAT VendorsThis vulnerability occurs when a semiconductor chip does not properly secure sensitive data, making it accessible to third-party Outsourced Semiconductor Assembly and Test (OSAT) vendors during the manufacturing process.
CWE-1298Hardware Logic Contains Race ConditionsA hardware race condition occurs when security-critical logic circuits receive signals at slightly different times, creating temporary glitches that can bypass system protections.
CWE-1299Missing Protection Mechanism for Alternate Hardware InterfaceThis vulnerability occurs when a hardware component's security controls only protect the primary access path, leaving alternate interfaces unprotected. Attackers can bypass intended restrictions by accessing sensitive assets through these unguarded backdoors, such as shadow registers or other external-facing ports.
CWE-13ASP.NET Misconfiguration: Password in Configuration FileThis vulnerability occurs when an ASP.NET application stores passwords or other sensitive credentials in plaintext within configuration files like web.config. This exposes those credentials to anyone with file system access, effectively bypassing security controls and granting unauthorized access to protected resources.
CWE-130Improper Handling of Length Parameter InconsistencyThis vulnerability occurs when a program reads a structured data packet or message but fails to properly validate that the declared length field matches the actual amount of data provided.
CWE-1300Improper Protection of Physical Side ChannelsThis vulnerability occurs when a hardware device lacks adequate safeguards against physical side-channel attacks. Attackers can exploit measurable patterns in power usage, electromagnetic radiation, or even sound emissions to uncover sensitive information like encryption keys.
CWE-1301Insufficient or Incomplete Data Removal within Hardware ComponentThe product's data removal process fails to completely erase all data from hardware components, potentially leaving sensitive information behind.
CWE-1302Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)This vulnerability occurs when a System-On-Chip (SoC) component sends a transaction without its required security identifier. The destination hardware cannot properly verify permissions, leading to unintended access or system failure.
CWE-1303Non-Transparent Sharing of Microarchitectural ResourcesThis vulnerability occurs when a processor's internal performance features, like caches and branch predictors, are unintentionally shared between different software contexts. This breaks the expected isolation, allowing data to leak across security boundaries.
CWE-131Incorrect Calculation of Buffer SizeThis vulnerability occurs when a program miscalculates the amount of memory needed for a buffer, potentially leading to a buffer overflow that can crash the software or allow attackers to execute malicious code.
CWE-1310Missing Ability to Patch ROM CodeA system or System-on-Chip (SoC) lacks a mechanism to update its initial boot code stored in Read-Only Memory (ROM), permanently exposing devices to unfixable security vulnerabilities.
CWE-1311Improper Translation of Security Attributes by Fabric BridgeThis vulnerability occurs when a hardware bridge incorrectly converts security attributes between different fabric protocols, potentially changing a transaction's identity from trusted to untrusted or vice versa during protocol translation.
CWE-1312Missing Protection for Mirrored Regions in On-Chip Fabric FirewallAn on-chip fabric firewall fails to apply its security rules to mirrored memory or MMIO regions, only protecting the primary address range. This allows attackers to bypass read/write restrictions by targeting the unprotected mirrored copies.
CWE-1313Hardware Allows Activation of Test or Debug Logic at RuntimeThis vulnerability occurs when hardware includes test or debug features that remain accessible during normal operation. An attacker can activate these features at runtime to alter the hardware's state, bypass security controls, and potentially leak or manipulate sensitive data.
CWE-1314Missing Write Protection for Parametric Data ValuesThis vulnerability occurs when a hardware device fails to protect the scaling parameters used to convert raw sensor readings. Untrusted software can alter these conversion factors, making dangerous conditions appear safe and potentially leading to hardware damage or system failure.
CWE-1315Improper Setting of Bus Controlling Capability in Fabric End-pointThis vulnerability occurs when a hardware fabric endpoint is incorrectly configured to grant bus controller privileges to a device that should only respond to requests. This allows an unauthorized device to initiate and control data transactions across the system bus.
CWE-1316Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected RangesThis vulnerability occurs when a hardware fabric's address map incorrectly allows protected and unprotected memory regions to overlap. Attackers can exploit this overlap to bypass security controls and access restricted data or functions.
CWE-1317Improper Access Control in Fabric BridgeThis vulnerability occurs when a hardware fabric bridge, which connects different IP blocks on a chip, fails to properly verify access permissions for transactions passing through it. The bridge forwards requests without checking the master's privilege level or the hardware identity, effectively bypassing critical security controls.
CWE-1318Missing Support for Security Features in On-chip Fabrics or BusesThis vulnerability occurs when the communication channels (fabrics or buses) within a chip lack built-in or enabled security features, such as privilege separation or access controls, leaving data transfers unprotected.
CWE-1319Improper Protection against Electromagnetic Fault Injection (EM-FI)This vulnerability occurs when a hardware device lacks sufficient shielding against electromagnetic interference, allowing attackers to disrupt its internal operations. By inducing targeted electromagnetic pulses, an attacker can force the device to malfunction, potentially bypassing security checks or leaking sensitive data.
CWE-1320Improper Protection for Outbound Error Messages and Alert SignalsThis vulnerability occurs when hardware alert systems for critical conditions, like overheating or power surges, lack proper security. Untrusted software or agents can disable these warnings or trigger false alarms, preventing the system from taking protective actions.
CWE-1321Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')Prototype pollution occurs when an application takes user-supplied input and uses it to improperly modify the properties of a JavaScript object's prototype. This allows attackers to inject key-value pairs into the base object, potentially altering the application's logic, crashing it, or escalating privileges.
CWE-1322Use of Blocking Code in Single-threaded, Non-blocking ContextThis vulnerability occurs when an application designed to be single-threaded and non-blocking, for performance and scalability, inadvertently executes code that can block the entire process. If an attacker can trigger this blocking code, it can cause the application to freeze, leading to a denial of service.
CWE-1323Improper Management of Sensitive Trace DataThis vulnerability occurs when sensitive trace data from a System-on-Chip (SoC), such as information from CPUs or cryptographic modules, is stored in unsecured memory or transmitted to unauthorized debuggers, potentially exposing confidential information.
CWE-1325Improperly Controlled Sequential Memory AllocationThis vulnerability occurs when a system allocates memory separately for each item in a collection but fails to enforce a global limit on the total memory used by all items combined.
CWE-1326Missing Immutable Root of Trust in HardwareThis vulnerability occurs when a hardware chip lacks a permanent, unchangeable root of trust. Without this immutable foundation, attackers can bypass secure boot protections and run unauthorized or malicious code during the system startup process.
CWE-1328Security Version Number Mutable to Older VersionsThis vulnerability occurs when a hardware system's security version number can be changed, allowing an attacker to downgrade or roll back the boot firmware to older, vulnerable versions.
CWE-1329Reliance on Component That is Not UpdateableThis vulnerability occurs when a product depends on a component that cannot be updated or patched to fix security flaws or critical bugs.
CWE-1330Remanent Data Readable after Memory EraseSensitive data stored in memory hardware can still be accessed or reconstructed even after a standard clear or erase command has been executed.
CWE-1331Improper Isolation of Shared Resources in Network On Chip (NoC)This vulnerability occurs when a Network on Chip (NoC) fails to properly separate its internal, shared resources—like buffers, switches, and channels—between trusted and untrusted components. This lack of isolation creates a timing side-channel, allowing untrusted agents to potentially infer sensitive data from trusted ones.
CWE-1332Improper Handling of Faults that Lead to Instruction SkipsThis vulnerability occurs when a hardware device lacks or incorrectly implements the necessary circuitry or sensors to detect and respond to the skipping of critical security instructions during CPU execution.
CWE-1333Inefficient Regular Expression ComplexityThis vulnerability occurs when an application uses a poorly constructed regular expression that can trigger catastrophic backtracking, leading to extreme CPU consumption and potential denial-of-service.
CWE-1334Unauthorized Error Injection Can Degrade Hardware RedundancyThis vulnerability occurs when an attacker without proper permissions can deliberately inject faults into a hardware system's backup components. This action disables the redundancy, forcing the system into a less secure, degraded state.
CWE-1335Incorrect Bitwise Shift of IntegerThis vulnerability occurs when a program attempts to shift an integer's bits by an invalid amount—either a negative number or a value equal to or greater than the integer's bit width (e.g., shifting a 32-bit integer by 32 or more places). This leads to unpredictable and platform-dependent results.
CWE-1336Improper Neutralization of Special Elements Used in a Template EngineThis vulnerability occurs when an application uses a template engine to process user-controlled input but fails to properly sanitize special syntax characters. Attackers can inject template expressions or directives that the engine executes, leading to unintended code execution.
CWE-1338Improper Protections Against Hardware OverheatingThis vulnerability occurs when a hardware device lacks sufficient safeguards to prevent dangerous temperature increases during operation.
CWE-1339Insufficient Precision or Accuracy of a Real NumberThis vulnerability occurs when a program uses a data type or algorithm that cannot accurately represent or calculate the fractional part of a real number, leading to incorrect results in security-critical operations.
CWE-134Use of Externally-Controlled Format StringThis vulnerability occurs when a program uses a format string from an untrusted, external source (like user input, a network packet, or a file) in a formatting function (e.g., printf, sprintf). An attacker can craft a malicious format string to read or write memory, potentially crashing the application or executing arbitrary code.
CWE-1341Multiple Releases of Same Resource or HandleThis vulnerability occurs when a program incorrectly tries to close or release the same system resource—like memory, a file, or a network connection—more than once. This double-free or double-close violates the API's contract and leads to unpredictable and often dangerous behavior.
CWE-135Incorrect Calculation of Multi-Byte String LengthThis vulnerability occurs when software incorrectly measures the length of strings containing multi-byte or wide characters, leading to buffer overflows, data corruption, or crashes.
CWE-1351Improper Handling of Hardware Behavior in Exceptionally Cold EnvironmentsThis weakness occurs when a hardware device or its firmware lacks proper safeguards to maintain security functions when operated in extremely cold temperatures. Designers may fail to anticipate how critical components, like memory or security primitives, behave outside their standard operating range, creating exploitable gaps.
CWE-138Improper Neutralization of Special ElementsThis vulnerability occurs when an application accepts external input but fails to properly sanitize special characters or syntax that have specific meanings in the target interpreter or protocol. This allows attackers to inject control elements that alter how downstream components process the data.
CWE-1385Missing Origin Validation in WebSocketsThis vulnerability occurs when a WebSocket connection is established without verifying the origin of incoming messages, allowing potentially malicious data from untrusted sources.
CWE-1386Insecure Operation on Windows Junction / Mount PointThis vulnerability occurs when a Windows application opens a file or directory without properly validating that the path is not a symbolic link (junction or mount point) pointing to a location outside the application's intended security boundary.
CWE-1389Incorrect Parsing of Numbers with Different RadicesThis vulnerability occurs when software processes numeric input expecting standard decimal numbers (base 10), but fails to handle inputs formatted in other bases like octal or hexadecimal. This mismatch leads to the system interpreting the same digits as a completely different numeric value.
CWE-1390Weak AuthenticationThis vulnerability occurs when a system's login or identity verification process is too easy to bypass or fool. While it attempts to check who a user claims to be, the checks are insufficient, allowing attackers to impersonate legitimate users.
CWE-1395Dependency on Vulnerable Third-Party ComponentThis vulnerability occurs when your software relies on an external library, framework, or module that contains known security flaws.
CWE-14Compiler Removal of Code to Clear BuffersA compiler optimization can remove security-critical code intended to wipe sensitive data from memory, leaving secrets exposed. This happens when the compiler identifies buffer-clearing operations as unnecessary 'dead stores' and eliminates them.
CWE-140Improper Neutralization of DelimitersThis vulnerability occurs when an application fails to properly handle or sanitize delimiter characters within data inputs, allowing them to be misinterpreted by downstream systems.
CWE-141Improper Neutralization of Parameter/Argument DelimitersThis vulnerability occurs when an application fails to properly sanitize special characters that act as delimiters in data being passed between system components. Attackers can inject these characters to manipulate how downstream processes interpret command arguments or parameter lists.
CWE-1419Incorrect Initialization of ResourceThis weakness occurs when a system fails to properly set up a resource during its creation, leaving it in an unstable, incorrect, or insecure state when used later.
CWE-142Improper Neutralization of Value DelimitersThis vulnerability occurs when an application fails to properly sanitize or escape special characters that act as data separators (delimiters) before passing that data to another system or component. An attacker can inject these characters to manipulate how the downstream process interprets the data structure.
CWE-1420Exposure of Sensitive Information during Transient ExecutionTransient execution vulnerabilities occur when a processor speculatively runs operations that don't officially commit, potentially leaking sensitive data through covert side channels like cache timing.
CWE-1421Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient ExecutionThis vulnerability occurs when a processor's speculative execution (transient operations) can temporarily access restricted data from another security domain. This sensitive information can leave traces in shared hardware structures like CPU caches, where an attacker could potentially retrieve it using a covert channel attack.
CWE-1423Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient ExecutionThis vulnerability occurs when separate software components, like different processes or virtual machines, share the processor's internal prediction mechanisms. An attacker can manipulate these shared predictors to trigger speculative execution in a victim component, potentially leaking sensitive data across a security boundary via covert side channels.
CWE-1426Improper Validation of Generative AI OutputThis vulnerability occurs when an application uses a generative AI model (like an LLM) but fails to properly check the AI's output before using it. Without this validation, the AI's responses might contain security flaws, harmful content, or data leaks that violate the application's intended policies.
CWE-1427Improper Neutralization of Input Used for LLM PromptingThis vulnerability occurs when an application builds prompts for a Large Language Model (LLM) using external data, but does so in a way that the LLM cannot tell the difference between the developer's intended instructions and the user's potentially malicious input. This allows an attacker to 'hijack' the prompt and make the model ignore its original guidelines.
CWE-1428Reliance on HTTP instead of HTTPSThis vulnerability occurs when an application uses unencrypted HTTP connections instead of the secure HTTPS alternative, even when HTTPS is available.
CWE-1429Missing Security-Relevant Feedback for Unexecuted Operations in Hardware InterfaceThis vulnerability occurs when a hardware interface discards operations without providing any security-relevant feedback, such as error notifications or logs. This silence prevents the timely detection of critical failures or active attacks, leaving systems vulnerable to undetected compromise.
CWE-143Improper Neutralization of Record DelimitersThis vulnerability occurs when an application fails to properly sanitize or escape special characters that function as record separators in data streams. When untrusted input containing these delimiters is passed to a downstream system, it can corrupt data structures, cause misinterpretation of records, or trigger unauthorized actions.
CWE-1431Driving Intermediate Cryptographic State/Results to Hardware Module OutputsThis vulnerability occurs when a hardware cryptographic module leaks sensitive internal data through its output channels. Instead of only providing the final encrypted or decrypted result, the module inadvertently exposes intermediate calculation states or partial results via its output wires or ports.
CWE-144Improper Neutralization of Line DelimitersThis vulnerability occurs when an application fails to properly sanitize or escape line break characters (like newline or carriage return) in user-supplied input before passing that data to another system or component.
CWE-145Improper Neutralization of Section DelimitersThis vulnerability occurs when an application fails to properly sanitize or validate special characters that act as section delimiters in data streams. When this unsanitized input is passed to another component, these delimiters can be misinterpreted, leading to incorrect data parsing or unintended behavior.
CWE-146Improper Neutralization of Expression/Command DelimitersThis vulnerability occurs when an application fails to properly sanitize input that contains special characters used as delimiters in expressions or commands. When this unsanitized input is passed to another component for processing, those characters can be misinterpreted, altering the intended logic or structure.
CWE-147Improper Neutralization of Input TerminatorsThis vulnerability occurs when an application accepts external input but fails to properly handle special characters that downstream systems interpret as commands to stop processing data.
CWE-148Improper Neutralization of Input LeadersThis vulnerability occurs when an application fails to properly validate or handle input that begins with special control characters or sequences, known as 'leaders.' Issues arise when a required leader is missing, malformed, or when too many leaders are present where only one is expected.
CWE-149Improper Neutralization of Quoting SyntaxThis vulnerability occurs when an application fails to properly validate or escape quote characters (like single ' or double " quotes) in user input. Attackers can inject these quotes to manipulate how the system interprets data, often breaking out of intended data fields to execute unauthorized commands or alter program logic.
CWE-15External Control of System or Configuration SettingThis vulnerability occurs when an application allows users to directly modify critical system settings or configuration values from an external source.
CWE-150Improper Neutralization of Escape, Meta, or Control SequencesThis vulnerability occurs when an application fails to properly sanitize or escape special character sequences in user-supplied input before passing that data to another system or component. Attackers can inject escape, meta, or control sequences to manipulate how the downstream component interprets the data, often leading to command execution, data corruption, or unauthorized actions.
CWE-151Improper Neutralization of Comment DelimitersThis vulnerability occurs when an application accepts user input and fails to properly sanitize characters that can be interpreted as comment markers (like /*, */, //, #, or <!--) before passing that data to another system component. This allows an attacker to inject malicious comments that can break data processing, alter logic, or expose sensitive information.
CWE-152Improper Neutralization of Macro SymbolsThis vulnerability occurs when an application accepts user input containing macro symbols (like those used in templates or configuration files) and passes it along without properly sanitizing it. This allows attackers to inject malicious macro commands that get executed by downstream systems, potentially leading to data manipulation, system access, or other unintended behaviors.
CWE-153Improper Neutralization of Substitution CharactersThis vulnerability occurs when an application accepts user input and fails to properly sanitize special characters that can trigger command or variable substitution before passing that data to another system component. This allows attackers to inject malicious substitutions that alter the system's intended behavior.
CWE-154Improper Neutralization of Variable Name DelimitersThis vulnerability occurs when an application fails to properly sanitize or escape special characters that act as delimiters for variable names before passing data to another component. Attackers can inject these delimiters to manipulate how variables are interpreted.
CWE-155Improper Neutralization of Wildcards or Matching SymbolsThis vulnerability occurs when an application fails to properly sanitize user-supplied input containing wildcard characters (like *, ?, or [ ]) before passing it to a command or function that interprets them as pattern-matching symbols.
CWE-156Improper Neutralization of WhitespaceThis vulnerability occurs when an application fails to properly handle or sanitize whitespace characters in input before passing that data to another system component. This allows special whitespace elements to be interpreted incorrectly downstream, potentially altering how the data is processed.
CWE-157Failure to Sanitize Paired DelimitersThis vulnerability occurs when an application fails to properly validate or neutralize the special characters that come in pairs to define boundaries, such as parentheses, brackets, quotes, or braces. Attackers can exploit this oversight to manipulate data structure, inject malicious code, or cause the application to crash.
CWE-158Improper Neutralization of Null Byte or NUL CharacterThis weakness occurs when an application receives data but fails to properly handle or remove NUL characters (\0) before passing that data to another system component.
CWE-159Improper Handling of Invalid Use of Special ElementsThis vulnerability occurs when an application fails to properly validate or neutralize special characters and control elements within user-supplied input. Without this filtering, attackers can inject these elements to manipulate the application's logic, leading to security breaches or system instability.
CWE-160Improper Neutralization of Leading Special ElementsThis vulnerability occurs when an application accepts external input but fails to properly sanitize leading special characters or commands before passing that data to another system component. This allows an attacker to inject unexpected instructions at the beginning of the data stream.
CWE-161Improper Neutralization of Multiple Leading Special ElementsThis vulnerability occurs when an application accepts external input but fails to properly sanitize multiple special characters or sequences at the beginning of that input before passing it to another system component. This allows an attacker to inject unexpected commands or data structures.
CWE-162Improper Neutralization of Trailing Special ElementsThis vulnerability occurs when an application fails to properly sanitize or remove trailing special characters from user-supplied input before passing it to another system component. These leftover characters can trick the downstream parser into executing unintended commands or altering the data flow.
CWE-163Improper Neutralization of Multiple Trailing Special ElementsThis vulnerability occurs when software accepts external input but fails to properly sanitize or incorrectly handles multiple trailing special characters or elements. When this unsanitized data is passed to another system component, these elements can be interpreted in harmful, unintended ways.
CWE-164Improper Neutralization of Internal Special ElementsThis vulnerability occurs when an application accepts data from a source but fails to properly sanitize internal control elements or metadata before passing it to another internal component. This can cause the downstream component to misinterpret the data and perform unintended actions.
CWE-165Improper Neutralization of Multiple Internal Special ElementsThis vulnerability occurs when an application accepts external input but fails to properly sanitize multiple internal control characters or delimiters before passing that data to another internal component. This can cause the downstream component to misinterpret the data and execute unintended commands.
CWE-166Improper Handling of Missing Special ElementThis vulnerability occurs when software expects a specific delimiter, terminator, or other special marker in its input but fails to properly handle situations where that element is absent. The application may then misinterpret boundaries, leading to crashes, data corruption, or security breaches.
CWE-167Improper Handling of Additional Special ElementThis vulnerability occurs when software receives data from another component but fails to properly process or validate unexpected special characters or control elements within that input.
CWE-168Improper Handling of Inconsistent Special ElementsThis vulnerability occurs when software fails to correctly process input containing conflicting or mismatched special elements like characters, symbols, or reserved keywords.
CWE-170Improper Null TerminationThis weakness occurs when software fails to properly end a string or array with the required null character or equivalent terminator.
CWE-172Encoding ErrorThis vulnerability occurs when software incorrectly transforms data between different formats, leading to corrupted or misinterpreted information that can break functionality or create security gaps.
CWE-173Improper Handling of Alternate EncodingThis vulnerability occurs when software fails to correctly process input that arrives in a different character encoding than expected, allowing that input to bypass security checks or cause misinterpretation.
CWE-174Double Decoding of the Same DataThis vulnerability occurs when an application decodes the same piece of data twice in sequence. This double processing can bypass or neutralize security checks that happen after the first decode, leaving the system exposed.
CWE-175Improper Handling of Mixed EncodingThis vulnerability occurs when software fails to correctly process input that contains multiple character encodings within the same data stream.
CWE-176Improper Handling of Unicode EncodingThis vulnerability occurs when software fails to correctly process or interpret Unicode-encoded input, leading to security bypasses, data corruption, or unexpected behavior.
CWE-177Improper Handling of URL Encoding (Hex Encoding)This vulnerability occurs when an application fails to correctly process URL-encoded (also known as percent-encoded or hex-encoded) input, either by double-decoding it, not decoding it at all, or inconsistently handling encoded characters across different security checks.
CWE-178Improper Handling of Case SensitivityThis vulnerability occurs when software fails to consistently handle uppercase and lowercase letters when checking or accessing resources, leading to unpredictable behavior and security gaps.
CWE-179Incorrect Behavior Order: Early ValidationThis vulnerability occurs when an application validates user input before applying security filters or data normalization. Attackers can exploit this order of operations by submitting specially crafted input that passes the initial validation but becomes malicious after the application's filters or canonicalization processes modify it.
CWE-180Incorrect Behavior Order: Validate Before CanonicalizeThis vulnerability occurs when a system checks user input for malicious content before standardizing its format, allowing specially crafted data to bypass security checks.
CWE-181Incorrect Behavior Order: Validate Before FilterThis vulnerability occurs when a system checks user input for validity before cleaning or filtering it. This flawed sequence allows malicious data to pass validation, only to be altered by later filters into a dangerous form.
CWE-182Collapse of Data into Unsafe ValueThis vulnerability occurs when an application's data filtering or transformation process incorrectly merges or simplifies information, producing a result that violates security rules. Essentially, safe input gets collapsed into a dangerous value.
CWE-183Permissive List of Allowed InputsThis vulnerability occurs when an application's security filter uses an allowlist that is too broad, mistakenly permitting dangerous inputs that should have been blocked. The flawed assumption that everything on the list is safe creates a direct path for attackers to exploit the system.
CWE-184Incomplete List of Disallowed InputsThis vulnerability occurs when a security filter or validation mechanism relies on a 'denylist'—a predefined list of forbidden inputs—but that list is missing critical entries. Attackers can bypass the protection by using variations or inputs the developers didn't anticipate.
CWE-185Incorrect Regular ExpressionThis vulnerability occurs when a regular expression is written incorrectly, causing it to match or validate data in unintended and potentially dangerous ways.
CWE-186Overly Restrictive Regular ExpressionThis weakness occurs when a regular expression is too narrow, failing to detect all the dangerous or unexpected input values it was designed to catch.
CWE-187Partial String ComparisonThis weakness occurs when software checks only part of a string or token to determine a match, instead of comparing the entire value. This incomplete validation can lead to incorrect security decisions.
CWE-188Reliance on Data/Memory LayoutThis vulnerability occurs when software incorrectly assumes how data is structured in memory or within network packets, leading to unexpected behavior when those underlying layouts change.
CWE-190Integer Overflow or WraparoundInteger overflow or wraparound occurs when a calculation produces a numeric result that exceeds the maximum value a variable can hold. Instead of increasing as expected, the value wraps around to a very small or negative number, breaking the program's logic.
CWE-191Integer Underflow (Wrap or Wraparound)Integer underflow occurs when a subtraction operation results in a value smaller than the data type's minimum limit, causing the value to wrap around to a large, incorrect number.
CWE-192Integer Coercion ErrorAn integer coercion error occurs when a program incorrectly converts, extends, or truncates a number between different data types, leading to unexpected values.
CWE-193Off-by-one ErrorAn off-by-one error occurs when a program incorrectly calculates a boundary, such as a loop counter or array index, by being one unit too high or too low. This often leads to buffer overflows, memory corruption, or unexpected program behavior.
CWE-194Unexpected Sign ExtensionThis vulnerability occurs when a signed number from a smaller data type is moved or cast to a larger type, causing its sign bit to be incorrectly extended. If the original value is negative, this sign extension can fill the new, higher-order bits with '1's, leading to unexpectedly large positive values and causing logic errors, buffer overflows, or security bypasses.
CWE-195Signed to Unsigned Conversion ErrorThis vulnerability occurs when a signed integer (which can hold negative values) is converted to an unsigned integer (which holds only non-negative values). If the original signed value is negative, the conversion produces a large, unexpected positive number instead of an error, breaking the program's logic.
CWE-196Unsigned to Signed Conversion ErrorThis vulnerability occurs when a program takes an unsigned integer and converts it directly to a signed integer. If the original unsigned value is too large to fit within the signed type's positive range, the conversion results in an unexpected negative number, corrupting the data.
CWE-197Numeric Truncation ErrorA numeric truncation error happens when a program converts a number to a smaller data type, cutting off its higher-order bits and corrupting the original value.
CWE-198Use of Incorrect Byte OrderingThis vulnerability occurs when software processes data from another system without considering byte order (endianness), such as big-endian or little-endian. This mismatch can cause the program to misinterpret numbers or values, leading to incorrect calculations, crashes, or security flaws.
CWE-20Improper Input ValidationThis vulnerability occurs when an application accepts data from an external source but fails to properly verify that the data is safe and correctly formatted before using it. This missing or flawed validation check allows malicious or malformed inputs to disrupt the application's logic or security.
CWE-200Exposure of Sensitive Information to an Unauthorized ActorThis weakness occurs when an application unintentionally reveals sensitive data to someone who shouldn't have access to it.
CWE-201Insertion of Sensitive Information Into Sent DataThis vulnerability occurs when an application sends data to an external party, but accidentally includes sensitive information—like passwords, keys, or personal data—that the recipient should not be able to access.
CWE-202Exposure of Sensitive Information Through Data QueriesThis vulnerability occurs when an attacker uses statistical analysis on aggregated or anonymized data to uncover sensitive details about individuals, even when direct identifiers are removed.
CWE-203Observable DiscrepancyThis vulnerability occurs when an application responds differently to unauthorized users based on internal conditions. Attackers can observe these variations—like changes in error messages, timing, or system behavior—to infer sensitive information, such as whether a username exists, a password is incorrect, or a specific operation succeeded.
CWE-204Observable Response DiscrepancyThis vulnerability occurs when an application responds differently to similar requests, unintentionally leaking details about its internal state or logic to unauthorized users.
CWE-205Observable Behavioral DiscrepancyThis vulnerability occurs when an application behaves differently in ways that unauthorized users can detect. These observable differences can reveal internal system logic, state information, or how the product varies from similar applications, providing attackers with valuable clues.
CWE-206Observable Internal Behavioral DiscrepancyThis vulnerability occurs when a system's internal steps or decisions become visible to an attacker because the system behaves differently at each stage. Instead of presenting a single, unified result, the product leaks information about its internal checks, allowing an attacker to map its logic and pinpoint weaknesses.
CWE-207Observable Behavioral Discrepancy With Equivalent ProductsThis vulnerability occurs when a system that should remain anonymous behaves differently than other products with the same purpose, allowing attackers to detect and identify it.
CWE-208Observable Timing DiscrepancyThis vulnerability occurs when an application takes measurably different amounts of time to perform different operations, such as checking a password or processing a request. An attacker can observe these timing differences to learn sensitive information, like whether a username is valid or a cryptographic key guess is correct.
CWE-209Generation of Error Message Containing Sensitive InformationThis vulnerability occurs when an application reveals sensitive details about its internal systems, user data, or environment within error messages shown to users.
CWE-210Self-generated Error Message Containing Sensitive InformationThis vulnerability occurs when an application detects a problem and generates its own error messages that accidentally expose sensitive system or user data.
CWE-211Externally-Generated Error Message Containing Sensitive InformationThis vulnerability occurs when an application triggers an error message from an external component—like a database, interpreter, or operating system—and that error reveals sensitive details about the system's internal workings, configuration, or data.
CWE-212Improper Removal of Sensitive Information Before Storage or TransferThis vulnerability occurs when an application stores or transmits a resource containing sensitive data without properly cleaning it first, potentially exposing that information to unauthorized parties.
CWE-213Exposure of Sensitive Information Due to Incompatible PoliciesThis vulnerability occurs when a system's data handling aligns with the developer's security rules but accidentally reveals information that other stakeholders—like users or administrators—consider confidential. Essentially, the developer's policy conflicts with the security expectations of the people who use or manage the product.
CWE-214Invocation of Process Using Visible Sensitive InformationThis vulnerability occurs when a process is started with sensitive data, such as passwords or API keys, passed directly in its command-line arguments or environment variables. Because this information is often visible to other processes on the system, it can be easily exposed.
CWE-215Insertion of Sensitive Information Into Debugging CodeThis vulnerability occurs when developers embed sensitive data, such as passwords or API keys, within debugging statements like logs or console outputs, and fail to remove or disable this code before deploying to a live environment.
CWE-219Storage of File with Sensitive Data Under Web RootThis vulnerability occurs when an application saves sensitive files, such as configuration data or private keys, inside the web server's publicly accessible directory. Without proper access restrictions, attackers can directly request and download these files.
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')This vulnerability occurs when an application builds a file path using user input but fails to properly validate it, allowing an attacker to break out of the intended directory and access files or folders anywhere on the server.
CWE-221Information Loss or OmissionThis weakness occurs when an application fails to log critical security events or records them inaccurately, which can misguide security decisions and hinder incident investigation.
CWE-222Truncation of Security-relevant InformationThis vulnerability occurs when a system shortens or cuts off security-critical data during display, logging, or processing. This truncation can hide the true details of an attack, making it harder to detect, investigate, and respond to threats.
CWE-223Omission of Security-relevant InformationThis vulnerability occurs when an application fails to capture or present crucial security-related details, such as the origin of a request or the specifics of a security event. Without this information, developers and security teams cannot effectively trace attacks or validate whether an operation is legitimate.
CWE-224Obscured Security-relevant Information by Alternate NameThis vulnerability occurs when a system logs or reports security-critical events using a nickname or alias for a component, instead of its official, unique identifier.
CWE-226Sensitive Information in Resource Not Removed Before ReuseThis vulnerability occurs when a system releases a resource like memory or a file for reuse but fails to erase the sensitive data it previously contained. The old information remains accessible when the resource is allocated to a new process or used in a different context.
CWE-228Improper Handling of Syntactically Invalid StructureThis vulnerability occurs when software fails to properly reject or process input that doesn't follow the expected format or structure, often leading to crashes or unexpected behavior.
CWE-229Improper Handling of ValuesThis vulnerability occurs when software fails to correctly process situations where input contains too few values, too many values, or undefined values for expected parameters, fields, or arguments.
CWE-23Relative Path TraversalThis vulnerability occurs when an application builds file paths using user-supplied input without properly validating or sanitizing it. Attackers can exploit this by inserting special directory traversal sequences like '..' to access files and directories outside the intended restricted folder.
CWE-230Improper Handling of Missing ValuesThis vulnerability occurs when software fails to properly check for or handle missing data values. It happens when a parameter, field, or argument name is provided, but its corresponding value is empty, blank, or null, and the system doesn't manage this absence safely.
CWE-231Improper Handling of Extra ValuesThis vulnerability occurs when software receives more input values than it was designed to handle, and fails to properly manage or reject the excess data.
CWE-232Improper Handling of Undefined ValuesThis vulnerability occurs when software fails to properly check for or handle undefined, null, or unsupported values passed to parameters, configuration fields, or function arguments. Instead of rejecting or safely converting these values, the system proceeds with an unexpected state, often leading to crashes or security flaws.
CWE-233Improper Handling of ParametersThis vulnerability occurs when software fails to correctly process input that contains an unexpected number of parameters, missing fields, or undefined arguments. It often leads to crashes, unexpected behavior, or security bypasses.
CWE-234Failure to Handle Missing ParameterThis vulnerability occurs when a function or method receives fewer arguments than it expects. The function will still attempt to process its expected number of parameters, which can lead to reading undefined, stale, or arbitrary values from the program's memory or stack, causing crashes or unexpected behavior.
CWE-235Improper Handling of Extra ParametersThis vulnerability occurs when a system fails to properly manage situations where it receives more parameters, fields, or arguments with the same name than it was designed to handle.
CWE-236Improper Handling of Undefined ParametersThis vulnerability occurs when software fails to properly manage input parameters, field names, or arguments that it doesn't recognize or support. Instead of rejecting or safely ignoring the undefined input, the system may behave unpredictably, leading to errors or security issues.
CWE-238Improper Handling of Incomplete Structural ElementsThis vulnerability occurs when software fails to properly process or validate data structures that are missing required components or are only partially formed.
CWE-239Failure to Handle Incomplete ElementThis vulnerability occurs when a system fails to properly manage or validate data elements that are missing required parts or are only partially defined.
CWE-24Path Traversal: '../filedir'Path traversal, often called directory traversal, occurs when an application builds a file path using user input without properly blocking sequences like '../'. This allows an attacker to break out of the intended directory and access files or folders anywhere on the server.
CWE-240Improper Handling of Inconsistent Structural ElementsThis vulnerability occurs when a system fails to properly manage situations where related data structures or elements should match but are inconsistent.
CWE-241Improper Handling of Unexpected Data TypeThis vulnerability occurs when software fails to properly validate or safely process data that arrives in an unexpected format. For example, the system might expect a numeric input but receives text instead, leading to crashes, errors, or security issues.
CWE-242Use of Inherently Dangerous FunctionThis vulnerability occurs when code uses functions that are inherently unsafe and cannot be reliably secured, posing a direct risk to application stability and security.
CWE-243Creation of chroot Jail Without Changing Working DirectoryThis vulnerability occurs when a program creates a chroot jail but fails to change its current working directory afterward. Because the process's working directory remains outside the jail, attackers can use relative paths to access files and directories that should be restricted.
CWE-244Improper Clearing of Heap Memory Before Release ('Heap Inspection')Using realloc() to resize buffers containing secrets like passwords or keys can leave that sensitive data exposed in memory, as the original data is not securely erased.
CWE-245J2EE Bad Practices: Direct Management of ConnectionsThis vulnerability occurs when a J2EE application handles database connections directly instead of using the container's built-in connection management system.
CWE-246J2EE Bad Practices: Direct Use of SocketsThis vulnerability occurs when a J2EE application creates network sockets directly, bypassing the container-managed communication framework provided by the platform.
CWE-248Uncaught ExceptionThis vulnerability occurs when a function throws an error or exception, but the calling code does not have a proper handler to catch and manage it.
CWE-25Path Traversal: '/../filedir'This vulnerability, often called directory traversal, occurs when an application builds a file path using user input without properly blocking sequences like '/../'. This lets an attacker break out of the intended directory and access files or folders elsewhere on the server.
CWE-250Execution with Unnecessary PrivilegesThis vulnerability occurs when software runs with higher permissions than it actually needs to perform its tasks. This excessive privilege creates security risks by opening doors to new attacks or making existing weaknesses more dangerous.
CWE-252Unchecked Return ValueThis vulnerability occurs when a program fails to verify the result of a function or method call, allowing it to continue execution without detecting errors or unexpected conditions.
CWE-253Incorrect Check of Function Return ValueThis vulnerability occurs when a program misinterprets or improperly validates the return value from a function, causing it to miss critical error states or unexpected conditions.
CWE-258Empty Password in Configuration FileThis vulnerability occurs when a configuration file, script, or application uses an empty string as a password, effectively disabling authentication for a service or account.
CWE-259Use of Hard-coded PasswordThis vulnerability occurs when an application embeds a password directly into its source code or configuration files. This hard-coded secret is then used either to authenticate incoming users or to connect to external services and databases.
CWE-26Path Traversal: '/dir/../filename'This vulnerability occurs when an application builds a file path using user input but fails to properly block directory traversal sequences like '/dir/../filename'. This allows an attacker to break out of the intended restricted directory and access files or folders elsewhere on the system.
CWE-260Password in Configuration FileThis vulnerability occurs when an application stores sensitive passwords directly within a configuration file, making them easily readable to anyone with access to that file.
CWE-266Incorrect Privilege AssignmentThis vulnerability occurs when a system mistakenly grants a user, process, or entity a specific permission or privilege they should not have. This error creates an unintended level of access, allowing the actor to perform actions beyond their intended authority.
CWE-267Privilege Defined With Unsafe ActionsThis vulnerability occurs when a system grants a user, role, or process a specific permission that can be misused to perform dangerous, unintended actions. The permission itself is correctly assigned, but its scope is too broad or allows for unsafe operations.
CWE-268Privilege ChainingPrivilege chaining occurs when an attacker combines two separate permissions or capabilities, neither of which is dangerous on its own, to perform a harmful action that neither permission should individually allow.
CWE-269Improper Privilege ManagementThis vulnerability occurs when an application fails to correctly manage user permissions, allowing someone to perform actions or access data beyond their intended authority.
CWE-27Path Traversal: 'dir/../../filename'This vulnerability occurs when an application builds file paths using user input but fails to properly block sequences like 'dir/../../filename'. Attackers can exploit this by injecting multiple '../' segments to escape the intended directory and access unauthorized files or folders elsewhere on the system.
CWE-270Privilege Context Switching ErrorThis vulnerability occurs when an application fails to properly manage user permissions while moving between different security contexts, potentially allowing unauthorized actions.
CWE-271Privilege Dropping / Lowering ErrorsThis vulnerability occurs when a system or process fails to reduce its elevated permissions before transferring control of a resource to a less-privileged user or component.
CWE-272Least Privilege ViolationThis vulnerability occurs when software fails to reduce its elevated system privileges after completing a sensitive operation, leaving it with unnecessary and dangerous access rights.
CWE-273Improper Check for Dropped PrivilegesThis vulnerability occurs when an application tries to lower its system privileges but fails to verify that the operation was successful.
CWE-274Improper Handling of Insufficient PrivilegesThis vulnerability occurs when an application fails to properly manage situations where it lacks the necessary permissions to execute an action. This flawed handling can lead to crashes, data corruption, or unintended security bypasses.
CWE-276Incorrect Default PermissionsThis vulnerability occurs when software installation scripts set overly permissive file or directory access rights by default. Instead of restricting write access to authorized users or processes, the installation allows unintended actors to modify, delete, or corrupt critical application files.
CWE-277Insecure Inherited PermissionsThis vulnerability occurs when an application sets default file or directory permissions that are too permissive, and these insecure settings are automatically passed down to new files or objects the program creates.
CWE-279Incorrect Execution-Assigned PermissionsThis vulnerability occurs when a running application incorrectly changes an object's access permissions, overriding the security settings that a user or administrator intentionally configured.
CWE-28Path Traversal: '..\filedir'This vulnerability occurs when an application builds a file path using user input but fails to block or properly handle '..\' sequences. This oversight allows an attacker to break out of the intended directory and navigate to unauthorized locations in the file system.
CWE-280Improper Handling of Insufficient Permissions or Privileges This vulnerability occurs when a system fails to properly manage situations where it lacks the necessary permissions to perform an action or access a resource. This flawed handling can force the application into unintended states or error paths, potentially leading to crashes, data corruption, or security bypasses.
CWE-281Improper Preservation of PermissionsThis vulnerability occurs when a system fails to correctly maintain file or object permissions during operations like copying, sharing, or restoring data. As a result, these resources can end up with weaker, more permissive security settings than the original owner intended.
CWE-284Improper Access ControlThe software fails to properly limit who can access a resource, allowing unauthorized users or systems to interact with it.
CWE-285Improper AuthorizationThis vulnerability occurs when an application fails to properly verify whether a user has permission to access specific data or perform certain actions before allowing the request.
CWE-286Incorrect User ManagementThis vulnerability occurs when an application incorrectly handles user accounts, roles, or group memberships, leading to improper access control.
CWE-287Improper AuthenticationImproper Authentication occurs when a system fails to properly verify a user's claimed identity, allowing access without sufficient proof of who they are.
CWE-289Authentication Bypass by Alternate NameThis vulnerability occurs when a system checks access based on a resource or user name, but fails to account for all the different names or aliases that could refer to the same entity, allowing attackers to bypass authentication.
CWE-29Path Traversal: '\..\filename'This vulnerability occurs when an application builds file paths using user input but fails to block '\..\filename' sequences. Attackers can use these leading backslash and dot-dot sequences to escape the intended directory and access unauthorized files or folders elsewhere on the system.
CWE-290Authentication Bypass by SpoofingThis weakness occurs when an application's authentication system can be tricked into accepting forged or manipulated credentials, allowing unauthorized access without proper verification.
CWE-295Improper Certificate ValidationThis vulnerability occurs when an application fails to properly verify the authenticity of a digital certificate, or performs the verification incorrectly, allowing untrusted connections to appear legitimate.
CWE-296Improper Following of a Certificate's Chain of TrustThis vulnerability occurs when software fails to properly validate the entire certificate chain back to a trusted root authority. This mistake can cause the system to incorrectly trust a certificate and the resource it represents, creating a security gap.
CWE-297Improper Validation of Certificate with Host MismatchThis vulnerability occurs when an application accepts a valid SSL/TLS certificate without properly verifying that it actually belongs to the specific host it's connecting to. Even a correctly signed certificate from a trusted authority can be misused if the hostname check is missing or flawed.
CWE-298Improper Validation of Certificate ExpirationThis vulnerability occurs when an application fails to properly check if a digital certificate has expired, potentially trusting certificates that are no longer valid due to their age.
CWE-299Improper Check for Certificate RevocationThis vulnerability occurs when an application fails to properly verify whether a security certificate has been revoked, potentially allowing it to accept and use a compromised or untrustworthy certificate.
CWE-30Path Traversal: '\dir\..\filename'This vulnerability occurs when an application builds file paths using user input but fails to properly sanitize sequences like '\dir\..\filename'. Attackers can exploit this to escape the intended directory and access unauthorized files or folders elsewhere on the system.
CWE-302Authentication Bypass by Assumed-Immutable DataThis vulnerability occurs when an authentication system incorrectly treats certain data as unchangeable, when in fact an attacker can manipulate it to bypass login or verification checks.
CWE-303Incorrect Implementation of Authentication AlgorithmThis weakness occurs when a developer implements a standard authentication algorithm, but makes critical mistakes in the code that cause it to function incorrectly.
CWE-304Missing Critical Step in AuthenticationThis vulnerability occurs when a software authentication process omits a required step, weakening its overall security.
CWE-305Authentication Bypass by Primary WeaknessThis vulnerability occurs when a system's core authentication logic is technically correct, but an attacker can completely bypass it by exploiting a separate, more fundamental flaw in the application.
CWE-31Path Traversal: 'dir\..\..\filename'This vulnerability occurs when an application builds file paths using user input but fails to properly block sequences like 'dir\..\..\filename'. Attackers can use these multiple backslash-dot-dot sequences to escape the intended directory and access files or folders anywhere on the file system.
CWE-318Cleartext Storage of Sensitive Information in ExecutableThis vulnerability occurs when an application embeds sensitive information, like passwords or keys, directly within its executable code without encryption.
CWE-32Path Traversal: '...' (Triple Dot)This vulnerability occurs when an application builds file paths using user input but fails to properly filter out '...' (triple dot) sequences. Attackers can exploit this to escape restricted directories and access unauthorized files or folders on the server.
CWE-325Missing Cryptographic StepThis vulnerability occurs when a software implementation skips a critical step in a cryptographic process, resulting in security that is significantly weaker than the intended algorithm provides.
CWE-327Use of a Broken or Risky Cryptographic AlgorithmThe software relies on a cryptographic algorithm or protocol that is either fundamentally flawed or considered too weak by modern security standards.
CWE-329Generation of Predictable IV with CBC ModeThis vulnerability occurs when software uses a predictable or reused Initialization Vector (IV) with Cipher Block Chaining (CBC) mode encryption. Predictable IVs undermine the security of CBC, making encrypted data vulnerable to dictionary and chosen-plaintext attacks, especially when the same key is used multiple times.
CWE-33Path Traversal: '....' (Multiple Dot)This vulnerability occurs when an application builds file paths using user input but fails to properly filter sequences of multiple dots ('....'). Attackers can exploit this to break out of the intended directory and access unauthorized files or folders elsewhere on the system.
CWE-330Use of Insufficiently Random ValuesThis vulnerability occurs when an application uses random values that are not sufficiently unpredictable in security-sensitive operations, making them easier for attackers to guess or calculate.
CWE-331Insufficient EntropyThis vulnerability occurs when a system's random number generator or algorithm lacks sufficient unpredictability, creating patterns or predictable outputs that are easier for attackers to guess.
CWE-332Insufficient Entropy in PRNGThis vulnerability occurs when a Pseudo-Random Number Generator (PRNG) doesn't have enough randomness (entropy) to start with, or isn't using enough during operation. This makes its outputs predictable, undermining both system stability and security.
CWE-333Improper Handling of Insufficient Entropy in TRNGThis vulnerability occurs when a system fails to properly manage the limited or unpredictable output rate of a true random number generator (TRNG), potentially causing failures, delays, or weakened security.
CWE-334Small Space of Random ValuesThis vulnerability occurs when a system uses a random number generator that produces too few possible values. Attackers can easily predict or guess these values through brute force attacks.
CWE-335Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)This vulnerability occurs when a Pseudo-Random Number Generator (PRNG) is used, but its initial seed value is not handled securely or predictably, compromising the randomness of its output.
CWE-336Same Seed in Pseudo-Random Number Generator (PRNG)This vulnerability occurs when a Pseudo-Random Number Generator (PRNG) is repeatedly initialized with the same starting seed value.
CWE-337Predictable Seed in Pseudo-Random Number Generator (PRNG)This vulnerability occurs when a Pseudo-Random Number Generator (PRNG) uses an easily guessable starting value, like the current system time or a process ID, to begin its sequence.
CWE-338Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)This vulnerability occurs when software uses a pseudo-random number generator (PRNG) that is not cryptographically strong for security-sensitive operations, such as generating keys, tokens, or initialization vectors.
CWE-339Small Seed Space in PRNGThis vulnerability occurs when a Pseudo-Random Number Generator (PRNG) uses a seed that has too few possible values, making it easy for an attacker to guess through brute force.
CWE-34Path Traversal: '....//'This vulnerability occurs when an application builds file paths using user input but fails to properly sanitize '....//' sequences. Attackers can use this pattern to break out of the intended directory and access unauthorized files or folders elsewhere on the system.
CWE-340Generation of Predictable Numbers or IdentifiersThis vulnerability occurs when a system creates numbers or identifiers that are too easy to guess, undermining security mechanisms that rely on unpredictability.
CWE-341Predictable from Observable StateThis vulnerability occurs when an attacker can guess or deduce sensitive values, like random numbers or identifiers, by observing predictable system or network characteristics such as timestamps, process IDs, or other public information.
CWE-342Predictable Exact Value from Previous ValuesThis vulnerability occurs when a system uses a predictable sequence for generating values, allowing an attacker to accurately guess future numbers by analyzing past ones.
CWE-343Predictable Value Range from Previous ValuesThis vulnerability occurs when a system's random number generator produces values that, after observing previous outputs, allow an attacker to predict a limited range for the next value.
CWE-344Use of Invariant Value in Dynamically Changing ContextThis vulnerability occurs when code uses a fixed, unchanging value (like a hardcoded string, number, or reference) in a situation where that value should actually be flexible and adapt to different runtime conditions or environments.
CWE-345Insufficient Verification of Data AuthenticityThis vulnerability occurs when an application fails to properly check where data comes from or confirm its legitimacy, allowing untrusted or forged information to be processed as valid.
CWE-346Origin Validation ErrorThis vulnerability occurs when an application fails to properly confirm the true origin of incoming data or communication, allowing attackers to spoof their source.
CWE-347Improper Verification of Cryptographic SignatureThis vulnerability occurs when an application fails to properly check the digital signature on data, or skips the verification step entirely, allowing tampered or forged information to be accepted as legitimate.
CWE-348Use of Less Trusted SourceThis vulnerability occurs when a system has access to multiple sources for the same critical data, but it chooses to rely on the less secure or less trustworthy one. This creates a security gap because the system ignores better-protected alternatives that offer stronger verification or are harder for attackers to compromise.
CWE-349Acceptance of Extraneous Untrusted Data With Trusted DataThis vulnerability occurs when a system processes both trusted and untrusted data together, but fails to separate them. The application incorrectly treats all incoming data—including the untrusted portion—with the same level of trust as the legitimate data.
CWE-35Path Traversal: '.../...//'This vulnerability occurs when an application builds file paths using user input but fails to properly sanitize the '.../...//' sequence. Attackers can use this specific pattern to break out of the intended directory and access unauthorized files or folders elsewhere on the system.
CWE-351Insufficient Type DistinctionThis vulnerability occurs when an application fails to properly differentiate between different types of data or objects, leading to unintended and insecure behavior.
CWE-353Missing Support for Integrity CheckThis vulnerability occurs when a system uses a communication protocol that lacks built-in integrity verification, such as a checksum or cryptographic hash, to detect if data has been altered or corrupted during transmission.
CWE-354Improper Validation of Integrity Check ValueThis vulnerability occurs when software fails to properly check the integrity of data by validating its checksum or hash value. Without this verification, the application cannot reliably detect if information has been altered, corrupted, or tampered with during storage or transmission.
CWE-356Product UI does not Warn User of Unsafe ActionsThis vulnerability occurs when a software interface fails to alert users before they perform a risky action. Without clear warnings, users can be more easily misled into taking steps that harm their system or data.
CWE-357Insufficient UI Warning of Dangerous OperationsThis vulnerability occurs when a software application does present a warning to a user before a risky action, but the warning is designed or placed in a way that makes it too easy to miss, ignore, or accidentally dismiss.
CWE-358Improperly Implemented Security Check for StandardThis vulnerability occurs when software fails to correctly implement one or more critical security checks required by a standard protocol, algorithm, or security technique.
CWE-359Exposure of Private Personal Information to an Unauthorized ActorThis vulnerability occurs when an application fails to adequately protect sensitive personal data, allowing access to individuals who either lack proper authorization or haven't provided necessary consent for its use.
CWE-36Absolute Path TraversalThis vulnerability occurs when an application builds file paths using user input without properly blocking absolute paths like '/etc/passwd' or 'C:\Windows\system32'. Attackers can exploit this to escape the intended directory and access sensitive files anywhere on the server.
CWE-360Trust of System Event DataThis vulnerability occurs when software blindly trusts system event data without verifying its source, allowing attackers to spoof events and manipulate application behavior.
CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')A race condition occurs when multiple processes or threads access a shared resource simultaneously without proper coordination, creating a timing window where the resource's state can be unexpectedly altered, leading to unpredictable behavior or security vulnerabilities.
CWE-363Race Condition Enabling Link FollowingThis vulnerability occurs when a program checks a file's status before using it, creating a brief window where an attacker can replace that file with a malicious link. This causes the program to follow the link and access an unintended, potentially dangerous location.
CWE-364Signal Handler Race ConditionA signal handler race condition occurs when a program's signal handling routine is vulnerable to timing issues, allowing its state to be corrupted through asynchronous execution.
CWE-366Race Condition within a ThreadThis vulnerability occurs when two or more threads within the same application access and manipulate a shared resource (like a variable, data structure, or file) without proper synchronization. Because the threads can execute in an unpredictable order, they can corrupt the resource's state, leading to crashes, incorrect calculations, or data loss.
CWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionThis vulnerability occurs when a program verifies a resource's state (like a file's permissions or existence) but then uses it after that state has already changed. The gap between checking and using creates a race window where an attacker can manipulate the resource, causing the program to operate on invalid or malicious data.
CWE-368Context Switching Race ConditionThis vulnerability occurs when an application switches between different security contexts (like privilege levels or domains) using a series of steps that can be interrupted. An attacker can exploit the timing gap during this switch to trick the application into performing actions with the wrong permissions or resources.
CWE-369Divide By ZeroA divide-by-zero error occurs when software attempts to perform a division operation where the denominator is zero.
CWE-37Path Traversal: '/absolute/pathname/here'This vulnerability occurs when an application accepts user input containing absolute file paths (starting with a forward slash like '/etc/passwd') and uses it to access files without proper security checks. Attackers can exploit this to read, write, or delete sensitive files anywhere on the server's filesystem.
CWE-370Missing Check for Certificate Revocation after Initial CheckThis vulnerability occurs when software only verifies a certificate's revocation status once, then continues to trust it for subsequent privileged actions without re-checking. This allows operations to proceed even if the certificate is revoked later.
CWE-372Incomplete Internal State DistinctionThis vulnerability occurs when an application fails to accurately track its own operational state. The system incorrectly assumes it's in one mode or condition when it's actually in another, leading to security-critical actions being performed with the wrong assumptions.
CWE-374Passing Mutable Objects to an Untrusted MethodThis vulnerability occurs when a function receives a direct reference to mutable data, such as an object or array, instead of a safe copy of that data.
CWE-375Returning a Mutable Object to an Untrusted CallerThis vulnerability occurs when a method directly returns a reference to its internal mutable data, allowing untrusted calling code to modify that data unexpectedly.
CWE-377Insecure Temporary FileThis vulnerability occurs when an application creates temporary files with insecure permissions or in predictable locations, allowing attackers to read, modify, or delete sensitive data.
CWE-378Creation of Temporary File With Insecure PermissionsThis vulnerability occurs when a program creates a temporary file but sets its file permissions too loosely, allowing other users or processes on the system to read, modify, or delete the file.
CWE-379Creation of Temporary File in Directory with Insecure PermissionsThis vulnerability occurs when an application creates a temporary file in a directory that is too permissive, allowing unauthorized users or processes to see, access, or manipulate the file.
CWE-38Path Traversal: '\absolute\pathname\here'This vulnerability occurs when an application accepts user-supplied input containing Windows-style absolute paths (like '\absolute\pathname\here') without proper validation. Attackers can exploit this to navigate outside the intended directory and access or manipulate sensitive files anywhere on the server's file system.
CWE-382J2EE Bad Practices: Use of System.exit()This vulnerability occurs when a J2EE application directly calls System.exit(), which forcibly terminates the entire application server process, not just the application itself.
CWE-383J2EE Bad Practices: Direct Use of ThreadsCreating or managing threads directly within a J2EE application is a risky practice that violates the platform's standards and often leads to unstable applications.
CWE-384Session FixationSession fixation occurs when an application authenticates a user without first destroying the previous session ID. This allows an attacker who knows that session identifier to hijack the user's authenticated session.
CWE-385Covert Timing ChannelA covert timing channel is a security flaw where an attacker can deduce secret information by observing how long certain operations take to execute. Instead of directly reading data, they analyze timing variations in system behavior to infer protected details.
CWE-386Symbolic Name not Mapping to Correct ObjectThis vulnerability occurs when a program uses a fixed symbolic name (like a constant or identifier) to refer to an object, but that name can later point to a different, unintended object during execution.
CWE-39Path Traversal: 'C:dirname'This vulnerability occurs when an application accepts user input containing Windows drive letters (like 'C:dirname') without proper validation, allowing attackers to redirect file operations to unintended locations or access arbitrary files on the system.
CWE-390Detection of Error Condition Without ActionThis weakness occurs when software successfully identifies an error condition but then fails to take any meaningful action to address it. The error is detected but ignored, leaving the system in an inconsistent or vulnerable state.
CWE-391Unchecked Error ConditionThis vulnerability occurs when a program fails to properly check or handle error conditions, such as exceptions or return codes. By ignoring these failures, the software can enter an unexpected state that attackers might exploit, often without any logging or user notification.
CWE-392Missing Report of Error ConditionThis vulnerability occurs when a system fails to properly signal that an error has happened. Instead of returning a clear error code, status, or exception, the software continues as if nothing went wrong, leaving other components unaware of the failure.
CWE-393Return of Wrong Status CodeThis vulnerability occurs when a function returns an inaccurate status code or value that misrepresents the actual outcome of an operation. This false signal can cause the application to behave in unexpected and potentially insecure ways.
CWE-394Unexpected Status Code or Return ValueThis vulnerability occurs when software fails to properly validate the full range of possible return values from a function or system call. While a returned value might be technically valid for that operation, the application doesn't anticipate or handle it correctly, leading to unexpected behavior.
CWE-395Use of NullPointerException Catch to Detect NULL Pointer DereferenceUsing a try-catch block for NullPointerException as a substitute for proper null checks is an anti-pattern. This approach masks the root cause of null pointer dereferences instead of preventing them, leading to unstable and difficult-to-debug code.
CWE-396Declaration of Catch for Generic ExceptionThis weakness occurs when code catches a generic exception type like 'Exception' or 'Throwable', which can hide specific errors and create insecure error handling logic.
CWE-397Declaration of Throws for Generic ExceptionThis vulnerability occurs when a method is declared to throw an overly broad exception type, such as a generic 'Exception' or 'Throwable'. This practice masks the specific error conditions that can occur, making it difficult for calling code to handle failures appropriately.
CWE-40Path Traversal: '\\UNC\share\name\' (Windows UNC Share)This vulnerability occurs when an application accepts user input containing a Windows UNC share path (like '\\UNC\share\name') without proper validation, allowing attackers to redirect file operations to unintended network locations or arbitrary files.
CWE-400Uncontrolled Resource ConsumptionThis vulnerability occurs when an application fails to properly manage a finite resource, allowing an attacker to exhaust it and cause a denial of service.
CWE-401Missing Release of Memory after Effective LifetimeThis vulnerability occurs when a program allocates memory but fails to properly release it after it's no longer needed, causing a gradual accumulation of unused memory that can't be reclaimed by the system.
CWE-402Transmission of Private Resources into a New Sphere ('Resource Leak')This vulnerability occurs when an application unintentionally exposes internal resources, like files, memory, or database connections, to unauthorized users or systems. Essentially, it's a type of resource leak where sensitive assets cross a security boundary.
CWE-403Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')This vulnerability occurs when a parent process launches a child process without first closing sensitive file descriptors. The child process inherits these open handles, potentially gaining unauthorized access to files, sockets, or other resources it shouldn't be able to interact with.
CWE-404Improper Resource Shutdown or ReleaseThis vulnerability occurs when a program fails to properly close or release a system resource—like a file handle, database connection, or memory block—after it's no longer needed, preventing its reuse.
CWE-405Asymmetric Resource Consumption (Amplification)This vulnerability occurs when a system allows an attacker to trigger a disproportionate amount of resource consumption—like CPU, memory, or bandwidth—with minimal effort on their part. The attacker's small input causes a large, inefficient output, creating an unfair 'asymmetric' advantage.
CWE-406Insufficient Control of Network Message Volume (Network Amplification)This vulnerability occurs when a system fails to properly limit the amount of network traffic it can generate in response to a request, allowing an attacker to abuse it to send a disproportionately large volume of data.
CWE-407Inefficient Algorithmic ComplexityThis vulnerability occurs when a software component uses an algorithm with poor worst-case performance. An attacker can exploit this by providing specially crafted input that forces the algorithm into its slowest possible execution path, leading to severe performance degradation or denial of service.
CWE-408Incorrect Behavior Order: Early AmplificationThis vulnerability occurs when a system allows a user to trigger a resource-intensive operation before verifying their identity or checking their permissions.
CWE-409Improper Handling of Highly Compressed Data (Data Amplification)This vulnerability occurs when software fails to safely process highly compressed data, where a small input file can trigger the creation of an extremely large amount of data during decompression, overwhelming system resources.
CWE-41Improper Resolution of Path EquivalenceThis vulnerability occurs when an application fails to properly handle different text representations that refer to the same file or directory on the system. Attackers can use special characters or alternative naming conventions to bypass security checks and access restricted files.
CWE-410Insufficient Resource PoolThis vulnerability occurs when a system's resource pool is too small to handle maximum usage. Attackers can exploit this by making a high volume of requests, consuming all available resources and blocking legitimate users.
CWE-412Unrestricted Externally Accessible LockThis vulnerability occurs when a system correctly checks for a lock's existence, but an unauthorized external actor can control or influence that lock.
CWE-413Improper Resource LockingThis vulnerability occurs when an application fails to properly lock a shared resource, such as a file or memory location, before performing operations that require exclusive access.
CWE-414Missing Lock CheckThis vulnerability occurs when software fails to verify that a proper synchronization lock is active before accessing or modifying a shared resource, potentially leading to race conditions and data corruption.
CWE-415Double FreeA double free vulnerability occurs when a program mistakenly calls the 'free()' function twice on the same block of memory.
CWE-416Use After FreeUse After Free happens when a program continues to use a pointer to a memory location after that memory has been freed. This can lead to unpredictable behavior, crashes, or security vulnerabilities because the freed memory may have been reallocated for a different purpose.
CWE-419Unprotected Primary ChannelThis vulnerability occurs when an application exposes a privileged administrative interface or restricted functionality through a primary channel (like a specific port, endpoint, or protocol) without implementing adequate security controls to protect it.
CWE-42Path Equivalence: 'filename.' (Trailing Dot)This vulnerability occurs when a system accepts file or directory paths that end with a dot (like 'file.txt.' or 'folder.') without properly checking them. Attackers can exploit this to bypass security checks, potentially accessing files or directories they shouldn't be able to reach.
CWE-420Unprotected Alternate ChannelThis vulnerability occurs when an application secures its main communication path but leaves a backup or alternative channel with weaker or no protection.
CWE-425Direct Request ('Forced Browsing')This vulnerability occurs when a web application fails to verify user permissions for every protected page, file, or API endpoint, allowing attackers to access them directly.
CWE-426Untrusted Search PathThis vulnerability occurs when an application relies on an external search path, provided by a user or environment, to find and load critical resources like executables or libraries. Because the application does not fully control this path, an attacker can manipulate it to point to malicious files.
CWE-427Uncontrolled Search Path ElementThis vulnerability occurs when an application searches for critical files like libraries or executables using a predefined list of directories, but one or more of those directories can be manipulated by an unauthorized user.
CWE-428Unquoted Search Path or ElementThis vulnerability occurs when a program uses a file path or command that contains spaces and is not enclosed in quotes. The operating system may misinterpret where the executable file is located, potentially allowing an attacker to run a malicious program with higher privileges.
CWE-43Path Equivalence: 'filename....' (Multiple Trailing Dot)This vulnerability occurs when an application accepts file or directory paths containing multiple trailing dots (like 'file....') without proper validation. Attackers can exploit this to bypass security checks, potentially accessing files or directories outside the intended scope.
CWE-430Deployment of Wrong HandlerThis vulnerability occurs when a system incorrectly assigns or routes an object to the wrong processing component.
CWE-431Missing HandlerThis vulnerability occurs when a software component lacks the necessary code to properly handle an error or unexpected event.
CWE-432Dangerous Signal Handler not Disabled During Sensitive OperationsThis vulnerability occurs when a program's signal handler, which shares resources like global variables with other handlers, can be interrupted and re-entered before it finishes its work. The program fails to block other signals during this sensitive operation, leaving shared state vulnerable to corruption.
CWE-433Unparsed Raw Web Content DeliveryThis vulnerability occurs when a web application stores unprocessed files—like configuration scripts or raw source code—in publicly accessible directories using file extensions the server doesn't recognize.
CWE-434Unrestricted Upload of File with Dangerous TypeThis vulnerability occurs when an application accepts file uploads without properly restricting the file types, allowing attackers to upload and execute malicious files on the server.
CWE-435Improper Interaction Between Multiple Correctly-Behaving EntitiesThis weakness occurs when individually secure components interact in unexpected ways within a larger system, creating new security flaws that weren't present in isolation.
CWE-436Interpretation ConflictAn interpretation conflict occurs when two systems process the same data or sequence of events differently, leading one system to make incorrect decisions based on its flawed understanding of the other's state.
CWE-437Incomplete Model of Endpoint FeaturesThis vulnerability occurs when a security product, proxy, or monitoring system sits between endpoints but lacks a full understanding of what those endpoints can do or their current state. Because it's working with incomplete information, it can make wrong decisions, allowing malicious traffic to pass or incorrectly blocking legitimate requests.
CWE-439Behavioral Change in New Version or EnvironmentThis vulnerability occurs when a component's behavior unexpectedly changes after an update or when deployed to a different environment, and the systems or users depending on it are unaware of and cannot manage this change.
CWE-44Path Equivalence: 'file.name' (Internal Dot)This vulnerability occurs when an application accepts file paths containing internal dots (like 'file.ordir') without properly checking them. Attackers can exploit this to bypass security checks, traverse directories, and access sensitive files or system areas they shouldn't be able to reach.
CWE-440Expected Behavior ViolationThis weakness occurs when a software component, such as a function, API, or feature, fails to act as documented or intended. The system's actual behavior deviates from its promised specification, leading to unpredictable results.
CWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')This weakness occurs when a proxy, firewall, or other intermediary HTTP agent interprets a malformed HTTP request or response differently than the final destination server or client. This inconsistency allows an attacker to craft messages that bypass the intermediary's security checks.
CWE-446UI Discrepancy for Security FeatureThis vulnerability occurs when a user interface incorrectly displays a security feature as active or properly configured, misleading users into believing they are protected when they are not.
CWE-447Unimplemented or Unsupported Feature in UIThis vulnerability occurs when a user interface displays a security feature as active and functional, but the underlying code that powers it is either missing or disabled. Users receive visual confirmation that a protection is in place, creating a false sense of security.
CWE-448Obsolete Feature in UIThis vulnerability occurs when a user interface (UI) includes outdated or deprecated features, but fails to alert users about their obsolete status. This can mislead users into relying on functionality that may be broken, unsupported, or pose a security risk.
CWE-449The UI Performs the Wrong ActionThis vulnerability occurs when a user interface (UI) element or command performs a different, unintended action than what the user requested, potentially leading to security bypass, data corruption, or unexpected system behavior.
CWE-45Path Equivalence: 'file...name' (Multiple Internal Dot)This vulnerability occurs when an application accepts file paths containing sequences of multiple internal dots (like 'file...name') without proper validation. Attackers can exploit this ambiguity to bypass security checks, traverse directories, and access sensitive files or system areas they shouldn't be able to reach.
CWE-450Multiple Interpretations of UI InputThis vulnerability occurs when a user interface can interpret the same input in multiple ways, but automatically chooses a less secure option without warning the user.
CWE-451User Interface (UI) Misrepresentation of Critical InformationThis vulnerability occurs when a user interface fails to accurately display or highlight crucial information, potentially misleading users about the true state of the system or the source of data. Attackers exploit this weakness to trick users into performing unintended actions, often as part of phishing campaigns or other deception-based attacks.
CWE-453Insecure Default Variable InitializationThis vulnerability occurs when software sets an internal variable to an insecure or unnecessarily weak default value during initialization, rather than using the most secure option available.
CWE-454External Initialization of Trusted Variables or Data StoresThis vulnerability occurs when an application sets up its critical internal variables or storage systems using data from untrusted, external sources that an attacker could control.
CWE-455Non-exit on Failed InitializationThis vulnerability occurs when software continues to run as normal after encountering a critical security failure during its startup process. Instead of halting or entering a safe mode, the application proceeds with weakened or missing security controls, leaving it exposed.
CWE-456Missing Initialization of a VariableThis vulnerability occurs when a program uses a variable before giving it a starting value, causing the software to rely on unpredictable data left over in memory.
CWE-457Use of Uninitialized VariableThis vulnerability occurs when a program accesses a variable before it has been assigned a value, leading to unpredictable behavior and potential security risks.
CWE-459Incomplete CleanupThis vulnerability occurs when an application fails to properly remove temporary files, data structures, or system resources after they are no longer needed.
CWE-46Path Equivalence: 'filename ' (Trailing Space)This vulnerability occurs when an application processes file paths that end with a space character (like 'document.txt ') without properly normalizing or rejecting them. Because many operating systems ignore trailing spaces in paths, this can cause the application to resolve the path differently than intended, potentially allowing attackers to access unauthorized files or directories.
CWE-460Improper Cleanup on Thrown ExceptionThis vulnerability occurs when a program fails to properly restore its state or release resources after an exception is thrown, leaving the application in an inconsistent or unexpected condition.
CWE-462Duplicate Key in Associative List (Alist)This vulnerability occurs when an associative list (alist) contains duplicate keys, which can cause unexpected behavior when software incorrectly handles or interprets these duplicates.
CWE-463Deletion of Data Structure SentinelThis vulnerability occurs when a program accidentally removes or corrupts a special marker used to define the boundaries of a data structure, leading to logic errors and unexpected behavior.
CWE-464Addition of Data Structure SentinelThis vulnerability occurs when a program unintentionally adds or modifies a special marker, known as a sentinel, within a data structure, leading to critical logic errors.
CWE-466Return of Pointer Value Outside of Expected RangeThis vulnerability occurs when a function returns a memory pointer that points outside the expected buffer range, potentially exposing unrelated memory or causing crashes.
CWE-467Use of sizeof() on a Pointer TypeThis vulnerability occurs when a developer uses the sizeof() operator on a pointer variable instead of the data it points to, leading to incorrect size calculations and potential buffer overflows or underflows.
CWE-468Incorrect Pointer ScalingThis vulnerability occurs when a programmer incorrectly accounts for pointer arithmetic in C or C++, causing the program to access unintended memory locations. The core issue is forgetting that adding an integer to a pointer automatically scales that integer by the size of the data type it points to.
CWE-469Use of Pointer Subtraction to Determine SizeThis vulnerability occurs when a program calculates a size or offset by subtracting two memory pointers, but the pointers point to locations in different memory blocks, leading to an incorrect and potentially dangerous result.
CWE-47Path Equivalence: ' filename' (Leading Space)This vulnerability occurs when an application accepts file or directory paths that begin with a space character (like ' filename'), without properly normalizing or validating the input. This can trick the file system's resolution logic, potentially allowing attackers to access unauthorized files or directories outside the intended scope.
CWE-470Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')This vulnerability occurs when an application uses unvalidated external input, like a URL parameter or form field, to dynamically decide which class to load or which method to execute via reflection. An attacker can manipulate this input to force the application to load unexpected, potentially malicious code.
CWE-471Modification of Assumed-Immutable Data (MAID)This vulnerability occurs when an application fails to protect data it assumes cannot be changed, allowing an attacker to alter it.
CWE-472External Control of Assumed-Immutable Web ParameterThis vulnerability occurs when a web application incorrectly trusts data that appears to be fixed or hidden from the user, such as values in hidden form fields, cookies, or URL parameters. Because this data is actually controllable by the client, attackers can modify it to bypass security checks or corrupt application logic.
CWE-473PHP External Variable ModificationThis vulnerability occurs when a PHP application fails to properly validate or sanitize variables that originate from outside the application, such as HTTP query strings, cookies, or POST data. Attackers can exploit this to inject unexpected values, altering the program's logic and security controls.
CWE-474Use of Function with Inconsistent ImplementationsThis vulnerability occurs when code relies on a function whose behavior changes across different operating systems or versions, leading to unpredictable security risks when the software runs in an unexpected environment.
CWE-475Undefined Behavior for Input to APIThis API function exhibits unpredictable or undefined behavior when its control parameter is not set to the exact, required value.
CWE-476NULL Pointer DereferenceThis vulnerability occurs when a program attempts to access or manipulate memory using a pointer that is set to NULL, causing a crash or unexpected behavior.
CWE-477Use of Obsolete FunctionThis vulnerability occurs when code relies on deprecated or obsolete functions, indicating outdated practices and insufficient maintenance that can introduce security gaps.
CWE-478Missing Default Case in Multiple Condition ExpressionThis vulnerability occurs when code with multiple conditional branches, like a switch statement, lacks a default case to handle unexpected values.
CWE-479Signal Handler Use of a Non-reentrant FunctionThis vulnerability occurs when a signal handler in your code calls a function that is not safe to re-enter. If that function is interrupted and called again before it finishes, it can corrupt memory and crash your program or create security weaknesses.
CWE-48Path Equivalence: 'file name' (Internal Whitespace)This vulnerability occurs when an application accepts file paths containing internal spaces (like 'file name') without proper validation. Attackers can exploit this ambiguity to bypass security checks, potentially accessing files or directories outside the intended scope.
CWE-480Use of Incorrect OperatorThis vulnerability occurs when a developer mistakenly uses the wrong operator in their code, leading to unintended and potentially insecure logic.
CWE-481Assigning instead of ComparingThis flaw occurs when a developer accidentally uses the assignment operator (=) instead of the comparison operator (== or ===). The code assigns a value when it was meant to check for equality, which fundamentally changes the program's logic.
CWE-482Comparing instead of AssigningThis vulnerability occurs when a developer accidentally uses a comparison operator (like '==') where an assignment operator (like '=') was intended, creating a logic error instead of setting a value.
CWE-483Incorrect Block DelimitationThis vulnerability occurs when a developer fails to use explicit braces or delimiters to group multiple statements within a block, leading to unexpected program logic.
CWE-484Omitted Break Statement in SwitchThis vulnerability occurs when a developer forgets to include a 'break' statement inside a switch-case block. Without it, the code execution 'falls through' and unintentionally runs the logic for subsequent cases, leading to unexpected behavior.
CWE-486Comparison of Classes by NameThis vulnerability occurs when an application determines an object's trustworthiness or behavior solely by checking its class name. Since multiple classes can share identical names across different packages or classloaders, this comparison can lead to using the wrong, potentially malicious, class.
CWE-487Reliance on Package-level ScopeThis weakness occurs when a Java application mistakenly treats package-level access as a security boundary, assuming it can prevent unauthorized access to code.
CWE-488Exposure of Data Element to Wrong SessionThis vulnerability occurs when an application fails to properly isolate data between different user sessions, allowing information from one user's session to leak into another's.
CWE-489Active Debug CodeThis vulnerability occurs when software is deployed to production with debugging or diagnostic features still enabled and accessible.
CWE-49Path Equivalence: 'filename/' (Trailing Slash)This vulnerability occurs when an application accepts file or directory paths that end with a slash (e.g., 'documents/') without properly normalizing them. This can confuse the system's path resolution logic, potentially allowing an attacker to bypass security checks and access files or directories they shouldn't.
CWE-491Public cloneable() Method Without Final ('Object Hijack')This vulnerability occurs when a class implements a public clone() method without declaring it final. This allows attackers to create copies of objects without invoking their constructors, potentially leaving the cloned object in an inconsistent or insecure state.
CWE-492Use of Inner Class Containing Sensitive DataUsing inner classes to handle sensitive data can unintentionally expose that data because of how Java compiles them. The compiler transforms inner classes into separate, package-visible classes, which can bypass the intended private access restrictions.
CWE-493Critical Public Variable Without Final ModifierThis vulnerability occurs when a security-sensitive variable is declared as public but not marked as final, allowing untrusted code to unexpectedly change its value after initialization.
CWE-494Download of Code Without Integrity CheckThis vulnerability occurs when an application fetches and runs code from an external source—like a remote server or CDN—without properly verifying where it came from or ensuring it hasn't been tampered with.
CWE-495Private Data Structure Returned From A Public MethodThis vulnerability occurs when a public method directly returns a reference to a private, internal data structure. Because the reference is live, external callers can bypass intended controls and modify the data unexpectedly, corrupting the application's state.
CWE-496Public Data Assigned to Private Array-Typed FieldThis vulnerability occurs when a developer stores sensitive data in a private array, but then assigns a publicly accessible reference to that same array. This effectively makes all the private array's contents available to unauthorized code, bypassing intended access controls.
CWE-497Exposure of Sensitive System Information to an Unauthorized Control SphereThis vulnerability occurs when an application unintentionally reveals sensitive details about its underlying system, such as file paths, software versions, or environment data, to users who should not have access to that information.
CWE-498Cloneable Class Containing Sensitive InformationThis vulnerability occurs when a class containing sensitive information, such as credentials or personal data, is made cloneable. Attackers can bypass normal initialization and access the sensitive data by creating a copy of the object.
CWE-499Serializable Class Containing Sensitive DataThis vulnerability occurs when a class containing sensitive information, such as credentials or personal data, is left serializable by default. Because the class does not explicitly prevent serialization, its internal data can be accessed and extracted by other parts of the application or external processes.
CWE-5J2EE Misconfiguration: Data Transmission Without EncryptionThis vulnerability occurs when a J2EE application transmits sensitive data, like login credentials or session tokens, across a network without using strong encryption. Attackers monitoring the network can easily intercept, read, or even alter this information if it's sent in plain text or protected by weak cryptographic methods.
CWE-50Path Equivalence: '//multiple/leading/slash'This vulnerability occurs when an application accepts file or directory paths containing multiple leading slashes (like '//multiple/leading/slash') without proper normalization. Attackers can exploit this ambiguity to bypass security checks, potentially accessing files or directories outside the intended scope.
CWE-500Public Static Field Not Marked FinalThis vulnerability occurs when a class exposes a public static field without declaring it as final, allowing unintended modification from anywhere in the application.
CWE-502Deserialization of Untrusted DataThis vulnerability occurs when an application accepts and processes serialized data from an untrusted source without proper validation, allowing an attacker to manipulate the data to execute malicious code or cause unexpected behavior.
CWE-506Embedded Malicious CodeThis vulnerability occurs when an application or codebase contains intentionally harmful code inserted by a developer or third party.
CWE-507Trojan HorseA Trojan Horse vulnerability occurs when software presents itself as legitimate and useful, but secretly contains malicious functionality that bypasses security controls. This hidden code operates without the user's knowledge, violating the intended security policy of the system or its administrator.
CWE-508Non-Replicating Malicious CodeThis type of malicious code is designed to operate only on the specific system it initially infects. Unlike viruses or worms, it does not contain mechanisms to copy itself or spread to other devices or networks.
CWE-509Replicating Malicious Code (Virus or Worm)This weakness describes software that is vulnerable to infection by self-replicating malicious programs like viruses or worms. Once such malware compromises a system, it can use that system as a launchpad to automatically spread and attack others.
CWE-51Path Equivalence: '/multiple//internal/slash'This vulnerability occurs when an application accepts file or directory paths containing multiple consecutive forward slashes (e.g., '/var//www///html') without normalizing them. Attackers can exploit this ambiguity to bypass security checks and access files or directories outside the intended scope.
CWE-510TrapdoorA trapdoor, often called a backdoor, is a hidden piece of code intentionally placed within software. It activates in response to a specific, often secret, input—like a special password or sequence—bypassing standard authentication and authorization checks to grant unauthorized access.
CWE-511Logic/Time BombA logic or time bomb is malicious code intentionally placed within software to trigger harmful actions when a specific condition is met or a predetermined time is reached.
CWE-512SpywareSpyware is software that secretly gathers personal information about a user or their activities. It does this by accessing data from other sources on the system, without the user's direct input or explicit consent.
CWE-514Covert ChannelA covert channel is a hidden communication path that allows data to be transmitted in a way that bypasses the system's intended security controls and monitoring.
CWE-515Covert Storage ChannelA covert storage channel is a type of security flaw where one process secretly encodes data into a shared system resource (like a file, memory bit, or status flag), and another unauthorized process later reads that resource to extract the hidden information.
CWE-52Path Equivalence: '/multiple/trailing/slash//'This vulnerability occurs when an application accepts file or directory paths containing multiple consecutive forward slashes (like '/multiple/trailing/slash//') without normalizing them. Different systems may interpret these duplicate slashes differently, potentially allowing attackers to bypass security checks and access restricted files or directories.
CWE-520.NET Misconfiguration: Use of ImpersonationThis vulnerability occurs when a .NET application is configured to run with impersonation, potentially granting it excessive system-level permissions that attackers could exploit.
CWE-521Weak Password RequirementsThis vulnerability occurs when an application fails to enforce strong password policies, making user accounts easier to compromise through guessing or automated attacks.
CWE-522Insufficiently Protected CredentialsThis vulnerability occurs when an application handles sensitive credentials like passwords or API keys in an insecure way, making them easy for attackers to steal during transmission or while stored.
CWE-524Use of Cache Containing Sensitive InformationThis vulnerability occurs when an application stores sensitive data in a cache that is accessible to unauthorized users or external systems.
CWE-525Use of Web Browser Cache Containing Sensitive InformationThis vulnerability occurs when a web application fails to implement secure caching directives, allowing sensitive user data or pages to be stored in the browser's cache where unauthorized parties could retrieve them.
CWE-526Cleartext Storage of Sensitive Information in an Environment VariableThis vulnerability occurs when an application stores sensitive data, such as passwords or API keys, as plain text in an environment variable.
CWE-53Path Equivalence: '\multiple\\internal\backslash'This vulnerability occurs when an application accepts file paths containing sequences of multiple internal backslashes (like '\multiple\\internal\\backslash') without properly normalizing them. This can confuse the system's path resolution logic, potentially allowing attackers to access files or directories outside the intended scope.
CWE-532Insertion of Sensitive Information into Log FileThis vulnerability occurs when an application unintentionally writes confidential data, such as passwords or API keys, into its log files.
CWE-535Exposure of Information Through Shell Error MessageThis vulnerability occurs when a web application's command shell returns detailed error messages to users. Attackers can analyze these messages to understand the underlying system, identify weaknesses, and potentially gain unauthorized access.
CWE-536Servlet Runtime Error Message Containing Sensitive InformationThis vulnerability occurs when a Java servlet application displays detailed runtime error messages that reveal sensitive information about the application's internal structure, such as stack traces, file paths, or database queries. These unhandled exception details can give attackers critical insights to craft further exploits.
CWE-537Java Runtime Error Message Containing Sensitive InformationThis vulnerability occurs when a Java application's runtime error messages reveal sensitive details about the system, such as file paths, internal IP addresses, or stack traces. Attackers can exploit these overly informative error messages to map the application's structure and gather intelligence for further attacks.
CWE-538Insertion of Sensitive Information into Externally-Accessible File or DirectoryThis vulnerability occurs when an application unintentionally stores confidential data—like passwords, API keys, or personal user details—in a location that is publicly accessible or readable by unauthorized users. Even if the file itself is intended to be available, the sensitive information within it should not be.
CWE-539Use of Persistent Cookies Containing Sensitive InformationThis vulnerability occurs when a web application stores sensitive data, like authentication details or personal information, within persistent cookies that remain on a user's device.
CWE-54Path Equivalence: 'filedir\' (Trailing Backslash)This vulnerability occurs when an application accepts file or directory paths that end with a backslash (like 'filedir\') without properly normalizing or validating them. This trailing backslash can cause the system to interpret the path ambiguously, potentially allowing attackers to bypass security checks and access files or directories outside the intended scope.
CWE-540Inclusion of Sensitive Information in Source CodeThis vulnerability occurs when sensitive information like passwords, API keys, or internal logic is exposed within source code that remains accessible on a web server or in a public repository.
CWE-541Inclusion of Sensitive Information in an Include FileThis vulnerability occurs when sensitive data like passwords or system details is placed inside a publicly accessible include file. Attackers can directly request these files to steal credentials and compromise the application.
CWE-543Use of Singleton Pattern Without Synchronization in a Multithreaded ContextThis vulnerability occurs when a singleton pattern is implemented in a multithreaded application without proper synchronization, potentially leading to multiple instances or corrupted state.
CWE-546Suspicious CommentThis weakness occurs when code contains comments that flag potential issues, such as bugs, security gaps, or unfinished work, which can expose underlying problems or oversights.
CWE-547Use of Hard-coded, Security-relevant ConstantsThis vulnerability occurs when code directly embeds security-critical values like passwords, cryptographic keys, or access levels as raw numbers or strings, instead of using named constants or configuration files. This practice makes the code brittle and error-prone during updates or security reviews.
CWE-548Exposure of Information Through Directory ListingThis vulnerability occurs when a web server is misconfigured to display a full list of files within a directory instead of serving a default web page, unintentionally exposing sensitive resources to anyone who visits the URL.
CWE-549Missing Password Field MaskingThis vulnerability occurs when an application fails to hide password characters as they are typed, making them visible to anyone who can see the screen. This exposes user credentials to onlookers or screen-capturing malware.
CWE-55Path Equivalence: '/./' (Single Dot Directory)This vulnerability occurs when an application accepts file paths containing '/./' (single dot directory) sequences without proper validation. Attackers can exploit this to bypass intended directory structures, potentially accessing sensitive files or navigating to unauthorized locations within the file system.
CWE-550Server-generated Error Message Containing Sensitive InformationThis vulnerability occurs when a web application or server returns detailed error messages that reveal sensitive internal information about the system.
CWE-551Incorrect Behavior Order: Authorization Before Parsing and CanonicalizationThis vulnerability occurs when a web server checks access permissions before fully processing and normalizing a URL, potentially allowing attackers to bypass security controls.
CWE-552Files or Directories Accessible to External PartiesThis vulnerability occurs when an application exposes files or directories to users who shouldn't have access to them.
CWE-553Command Shell in Externally Accessible DirectoryThis vulnerability occurs when a command shell script is placed in a web-accessible directory, such as /cgi-bin/. Attackers can directly request this file to execute arbitrary commands on the server, leading to full system compromise.
CWE-554ASP.NET Misconfiguration: Not Using Input Validation FrameworkThis vulnerability occurs when an ASP.NET application fails to implement a structured input validation framework, relying instead on ad-hoc or missing validation checks.
CWE-555J2EE Misconfiguration: Plaintext Password in Configuration FileA J2EE application insecurely stores an unprotected password within a configuration file.
CWE-556ASP.NET Misconfiguration: Use of Identity ImpersonationThis vulnerability occurs when an ASP.NET application is configured to run using impersonated credentials, which can grant the application excessive and unnecessary system privileges.
CWE-558Use of getlogin() in Multithreaded ApplicationUsing the getlogin() function in a multithreaded application can lead to unreliable or incorrect username results, creating security and logic flaws.
CWE-56Path Equivalence: 'filedir*' (Wildcard)This vulnerability occurs when an application accepts file or directory paths containing an asterisk wildcard ('*') without proper validation. Attackers can exploit this to bypass intended access controls, potentially reading, writing, or executing files in unauthorized locations.
CWE-560Use of umask() with chmod-style ArgumentThis vulnerability occurs when a program incorrectly uses the `umask()` system call with an argument formatted for `chmod()`, leading to unintended and overly permissive file permissions.
CWE-561Dead CodeDead code refers to sections of a program that can never run during normal execution, effectively making them inactive and unreachable.
CWE-562Return of Stack Variable AddressThis vulnerability occurs when a function returns a pointer to its own local variable. Since that variable's memory is on the stack, the pointer becomes invalid as soon as the function finishes, leading to crashes or unpredictable behavior.
CWE-563Assignment to Variable without UseThis vulnerability occurs when a value is stored in a variable, but that variable is never read or used in subsequent code, creating a 'dead store.'
CWE-564SQL Injection: HibernateThis vulnerability occurs when an application uses Hibernate to construct dynamic SQL queries with unsanitized user input, allowing an attacker to alter the query's logic or execute unauthorized SQL commands.
CWE-565Reliance on Cookies without Validation and Integrity CheckingThis vulnerability occurs when an application uses cookies to make security decisions—like granting access or changing settings—but fails to verify that the cookie data is legitimate, unaltered, and belongs to the current user.
CWE-566Authorization Bypass Through User-Controlled SQL Primary KeyThis vulnerability occurs when an application allows a user to directly control the primary key value used in a SQL query, enabling them to access database records they are not authorized to view.
CWE-567Unsynchronized Access to Shared Data in a Multithreaded ContextThis vulnerability occurs when multiple threads in an application can read and modify shared data, like static variables, without proper coordination. This unsynchronized access corrupts data, causes crashes, and leads to unpredictable, often security-critical, behavior.
CWE-568finalize() Method Without super.finalize()This vulnerability occurs when a Java class overrides the finalize() method but fails to call super.finalize() within it.
CWE-57Path Equivalence: 'fakedir/../realdir/filename'This vulnerability occurs when an application uses external input to build file paths, allowing attackers to bypass access controls. By submitting a path like 'fakedir/../realdir/filename', they can navigate out of a restricted directory ('fakedir') and into a protected one ('realdir'), accessing files the security mechanisms were designed to block.
CWE-570Expression is Always FalseThis vulnerability occurs when code contains a conditional expression that can never evaluate to true, causing a section of the program to be permanently unreachable.
CWE-571Expression is Always TrueThis vulnerability occurs when code contains a conditional expression that will always evaluate to 'true', making the check ineffective and potentially bypassing critical security or logic gates.
CWE-572Call to Thread run() instead of start()This vulnerability occurs when a program incorrectly calls a thread's `run()` method directly, instead of using the `start()` method. This mistake causes the thread's code to execute within the caller's current thread, bypassing the creation of a new, concurrent thread of execution.
CWE-573Improper Following of Specification by CallerThis weakness occurs when software fails to properly follow the documented rules, protocols, or requirements of an external component it uses, such as a library, API, framework, or platform.
CWE-574EJB Bad Practices: Use of Synchronization PrimitivesThis vulnerability occurs when an Enterprise JavaBeans (EJB) component improperly uses thread synchronization primitives, violating the EJB specification's design principles.
CWE-575EJB Bad Practices: Use of AWT SwingThis vulnerability occurs when an Enterprise JavaBeans (EJB) component incorrectly uses AWT or Swing UI toolkits, violating the EJB specification's design principles.
CWE-576EJB Bad Practices: Use of Java I/OThis vulnerability occurs when an Enterprise JavaBeans (EJB) component incorrectly uses Java I/O (java.io) operations to access the file system, violating the EJB specification's design principles.
CWE-577EJB Bad Practices: Use of SocketsThis vulnerability occurs when an Enterprise JavaBeans (EJB) component breaks the EJB specification by directly creating or using network sockets.
CWE-578EJB Bad Practices: Use of Class LoaderThis vulnerability occurs when an Enterprise JavaBeans (EJB) component directly manipulates the Java class loader, violating the EJB specification's security and portability rules.
CWE-579J2EE Bad Practices: Non-serializable Object Stored in SessionThis vulnerability occurs when a Java application stores an object in the user's session that cannot be serialized, which can break critical application features and hurt reliability.
CWE-58Path Equivalence: Windows 8.3 FilenameThis vulnerability occurs when an application's security controls successfully block access to a file's full name on Windows, but fail to protect the shorter 8.3 format version of the same filename, creating a bypassable loophole.
CWE-580clone() Method Without super.clone()This vulnerability occurs when a class's clone() method creates a new object directly instead of calling super.clone().
CWE-581Object Model Violation: Just One of Equals and Hashcode DefinedThis vulnerability occurs when a Java class defines either the equals() method or the hashCode() method, but not both, breaking a fundamental contract of object equality.
CWE-582Array Declared Public, Final, and StaticThis vulnerability occurs when an array is declared as public, final, and static, which does not protect the data inside the array from being altered.
CWE-583finalize() Method Declared PublicThis vulnerability occurs when a Java class declares its finalize() method as public, violating secure coding practices for mobile code.
CWE-584Return Inside Finally BlockThis vulnerability occurs when a function places a return statement inside a finally block. This dangerous pattern silently discards any unhandled exceptions thrown earlier in the try block, making errors invisible and undermining application stability.
CWE-585Empty Synchronized BlockAn empty synchronized block is a Java code construct where a synchronized block exists but contains no executable statements inside it.
CWE-586Explicit Call to Finalize()This vulnerability occurs when code directly calls an object's finalize() method from outside its designated finalizer context.
CWE-587Assignment of a Fixed Address to a PointerThis vulnerability occurs when code explicitly assigns a hardcoded memory address to a pointer, instead of using a dynamic or null value.
CWE-588Attempt to Access Child of a Non-structure PointerThis vulnerability occurs when code incorrectly treats a pointer to a basic data type (like an integer) as if it points to a structured object (like a 'struct' in C). The program then tries to access a member field that doesn't exist at that memory location, which can cause crashes or corrupt adjacent data.
CWE-589Call to Non-ubiquitous APIThis vulnerability occurs when software relies on an operating system function that isn't available on all versions of the target platform. This can cause crashes, unexpected behavior, or security failures when the software runs in an environment where the API is missing.
CWE-59Improper Link Resolution Before File Access ('Link Following')This vulnerability occurs when an application uses a filename to access a file but fails to properly check if that name points to a symbolic link, shortcut, or junction. This allows an attacker to manipulate the link's target, causing the application to read or write to an unintended, potentially sensitive location.
CWE-590Free of Memory not on the HeapThis vulnerability occurs when a program calls free() on a memory pointer that wasn't originally allocated using standard heap functions like malloc(), calloc(), or realloc().
CWE-591Sensitive Data Storage in Improperly Locked MemoryThis vulnerability occurs when an application stores sensitive information, like passwords or encryption keys, in system memory that isn't properly secured from being written to disk. If the memory isn't locked, the operating system's virtual memory manager can swap it to a page or swap file, leaving the data exposed on the storage drive where attackers could potentially recover it.
CWE-593Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are CreatedThis vulnerability occurs when an application modifies an OpenSSL context object after it has already been used to create active SSL/TLS connections.
CWE-594J2EE Framework: Saving Unserializable Objects to DiskThis vulnerability occurs when a J2EE application framework attempts to save objects to disk that cannot be properly serialized, risking application failure.
CWE-595Comparison of Object References Instead of Object ContentsThis vulnerability occurs when code incorrectly checks if two object references point to the same memory location, rather than comparing the actual data or values contained within the objects. This mistake prevents the software from correctly identifying when two separate objects hold equivalent content.
CWE-597Use of Wrong Operator in String ComparisonThis vulnerability occurs when a developer incorrectly compares string values, typically by using reference equality operators (like == or !=) instead of dedicated string comparison methods (like .equals()).
CWE-598Use of GET Request Method With Sensitive Query StringsThis vulnerability occurs when a web application handles sensitive data, like passwords or session tokens, by passing them within the URL's query string using an HTTP GET request.
CWE-599Missing Validation of OpenSSL CertificateThis vulnerability occurs when an application uses OpenSSL but fails to properly verify server certificates by not calling SSL_get_verify_result(). Without this validation, the application may accept insecure or fraudulent certificates.
CWE-6J2EE Misconfiguration: Insufficient Session-ID LengthThis vulnerability occurs when a J2EE application uses session identifiers that are too short, making them easier for attackers to predict or capture.
CWE-600Uncaught Exception in Servlet This vulnerability occurs when a Java Servlet fails to properly catch and handle exceptions, potentially exposing sensitive system information in error messages.
CWE-601URL Redirection to Untrusted Site ('Open Redirect')An open redirect vulnerability occurs when a web application uses unvalidated user input to determine the destination of a redirect, allowing an attacker to send users to an untrusted, external website.
CWE-603Use of Client-Side AuthenticationThis vulnerability occurs when an application places its authentication logic solely within the client-side code, such as in a mobile app or web browser, without enforcing the same checks on the server. Attackers can bypass authentication by modifying the client to skip these checks entirely.
CWE-605Multiple Binds to the Same PortThis vulnerability occurs when a system's socket configuration allows multiple applications to bind to the same network port simultaneously. This can let a malicious process hijack or impersonate legitimate services running on that port.
CWE-606Unchecked Input for Loop ConditionThis vulnerability occurs when an application fails to properly validate or limit user-supplied values that control loop iterations. Without these checks, malicious input can force the program into an endless or excessively long loop, consuming system resources and leading to denial of service or application instability.
CWE-607Public Static Final Field References Mutable ObjectThis vulnerability occurs when a class exposes a public or protected static final field that points to a changeable object. Because the field's reference is constant but the object itself is not, malicious code or even accidental code in other packages can modify the object's contents, violating the intended immutability.
CWE-608Struts: Non-private Field in ActionForm ClassThis vulnerability occurs when an Apache Struts ActionForm class exposes a field without declaring it as private. This allows other parts of the application to directly read or modify the field's data, bypassing the intended setter and getter methods.
CWE-609Double-Checked LockingDouble-checked locking is an insufficient synchronization pattern where a program checks a resource's state, acquires a lock, and checks the state again before initialization, failing to guarantee thread safety across all systems.
CWE-61UNIX Symbolic Link (Symlink) FollowingThis vulnerability occurs when a software application opens files or directories without properly checking if they are symbolic links (symlinks). If an attacker can create or control a symlink, they can redirect file operations to locations outside the intended directory, potentially accessing or modifying unauthorized files.
CWE-611Improper Restriction of XML External Entity ReferenceThis vulnerability occurs when an application processes XML input without properly restricting external entity references. Attackers can exploit this to read local files, trigger internal network requests, or cause denial of service.
CWE-612Improper Authorization of Index Containing Sensitive InformationThis vulnerability occurs when a system indexes sensitive documents for search but fails to properly restrict who can query that index. Attackers can then discover and extract confidential information from the indexed content without having direct access to the original files.
CWE-613Insufficient Session ExpirationInsufficient session expiration occurs when an application allows old session tokens or IDs to remain valid for too long, letting attackers reuse them to gain unauthorized access.
CWE-614Sensitive Cookie in HTTPS Session Without 'Secure' AttributeThis vulnerability occurs when a web application transmits sensitive cookies over an HTTPS connection but fails to set the 'Secure' attribute on those cookies.
CWE-615Inclusion of Sensitive Information in Source Code CommentsThis vulnerability occurs when developers leave sensitive details within source code comments. These can include internal file paths, hidden URLs, inactive code snippets, credentials, or other information meant for internal use only.
CWE-616Incomplete Identification of Uploaded File Variables (PHP)This vulnerability occurs in PHP applications that rely on the deprecated, auto-registered global variables for file uploads (like $varname, $varname_size). Because these variables are not properly validated, an attacker can overwrite them to trick the application into processing malicious or unauthorized files.
CWE-617Reachable AssertionA reachable assertion occurs when an attacker can trigger an assert() statement or similar debugging check, causing the application to crash or behave in a more disruptive way than intended. This turns a helpful development tool into a denial-of-service vulnerability.
CWE-618Exposed Unsafe ActiveX MethodThis vulnerability occurs when an ActiveX control, designed for web browsers, exposes methods that bypass the browser's built-in security restrictions. These unsafe methods can perform actions outside the browser's intended security boundaries, such as those defined by zones or domains.
CWE-619Dangling Database Cursor ('Cursor Injection')A dangling database cursor occurs when a database cursor is not properly closed, potentially allowing other users to access it while it retains its original, often elevated, privileges.
CWE-62UNIX Hard LinkThis vulnerability occurs when an application opens a file or directory without verifying if the name points to a hard link that leads outside its intended security boundary. Attackers can exploit this to trick the software into accessing or modifying unauthorized system files.
CWE-620Unverified Password ChangeThis vulnerability occurs when an application allows a user to set a new password without first verifying their identity through the old password or a secure secondary authentication method.
CWE-621Variable Extraction ErrorThis vulnerability occurs when an application uses unvalidated external input to dynamically select which variables to populate with data. Without proper checks, this can allow an attacker to overwrite critical internal variables, leading to unexpected behavior or security breaches.
CWE-622Improper Validation of Function Hook ArgumentsThis vulnerability occurs when an application adds monitoring or interception hooks to critical functions, but fails to properly check the arguments passed to those hooks. This lack of validation can allow attackers to inject malicious data, leading to security bypasses or system compromise.
CWE-623Unsafe ActiveX Control Marked Safe For ScriptingThis vulnerability occurs when an ActiveX control designed for limited use is incorrectly flagged as safe for scripting, allowing web pages to access its potentially dangerous functions.
CWE-624Executable Regular Expression ErrorThis vulnerability occurs when an application uses a regular expression that can execute code, either because it directly contains executable logic with unsafe user input, or because an attacker can inject pattern modifiers that enable code execution.
CWE-625Permissive Regular ExpressionThis weakness occurs when a regular expression is too permissive, failing to properly validate or sanitize input by allowing unintended values or patterns.
CWE-626Null Byte Interaction Error (Poison Null Byte)This vulnerability occurs when software incorrectly processes null bytes (NUL characters) as data moves between different systems or programming languages, leading to unexpected and potentially dangerous behavior.
CWE-627Dynamic Variable EvaluationThis vulnerability occurs when an application allows user input to directly determine which variable or function name is used at runtime. Without strict validation, an attacker can manipulate these names to access or modify sensitive data, execute unauthorized functions, or disrupt the application's logic.
CWE-628Function Call with Incorrectly Specified ArgumentsThis weakness occurs when a function is called with arguments that are incorrectly specified, causing the function to behave in an unintended and consistently wrong manner.
CWE-636Not Failing Securely ('Failing Open')This vulnerability occurs when a system, upon encountering an error or failure, defaults to its least secure configuration instead of a safer alternative. Examples include reverting to the weakest encryption or the most permissive access rules.
CWE-637Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')This weakness occurs when a security feature is implemented with excessive complexity, creating unnecessary risk. Overly intricate protection mechanisms are harder to understand, configure, and implement correctly, often leading to security gaps and misconfigurations.
CWE-638Not Using Complete MediationThis vulnerability occurs when software fails to verify access permissions every single time a user or process tries to use a resource. Instead, it might rely on a single, outdated check, creating a security gap if the user's privileges are later revoked or changed.
CWE-640Weak Password Recovery Mechanism for Forgotten PasswordThis vulnerability occurs when an application's password reset or recovery feature is poorly designed or implemented, allowing attackers to bypass authentication and hijack user accounts.
CWE-641Improper Restriction of Names for Files and Other ResourcesThis vulnerability occurs when an application creates file or resource names using unvalidated user input, failing to properly limit what characters or paths can be used.
CWE-642External Control of Critical State DataThis vulnerability occurs when an application stores security-sensitive state data in locations that unauthorized users can access and modify.
CWE-643Improper Neutralization of Data within XPath Expressions ('XPath Injection')XPath Injection occurs when an application uses unvalidated user input to build an XPath query for an XML database. Without proper sanitization, attackers can manipulate the query's structure.
CWE-644Improper Neutralization of HTTP Headers for Scripting SyntaxThis vulnerability occurs when an application fails to properly sanitize or escape user-controlled data placed within HTTP response headers. Malicious scripting syntax can then be injected and executed by client-side components like Flash that process raw headers.
CWE-646Reliance on File Name or Extension of Externally-Supplied FileThis vulnerability occurs when an application uses the name or extension of an uploaded file to decide how to handle it. Attackers can manipulate this by uploading files with deceptive names, causing the application to process them incorrectly and potentially dangerously.
CWE-647Use of Non-Canonical URL Paths for Authorization DecisionsThis vulnerability occurs when an application's authorization logic relies on specific URL paths but fails to enforce a single, standardized format. Attackers can bypass access controls by using alternative, equivalent URL formats that the system doesn't recognize as the same protected resource.
CWE-648Incorrect Use of Privileged APIsThis vulnerability occurs when software incorrectly uses functions that require special permissions. Attackers can exploit these mistakes to gain unauthorized access, elevate their privileges, or steal sensitive data.
CWE-649Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity CheckingThis vulnerability occurs when an application uses obfuscation or encryption to hide security-sensitive data (like tokens or parameters) but fails to verify whether that data has been altered. Without integrity checks, the system cannot detect if an attacker has tampered with these inputs.
CWE-65Windows Hard LinkThis vulnerability occurs when a Windows application opens a file or directory without properly verifying if the path points to a hard link. An attacker can exploit this by creating a hard link that redirects the application to access files outside its intended permissions, potentially leading to unauthorized data manipulation.
CWE-650Trusting HTTP Permission Methods on the Server SideThis vulnerability occurs when a server incorrectly assumes that HTTP GET requests are always safe and cannot change server-side data. Attackers can exploit this flawed assumption to bypass security controls and perform unauthorized actions like modifying or deleting resources.
CWE-651Exposure of WSDL File Containing Sensitive InformationThis vulnerability occurs when a Web Service Definition Language (WSDL) file, which acts as a public blueprint for a web service, is exposed in a way that reveals sensitive information about the application's internal structure or functionality.
CWE-652Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')XQuery Injection occurs when an application uses unvalidated user input to build an XQuery expression for querying an XML database. Without proper neutralization, an attacker can manipulate the query's structure.
CWE-653Improper Isolation or CompartmentalizationThis vulnerability occurs when an application fails to enforce strong boundaries between components that operate at different security levels, allowing lower-privileged functions to improperly interact with higher-privileged ones.
CWE-654Reliance on a Single Factor in a Security DecisionThis vulnerability occurs when a system's security check depends almost entirely on just one condition, object, or piece of data to decide whether to grant access to sensitive resources or actions. It's like having a single, easily compromised lock on a vault, instead of a layered defense.
CWE-656Reliance on Security Through ObscurityThis weakness occurs when a system's primary defense relies on hiding how it works, rather than using a robust, well-tested security mechanism. If an attacker discovers the hidden details—like a secret algorithm or hardcoded key—the protection fails completely.
CWE-657Violation of Secure Design PrinciplesThis weakness occurs when a system's architecture or design fails to follow fundamental security principles, creating a flawed foundation that can lead to multiple vulnerabilities.
CWE-66Improper Handling of File Names that Identify Virtual ResourcesThis vulnerability occurs when software incorrectly processes a filename that points to a 'virtual' resource—like a device, pipe, or internal system object—instead of a regular file. The application mistakenly performs file operations (like read, write, or copy) on this non-file resource, which can lead to crashes, data exposure, or unexpected system behavior.
CWE-662Improper SynchronizationThis vulnerability occurs when a multi-threaded or multi-process application allows shared resources to be accessed by multiple threads or processes simultaneously, without proper safeguards to enforce exclusive access.
CWE-663Use of a Non-reentrant Function in a Concurrent ContextThis vulnerability occurs when a program uses a function that is not safe for reentrancy within a concurrent environment, such as multi-threaded code or signal handlers. If another thread or signal handler interrupts and calls the same function, it can corrupt shared data, cause crashes, or create unpredictable behavior.
CWE-664Improper Control of a Resource Through its LifetimeThis vulnerability occurs when software fails to properly manage a resource throughout its entire lifecycle—from creation and active use to its final release or destruction.
CWE-665Improper InitializationThis vulnerability occurs when software fails to properly set up a resource before use, or provides incorrect starting values, leaving it in an unpredictable and potentially dangerous state.
CWE-666Operation on Resource in Wrong Phase of LifetimeThis vulnerability occurs when software interacts with a resource—like memory, a file, or a network connection—at an incorrect stage of its existence, leading to crashes, data corruption, or unpredictable behavior.
CWE-667Improper LockingThis vulnerability occurs when a program fails to correctly acquire or release a lock on a shared resource, such as a file, database record, or memory location. This improper synchronization allows other processes or threads to interfere, leading to corrupted data, crashes, or unpredictable behavior.
CWE-668Exposure of Resource to Wrong SphereThis vulnerability occurs when an application unintentionally makes a resource accessible to users or systems that should not have permission to use it.
CWE-669Incorrect Resource Transfer Between SpheresThis vulnerability occurs when an application incorrectly moves or shares a resource (like data, permissions, or functionality) between different trust boundaries or security contexts. This improper transfer can give unintended actors control over that resource, leading to security breaches.
CWE-67Improper Handling of Windows Device NamesThis vulnerability occurs when an application builds file paths from user input but fails to properly recognize or handle Windows reserved device names like AUX, CON, or COM1. Attackers can exploit this by submitting these special names, which typically causes the application to crash, hang, or leak sensitive information when it tries to access them as regular files.
CWE-670Always-Incorrect Control Flow ImplementationThis weakness occurs when a section of code is structured in a way that always executes incorrectly, regardless of input or conditions. The control flow logic is fundamentally flawed and does not match the intended algorithm.
CWE-671Lack of Administrator Control over SecurityThis weakness occurs when a system's built-in security settings cannot be adjusted by its administrator. This prevents tailoring security to the specific deployment environment, forcing the system to operate at a lower or inappropriate security level than required.
CWE-672Operation on a Resource after Expiration or ReleaseThis vulnerability occurs when a program continues to use a resource—like memory, a file handle, or a network connection—after it has been freed, closed, or is no longer valid.
CWE-673External Influence of Sphere DefinitionThe application allows external parties to modify its security boundaries or trusted zones, which should be defined and controlled internally.
CWE-674Uncontrolled RecursionThis vulnerability occurs when an application fails to limit how deeply a function can call itself. Without proper controls, this uncontrolled recursion can exhaust system resources like memory or stack space, leading to crashes or denial-of-service.
CWE-675Multiple Operations on Resource in Single-Operation ContextThis vulnerability occurs when a software component performs the same action on a resource multiple times, even though the action is designed to be executed only once. This redundant execution can lead to unintended side effects, data corruption, or resource exhaustion.
CWE-676Use of Potentially Dangerous FunctionThis vulnerability occurs when code calls a function that can be dangerous if misused, but can also be used safely with proper precautions. The risk lies not in the function itself, but in how it's implemented.
CWE-681Incorrect Conversion between Numeric TypesThis vulnerability occurs when a program converts a value from one numeric type to another (like a 64-bit integer to a 32-bit integer) and the conversion loses or misinterprets data. If these corrupted values are later used in security-critical operations—like calculating buffer sizes, checking permissions, or performing financial transactions—they can lead to crashes, incorrect behavior, or security bypasses.
CWE-682Incorrect CalculationThis vulnerability occurs when software performs a calculation that produces wrong or unexpected results, which are then used to make security decisions or manage critical resources.
CWE-683Function Call With Incorrect Order of ArgumentsThis vulnerability occurs when a program calls a function but supplies the arguments in the wrong order, which can cause unexpected behavior or security flaws.
CWE-684Incorrect Provision of Specified FunctionalityThis weakness occurs when software behaves differently than its documented specifications, which can mislead users and create security risks.
CWE-685Function Call With Incorrect Number of ArgumentsThis weakness occurs when a program calls a function, method, or subroutine but provides the wrong number of arguments—either too many or too few. This mismatch can cause the program to behave unpredictably, access incorrect memory, or crash, creating a security vulnerability.
CWE-686Function Call With Incorrect Argument TypeThis vulnerability occurs when a program calls a function or method but passes an argument of the wrong data type, which can cause unexpected behavior or security flaws.
CWE-687Function Call With Incorrectly Specified Argument ValueThis vulnerability occurs when a function is called with an argument that holds an incorrect or unexpected value, leading to unintended program behavior or security flaws.
CWE-688Function Call With Incorrect Variable or Reference as ArgumentThis vulnerability occurs when a function is called with the wrong variable or reference passed as an argument. This simple coding mistake can cause the program to behave unpredictably, access incorrect data, or trigger other security flaws.
CWE-689Permission Race Condition During Resource CopyThis vulnerability occurs when a system copies a file or resource but delays setting its final permissions until the entire copy operation is finished. During the copy process, the resource remains exposed with default or overly permissive access, creating a temporary window where unauthorized users or processes could read, modify, or delete it.
CWE-69Improper Handling of Windows ::DATA Alternate Data StreamThis vulnerability occurs when an application fails to properly secure or monitor Windows Alternate Data Streams (ADS), allowing them to be used to hide or bypass security controls.
CWE-690Unchecked Return Value to NULL Pointer DereferenceThis vulnerability occurs when a program calls a function that can return a NULL pointer to signal failure, but the code does not check for this error condition before using the returned value, leading to a crash or unexpected behavior from dereferencing the NULL pointer.
CWE-691Insufficient Control Flow ManagementThis vulnerability occurs when a program's execution flow isn't properly managed, allowing attackers to bypass critical checks, trigger unexpected code paths, or disrupt normal operation.
CWE-693Protection Mechanism FailureThis weakness occurs when software either lacks a necessary security control, implements one that is too weak, or fails to activate an existing control in a critical area, leaving it vulnerable to targeted attacks.
CWE-694Use of Multiple Resources with Duplicate IdentifierThis vulnerability occurs when a system uses multiple resources that can share the same identifier, even though the application logic requires each identifier to be unique.
CWE-695Use of Low-Level FunctionalityThis vulnerability occurs when code bypasses high-level framework controls by directly using low-level system functions, violating the intended security model.
CWE-696Incorrect Behavior OrderThis weakness occurs when a system executes multiple dependent actions in the wrong sequence, leading to unexpected and potentially vulnerable states.
CWE-697Incorrect ComparisonThis weakness occurs when a security-critical decision relies on a flawed comparison between two pieces of data. The incorrect logic can create a gap that attackers exploit to bypass checks or trigger unintended behavior.
CWE-698Execution After Redirect (EAR)Execution After Redirect (EAR) occurs when a web application sends a redirect response to a user's browser but continues to run server-side code, potentially performing unintended actions.
CWE-7J2EE Misconfiguration: Missing Custom Error PageThis vulnerability occurs when a J2EE application uses the server's default error pages instead of custom ones, potentially leaking sensitive system details.
CWE-703Improper Check or Handling of Exceptional ConditionsThis vulnerability occurs when software fails to properly plan for or manage rare but possible error scenarios, leaving it unprepared for unexpected events that can disrupt normal operation.
CWE-704Incorrect Type Conversion or CastThis vulnerability occurs when software incorrectly changes data from one type to another, leading to unexpected behavior or security flaws.
CWE-705Incorrect Control Flow ScopingThis vulnerability occurs when a program fails to return execution to the correct point in the code after finishing a specific operation or handling an error. Instead of resuming normal flow, it may jump to an unintended location, leading to unpredictable behavior or security issues.
CWE-706Use of Incorrectly-Resolved Name or ReferenceThis vulnerability occurs when software uses a name, path, or reference to access a resource, but that identifier points to something outside the area the application is supposed to control, leading to unauthorized access or manipulation.
CWE-707Improper NeutralizationThis vulnerability occurs when an application fails to properly validate or sanitize structured data before it's received from an external source or sent to another component. This allows malformed messages to be processed, which can lead to misinterpretation and security breaches.
CWE-708Incorrect Ownership AssignmentThis vulnerability occurs when a system grants ownership of a resource to an entity that should not have that level of control, placing it outside the intended security boundary.
CWE-710Improper Adherence to Coding StandardsThis weakness occurs when developers don't consistently follow established coding standards and best practices, which can introduce security flaws or make existing vulnerabilities more severe.
CWE-72Improper Handling of Apple HFS+ Alternate Data Stream PathThis vulnerability occurs when software fails to correctly process HFS+ file system paths that point to alternate data streams, such as a file's data or resource fork.
CWE-73External Control of File Name or PathThis vulnerability occurs when an application uses unvalidated user input to construct file or directory paths for filesystem operations.
CWE-732Incorrect Permission Assignment for Critical ResourceThis vulnerability occurs when a system grants overly permissive access to a sensitive resource, allowing unauthorized users or processes to read or alter it.
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')This vulnerability occurs when an application uses untrusted external input to build a command, query, or data structure for another component, but fails to properly sanitize special characters or syntax. This allows the input to alter the intended meaning or behavior when the downstream component processes it.
CWE-749Exposed Dangerous Method or FunctionThis vulnerability occurs when a software component exposes an API or interface containing a high-risk function that lacks proper access controls, allowing unauthorized actors to trigger it.
CWE-75Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)This vulnerability occurs when an application fails to properly filter or encode user-supplied data containing special characters or commands that can be interpreted in a different context, such as a command shell, file system, or data format.
CWE-754Improper Check for Unusual or Exceptional ConditionsThis weakness occurs when software fails to properly anticipate and handle rare or unexpected runtime situations that fall outside normal operation.
CWE-755Improper Handling of Exceptional ConditionsThis vulnerability occurs when software fails to properly manage unexpected situations or errors, leaving it in an unstable or insecure state.
CWE-759Use of a One-Way Hash without a SaltThis vulnerability occurs when a system uses a one-way hash function (like MD5 or SHA-256) to protect sensitive data like passwords, but fails to add a unique random value called a salt before hashing.
CWE-76Improper Neutralization of Equivalent Special ElementsThis vulnerability occurs when an application successfully blocks or sanitizes a known set of dangerous inputs but fails to recognize and handle alternative forms that have the same meaning or effect.
CWE-760Use of a One-Way Hash with a Predictable SaltThis vulnerability occurs when an application uses a one-way hash (like for password storage) but combines it with a predictable or easily guessed salt. This undermines the security benefit of salting, making pre-computed attack methods like rainbow tables highly effective.
CWE-761Free of Pointer not at Start of BufferThis vulnerability occurs when a program incorrectly frees a memory pointer that no longer points to the beginning of the allocated heap buffer, often due to pointer arithmetic.
CWE-762Mismatched Memory Management RoutinesThis vulnerability occurs when a program uses incompatible functions to allocate and free memory. For example, freeing memory with a function that doesn't match the one used to create it, like mixing different memory management systems.
CWE-763Release of Invalid Pointer or ReferenceThis vulnerability occurs when a program tries to free a memory resource back to the system but uses an incorrect deallocation method or calls the correct method improperly.
CWE-764Multiple Locks of a Critical ResourceThis vulnerability occurs when a critical resource, such as a file, data structure, or connection, is locked more times than the software logic intended, putting the system into an unstable or unresponsive state.
CWE-765Multiple Unlocks of a Critical ResourceThis vulnerability occurs when a critical resource, like a lock or semaphore, is unlocked more times than it was locked, putting the system into an unexpected and potentially unstable state.
CWE-766Critical Data Element Declared PublicThis vulnerability occurs when a critical piece of data—like a variable, field, or class member—is mistakenly declared as public when it should be kept private according to the application's security design.
CWE-767Access to Critical Private Variable via Public MethodThis vulnerability occurs when a class exposes a public method that directly accesses or alters a private variable.
CWE-768Incorrect Short Circuit EvaluationThis vulnerability occurs when a program's conditional statement uses short-circuit evaluation (where later parts of an AND/OR check are skipped if the outcome is already determined), and the skipped portions contain code that changes the program's state. Because these side effects—like updating a variable, checking a permission, or logging an event—are never executed, the application can enter an unexpected and potentially insecure state.
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')This vulnerability occurs when an application builds a system command using untrusted user input without properly sanitizing it. An attacker can inject their own commands by inserting special characters or code, tricking the application into executing unintended and potentially harmful actions on the underlying system.
CWE-770Allocation of Resources Without Limits or ThrottlingThis vulnerability occurs when a system allows users or processes to request resources without any built-in caps or rate limits. Think of it as a buffet with no rules on how much one person can take, eventually leaving nothing for others and causing the system to fail.
CWE-771Missing Reference to Active Allocated ResourceThis vulnerability occurs when software loses track of a resource it has allocated, like memory or a file handle, preventing the system from properly releasing it back for future use.
CWE-772Missing Release of Resource after Effective LifetimeThis vulnerability occurs when a program fails to properly release a system resource—like memory, file handles, or network sockets—after it is no longer needed. This leads to a gradual accumulation of unused resources, known as a resource leak.
CWE-773Missing Reference to Active File Descriptor or HandleThis vulnerability occurs when a program fails to keep track of open files or resources, preventing the system from properly closing and reclaiming them.
CWE-774Allocation of File Descriptors or Handles Without Limits or ThrottlingThis vulnerability occurs when an application creates file descriptors or handles for a user or process without enforcing any limits on the total number that can be opened.
CWE-775Missing Release of File Descriptor or Handle after Effective LifetimeThis vulnerability occurs when a program fails to properly close file descriptors or handles after they are no longer needed, leaving these system resources allocated.
CWE-776Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')This vulnerability occurs when an XML parser allows Document Type Definitions (DTDs) to contain recursively defined entities without proper limits, enabling malicious data structures.
CWE-777Regular Expression without AnchorsThis vulnerability occurs when a regular expression used for validation or sanitization lacks anchors, allowing unintended characters or malicious payloads to bypass security checks.
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')OS Command Injection occurs when an application builds a system command using untrusted, external input without properly sanitizing it. This allows an attacker to inject and execute arbitrary commands on the underlying operating system.
CWE-780Use of RSA Algorithm without OAEPThis vulnerability occurs when an application implements RSA encryption but fails to use Optimal Asymmetric Encryption Padding (OAEP), significantly weakening the cryptographic protection.
CWE-781Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control CodeThis vulnerability occurs when a Windows driver defines an IOCTL using METHOD_NEITHER but fails to properly check the user-supplied memory addresses before using them.
CWE-782Exposed IOCTL with Insufficient Access ControlThis vulnerability occurs when a system exposes an IOCTL (Input/Output Control) interface that performs sensitive operations, but fails to implement proper checks to verify which users or processes are allowed to call it.
CWE-783Operator Precedence Logic ErrorThis vulnerability occurs when a developer writes a conditional expression where the intended logic is broken due to misunderstanding or misapplying the rules of operator precedence.
CWE-784Reliance on Cookies without Validation and Integrity Checking in a Security DecisionThis vulnerability occurs when an application makes security decisions—like granting access or verifying identity—based solely on cookie data without first confirming the cookie's authenticity or integrity.
CWE-785Use of Path Manipulation Function without Maximum-sized BufferThis vulnerability occurs when a program uses a path manipulation function but supplies an output buffer that is too small to hold the maximum possible path length, such as PATH_MAX.
CWE-787Out-of-bounds WriteThis vulnerability occurs when software incorrectly writes data outside the boundaries of its allocated memory buffer, either beyond the end or before the beginning.
CWE-789Memory Allocation with Excessive Size ValueThis vulnerability occurs when a program allocates memory based on a user-supplied or untrusted size value without proper validation. If an attacker provides an excessively large number, the application can attempt to allocate massive amounts of system memory, leading to a denial-of-service or system instability.
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')This vulnerability occurs when a web application fails to properly sanitize or encode user-supplied input before displaying it on a webpage viewed by other users.
CWE-790Improper Filtering of Special ElementsThis vulnerability occurs when an application accepts data from a source but fails to properly sanitize or incorrectly filters out special characters or control elements before passing that data to another system component.
CWE-791Incomplete Filtering of Special ElementsThis vulnerability occurs when an application accepts data from a source but fails to properly clean or neutralize all special characters or commands before passing that data to another system component.
CWE-792Incomplete Filtering of One or More Instances of Special ElementsThis vulnerability occurs when an application receives external data but fails to properly neutralize all instances of potentially dangerous characters or code patterns before passing that data to another system component.
CWE-793Only Filtering One Instance of a Special ElementThis vulnerability occurs when an application processes incoming data but only removes or neutralizes one occurrence of a dangerous element, leaving other identical or similar elements untouched before passing the data along.
CWE-794Incomplete Filtering of Multiple Instances of Special ElementsThis vulnerability occurs when an application receives data from a source but fails to remove or neutralize every instance of a potentially dangerous element before passing that data to another component.
CWE-795Only Filtering Special Elements at a Specified LocationThis vulnerability occurs when a security filter only checks for dangerous input patterns at specific, predefined locations within the data. It fails to scan the entire input stream, allowing malicious elements that appear outside the expected location to pass through and potentially harm downstream components.
CWE-796Only Filtering Special Elements Relative to a MarkerThis vulnerability occurs when software filters dangerous inputs or characters, but only checks for them in specific, expected locations (like the start or end of a string). It fails to detect and remove the same dangerous elements if they appear elsewhere in the data, allowing them to pass through to critical system components.
CWE-797Only Filtering Special Elements at an Absolute PositionThis vulnerability occurs when software checks for dangerous characters or patterns only at a fixed, hardcoded location in input data. Because it ignores these same elements if they appear anywhere else, attackers can bypass the filter by simply moving the malicious content to a different position.
CWE-799Improper Control of Interaction FrequencyThis vulnerability occurs when an application fails to properly restrict how often or how many times a user or automated system can interact with it.
CWE-8J2EE Misconfiguration: Entity Bean Declared RemoteThis vulnerability occurs when an Entity Bean in a J2EE application is incorrectly configured with a remote interface. This exposes data access methods to remote clients, allowing unauthorized users to potentially read sensitive information or manipulate data outside the application's intended security boundaries.
CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)This vulnerability, commonly known as Basic Cross-Site Scripting (XSS), occurs when a web application fails to properly sanitize user input containing HTML and JavaScript tags. When untrusted data containing characters like <, >, and & is rendered directly into a webpage, a browser may execute it as active code, not just display it as text.
CWE-804Guessable CAPTCHAThis vulnerability occurs when a CAPTCHA challenge is too easy for automated bots to solve, either by guessing or using pattern recognition, allowing them to bypass the human verification step.
CWE-805Buffer Access with Incorrect Length ValueThis vulnerability occurs when software reads from or writes to a buffer using a loop or sequential operation, but mistakenly calculates or provides an incorrect length value. This incorrect length causes the operation to access memory outside the buffer's allocated boundaries.
CWE-806Buffer Access Using Size of Source BufferThis vulnerability occurs when a program uses the size of the source data buffer to control reading or writing to a smaller destination buffer, potentially accessing memory outside the destination's allocated bounds.
CWE-807Reliance on Untrusted Inputs in a Security DecisionThis vulnerability occurs when an application's security check depends on user-controlled data that can be manipulated to bypass protection mechanisms, such as authentication or authorization gates.
CWE-81Improper Neutralization of Script in an Error Message Web PageThis vulnerability occurs when an application fails to properly sanitize user-supplied input before displaying it within an error message web page. If special characters used in web scripts are not neutralized, an attacker can inject malicious code that executes in a user's browser.
CWE-82Improper Neutralization of Script in Attributes of IMG Tags in a Web PageThis vulnerability occurs when a web application fails to properly sanitize or escape script code within the attributes of HTML IMG tags, such as the 'src' attribute.
CWE-827Improper Control of Document Type DefinitionThis vulnerability occurs when an application fails to properly restrict which Document Type Definitions (DTDs) can be referenced during XML parsing. Attackers can exploit this by injecting references to malicious DTDs, potentially leading to unauthorized file access, server-side request forgery (SSRF), or denial-of-service through resource exhaustion.
CWE-829Inclusion of Functionality from Untrusted Control SphereThis weakness occurs when an application integrates executable code, like a library or plugin, from a source it does not fully control or trust.
CWE-83Improper Neutralization of Script in Attributes in a Web PageThis vulnerability occurs when a web application fails to properly sanitize or block JavaScript URIs (like 'javascript:') within HTML tag attributes. Attackers can inject malicious code into attributes such as onmouseover, onload, onerror, or style, leading to cross-site scripting (XSS) attacks when the page renders.
CWE-830Inclusion of Web Functionality from an Untrusted SourceThis vulnerability occurs when a web application directly imports and executes functionality, like a widget or script, from an external, untrusted domain. Because the imported code runs within your application's own security context (origin), it gains the same level of access to user data and the DOM as your own code, potentially giving the third party full control.
CWE-836Use of Password Hash Instead of Password for AuthenticationThis vulnerability occurs when an application's authentication system accepts a password hash directly from the client for verification, instead of receiving and hashing the plaintext password on the server.
CWE-84Improper Neutralization of Encoded URI Schemes in a Web PageThis vulnerability occurs when a web application fails to properly sanitize user-supplied input that contains malicious scripts disguised using encoded URI schemes like `javascript:` or `data:`.
CWE-841Improper Enforcement of Behavioral WorkflowThis weakness occurs when an application requires a user to follow a specific sequence of actions, but fails to enforce that order. Attackers can exploit this by skipping steps, performing actions out of sequence, or interrupting the flow, which can corrupt the business logic or put the system into an invalid state.
CWE-842Placement of User into Incorrect GroupThis vulnerability occurs when a system or administrator assigns a user to the wrong security group or role.
CWE-843Access of Resource Using Incompatible Type ('Type Confusion')Type confusion occurs when a program creates a resource—like a pointer, object, or variable—with one data type, but later incorrectly accesses it as a different, incompatible type.
CWE-85Doubled Character XSS ManipulationsThis vulnerability occurs when a web application fails to properly sanitize user input that contains doubled characters, allowing attackers to bypass filters and inject malicious scripts.
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web PagesThis vulnerability occurs when an application fails to properly filter or escape invalid characters within web identifiers like HTML tag names or URI schemes, allowing malicious sequences to pass through.
CWE-862Missing AuthorizationThis vulnerability occurs when an application fails to verify whether a user has permission to access specific data or execute certain actions before allowing the request to proceed.
CWE-863Incorrect AuthorizationThis vulnerability occurs when an application checks if a user is allowed to perform an action or access data, but the check is flawed or incomplete, allowing unauthorized access.
CWE-87Improper Neutralization of Alternate XSS SyntaxThis vulnerability occurs when an application fails to properly sanitize user-supplied input that uses alternative methods to execute cross-site scripting (XSS) attacks.
CWE-88Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')This vulnerability occurs when an application builds a command string for execution by another component, but fails to properly separate or 'neutralize' the intended arguments. This allows an attacker to inject additional command-line arguments, options, or switches by including argument-separating characters (like spaces or dashes) in untrusted input.
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')SQL Injection occurs when an application builds a database query using untrusted user input without properly sanitizing it. This allows an attacker to insert malicious SQL code that the database executes, potentially letting them view, modify, or delete sensitive data.
CWE-9J2EE Misconfiguration: Weak Access Permissions for EJB MethodsThis vulnerability occurs when Enterprise JavaBean (EJB) methods are configured with overly permissive access rights, allowing attackers to exploit elevated privileges they should not have.
CWE-90Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')This vulnerability occurs when an application builds an LDAP query using untrusted user input without properly sanitizing it. An attacker can inject special characters or commands to alter the query's logic, potentially gaining unauthorized access to, modifying, or extracting sensitive directory information.
CWE-908Use of Uninitialized ResourceThis vulnerability occurs when software attempts to use a resource—like memory, a file handle, or an object—before it has been properly set up or assigned a valid starting state.
CWE-909Missing Initialization of ResourceThe software fails to properly set up a critical resource before using it.
CWE-91XML Injection (aka Blind XPath Injection)XML Injection occurs when an application fails to properly validate or escape user-controlled input before including it in XML documents or queries. This allows attackers to inject malicious XML elements or syntax, potentially altering the document's structure, extracting sensitive data, or disrupting processing logic.
CWE-910Use of Expired File DescriptorThis vulnerability occurs when a program attempts to use a file descriptor after it has been closed, treating it as if it were still valid.
CWE-911Improper Update of Reference CountThis vulnerability occurs when a program uses a reference counter to track resource usage but fails to update the count correctly, either by missing an update or applying an incorrect value.
CWE-912Hidden FunctionalityHidden functionality refers to undocumented features, commands, or code within a product that are not part of its official specification and are not obvious to users or administrators.
CWE-913Improper Control of Dynamically-Managed Code ResourcesThis vulnerability occurs when an application fails to properly secure access to code resources that can be created or altered at runtime, such as variables, functions, or objects.
CWE-914Improper Control of Dynamically-Identified VariablesThis vulnerability occurs when an application fails to properly secure access to variables whose names are determined at runtime, allowing attackers to read or modify data they shouldn't have access to.
CWE-915Improperly Controlled Modification of Dynamically-Determined Object AttributesThis vulnerability occurs when an application accepts user input that specifies which object attributes or fields to create or update, but fails to restrict which specific attributes can be changed. Attackers can exploit this to modify sensitive internal properties they shouldn't have access to.
CWE-917Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')Expression Language Injection occurs when an application uses untrusted, external input to build an expression language statement—common in frameworks like Java Server Pages (JSP)—without properly sanitizing it. This allows an attacker to inject malicious expressions that alter the intended logic and execute arbitrary code when the statement is processed.
CWE-918Server-Side Request Forgery (SSRF)Server-Side Request Forgery (SSRF) occurs when a web application fetches a remote resource based on user-controlled input, but fails to properly validate or restrict where those requests are sent. This allows an attacker to trick the server into making unauthorized connections to internal systems or external domains.
CWE-922Insecure Storage of Sensitive InformationThis vulnerability occurs when an application stores sensitive data—like credentials, personal information, or encryption keys—without enforcing proper access controls, allowing unauthorized users to read or modify it.
CWE-93Improper Neutralization of CRLF Sequences ('CRLF Injection')This vulnerability occurs when an application uses carriage return and line feed characters (CRLF) to structure data, like separating lines or records, but fails to properly sanitize these sequences from user-supplied input before processing.
CWE-939Improper Authorization in Handler for Custom URL SchemeThis vulnerability occurs when an app implements a custom URL scheme handler but fails to properly verify which other apps or sources are allowed to trigger it.
CWE-94Improper Control of Generation of Code ('Code Injection')This vulnerability occurs when an application builds executable code using unvalidated external input, such as user data. Because the application fails to properly filter or escape this input, an attacker can inject special characters or commands that alter the intended code's logic or syntax.
CWE-940Improper Verification of Source of a Communication ChannelThis vulnerability occurs when an application accepts incoming communication requests without properly checking where they originate from, allowing potentially malicious sources to establish a connection.
CWE-941Incorrectly Specified Destination in a Communication ChannelThis vulnerability occurs when an application establishes an outgoing communication channel but fails to correctly define or enforce the intended recipient. This misdirection can allow data to be sent to an untrusted or malicious destination.
CWE-942Permissive Cross-domain Security Policy with Untrusted DomainsThis vulnerability occurs when a web application's cross-domain security policy, like a Content Security Policy (CSP), explicitly allows communication with untrusted or overly permissive external domains.
CWE-943Improper Neutralization of Special Elements in Data Query LogicThis vulnerability occurs when an application builds a query for a data store (like a database) but fails to properly sanitize user-controlled input. This allows an attacker to inject special elements that change the query's intended logic, potentially accessing or manipulating data in unauthorized ways.
CWE-95Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')This vulnerability occurs when an application takes user input and passes it directly into a dynamic code execution function, like eval(), without properly sanitizing it. This allows an attacker to inject and execute arbitrary code within the application's context.
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')Static Code Injection occurs when an application incorporates unvalidated or improperly sanitized user input directly into a static, executable resource like a configuration file, template, or library. Because this input is saved and later executed, it allows an attacker to inject malicious code that becomes a permanent part of the application's logic.
CWE-97Improper Neutralization of Server-Side Includes (SSI) Within a Web PageThis vulnerability occurs when a web application dynamically generates pages but fails to properly sanitize user-supplied input that could be interpreted as server-side include (SSI) commands, allowing an attacker to inject malicious directives.
CWE-98Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')This vulnerability occurs when a PHP application uses unvalidated or insufficiently restricted user input directly within file inclusion functions like require() or include().
CWE-99Improper Control of Resource Identifiers ('Resource Injection')This vulnerability occurs when an application accepts user input as a resource identifier (like a file path or port number) without proper validation, allowing an attacker to access or manipulate resources outside the intended scope.
Mapping Notes
Usage: Prohibited
Reasons: View
Rationale:
This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.
Comment:
Use this View or other Views to search and navigate for the appropriate weakness.