CWE - Common Weakness Enumeration Common Weakness Enumeration A community-developed list of SW & HW weaknesses that

CWE - Contribute Weakness Content to CWE Common Weakness Enumeration A community-developed list of SW

CWE - CWE-1000: Research Concepts (4.18) Common Weakness Enumeration A community-developed list of SW &

CWE - CWE-1000: Research Concepts (4.17) Common Weakness Enumeration A community-developed list of SW &

CWE - CWE-284: Improper Access Control (4.17) Common Weakness Enumeration A community-developed list of SW

Elements in Output Used by a Downstream Component ('Injection') (4.17) Common Weakness Enumeration A community

CWE - CWE-284: Improper Access Control (4.18) Common Weakness Enumeration A community-developed list of SW

CWE - CWE-352: Cross-Site Request Forgery (CSRF) (4.17) Common Weakness Enumeration A community-developed list of

CWE - CWE-138: Improper Neutralization of Special Elements (4.17) Common Weakness Enumeration A community-developed list

CWE - CWE-471: Modification of Assumed-Immutable Data (MAID) (4.17) Common Weakness Enumeration A community-developed

Special Elements used in an Expression Language Statement ('Expression Language Injection') (4.17) Common Weakness Enumeration A community

types colored as specified below. Research View with Abstractions Highlighted Weakness Pillar Weakness Class Weakness Base Weakness Variant Compound Elements The

CWE-1349: CWE CATEGORY: OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration (4.17) Common Weakness Enumeration A community

of Special Elements used in an SQL Command ('SQL Injection') (4.17) Common Weakness Enumeration A community

of Script in Attributes in a Web Page (4.17) Common Weakness Enumeration A community

CWE - CWE-476: NULL Pointer Dereference (4.17) Common Weakness Enumeration A community-developed list of SW

CWE - CWE-399: CWE CATEGORY: Resource Management Errors (4.17) Common Weakness Enumeration A community-developed list of

to Sanitize Special Elements into a Different Plane (Special Element Injection) (4.17) Common Weakness Enumeration A community

CWE-635: Weaknesses Originally Used by NVD from 2008 to 2016 (4.17) Common Weakness Enumeration A community

CWE - CWE-190: Integer Overflow or Wraparound (4.17) Common Weakness Enumeration A community-developed list of SW

CWE - CWE-285: Improper Authorization (4.17) Common Weakness Enumeration A community-developed list of SW &

200: Exposure of Sensitive Information to an Unauthorized Actor (4.17) Common Weakness Enumeration A community

of Special Elements used in an SQL Command ('SQL Injection') (4.18) Common Weakness Enumeration A community

CWE - CWE-23: Relative Path Traversal (4.17) Common Weakness Enumeration A community-developed list of SW

CWE-1188: Initialization of a Resource with an Insecure Default (4.17) Common Weakness Enumeration A community

CWE - CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') (4.17) Common Weakness Enumeration A community

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.17) Common Weakness Enumeration A community

CWE - CWE-288: Authentication Bypass Using an Alternate Path or Channel (4.17) Common Weakness Enumeration A community-developed

CWE - CWE-91: XML Injection (aka Blind XPath Injection) (4.17) Common Weakness Enumeration A community-developed list of

Controlled Reference to a Resource in Another Sphere (4.17) Common Weakness Enumeration A community

CWE - CWE-400: Uncontrolled Resource Consumption (4.17) Common Weakness Enumeration A community-developed list of SW

CWE - CWE-99: Improper Control of Resource Identifiers ('Resource Injection') (4.17) Common Weakness Enumeration A community

CWE - CWE-87: Improper Neutralization of Alternate XSS Syntax (4.17) Common Weakness Enumeration A community-developed

Neutralization of Server-Side Includes (SSI) Within a Web Page (4.17) Common Weakness Enumeration A community

CWE - CWE-453: Insecure Default Variable Initialization (4.17) Common Weakness Enumeration A community-developed list of SW

of Invalid Characters in Identifiers in Web Pages (4.17) Common Weakness Enumeration A community

CWE - CWE-918: Server-Side Request Forgery (SSRF) (4.17) Common Weakness Enumeration A community-developed list of

CWE - CWE-85: Doubled Character XSS Manipulations (4.17) Common Weakness Enumeration A community-developed list of SW

CWE - CWE-184: Incomplete List of Disallowed Inputs (4.17) Common Weakness Enumeration A community-developed list

Neutralization of Script in an Error Message Web Page (4.17) Common Weakness Enumeration A community

Neutralization of Directives in Statically Saved Code ('Static Code Injection') (4.17) Common Weakness Enumeration A community

CWE-643: Improper Neutralization of Data within XPath Expressions ('XPath Injection') (4.17) Common Weakness Enumeration A community

of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') (4.17) Common Weakness Enumeration A community

of Special Elements used in a Command ('Command Injection') (4.17) Common Weakness Enumeration A community

Script-Related HTML Tags in a Web Page (Basic XSS) (4.17) Common Weakness Enumeration A community

CWE-652: Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') (4.17) Common Weakness Enumeration A community

of Special Elements used in an LDAP Query ('LDAP Injection') (4.17) Common Weakness Enumeration A community

CWE - CWE-116: Improper Encoding or Escaping of Output (4.17) Common Weakness Enumeration A community-developed

94: Improper Control of Generation of Code ('Code Injection') (4.17) Common Weakness Enumeration A community

CWE - CWE-16: CWE CATEGORY: Configuration (4.18) Common Weakness Enumeration A community-developed list of SW

CWE - CWE-452: CWE CATEGORY: Initialization and Cleanup Errors (4.17) Common Weakness Enumeration A community-developed

Neutralization of Encoded URI Schemes in a Web Page (4.17) Common Weakness Enumeration A community

644: Improper Neutralization of HTTP Headers for Scripting Syntax (4.17) Common Weakness Enumeration A community

of Special Elements used in an OS Command ('OS Command Injection') (4.17) Common Weakness Enumeration A community

Neutralization of Argument Delimiters in a Command ('Argument Injection') (4.17) Common Weakness Enumeration A community

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.18) Common Weakness Enumeration A community

CWE - CWE-1224: Improper Restriction of Write-Once Bit Fields (4.17) Common Weakness Enumeration A community

CWE - CWE-564: SQL Injection: Hibernate (4.17) Common Weakness Enumeration A community-developed list of SW

CWE - CWE-20: Improper Input Validation (4.17) Common Weakness Enumeration A community-developed list of SW

CWE - CWE-1419: Incorrect Initialization of Resource (4.17) Common Weakness Enumeration A community-developed list of

CWE-1222: Insufficient Granularity of Address Regions Protected by Register Locks (4.17) Common Weakness Enumeration A community

of Special Elements used in an OS Command ('OS Command Injection') (4.18) Common Weakness Enumeration A community

CWE - CWE-16: CWE CATEGORY: Configuration (4.17) Common Weakness Enumeration A community-developed list of SW

of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') (4.17) Common Weakness Enumeration A community

CWE - New to CWE Common Weakness Enumeration A community-developed list of SW & HW

CWE - CWE-1220: Insufficient Granularity of Access Control (4.17) Common Weakness Enumeration A community-developed list

1191: On-Chip Debug and Test Interface With Improper Access Control (4.17) Common Weakness Enumeration A community

CWE - VIEW SLICE: CWE-1000: Research Concepts (4.17) Common Weakness Enumeration A community-developed list of SW

CWE-1003: Weaknesses for Simplified Mapping of Published Vulnerabilities (4.17) Common Weakness Enumeration A community

CWE - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') (4.17) Common Weakness Enumeration A community

CWE - About CWE Common Weakness Enumeration A community-developed list of SW & HW weaknesses that can

CWE - CWE-933: CWE CATEGORY: OWASP Top Ten 2013 Category A5 - Security Misconfiguration (4.17) Common Weakness Enumeration A community

CWE - CWE List Version 4.17 Common Weakness Enumeration A community-developed list of SW & HW

CWE - About - CWE History Common Weakness Enumeration A community-developed list of SW & HW weaknesses that

Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') (4.17) Common Weakness Enumeration A community

CWE - CVE → CWE Mapping "Root Cause Mapping" Guidance Common Weakness Enumeration A community-developed list of SW

a set of other entries that share a common characteristic. Pillar Weakness – Highest-level weakness that

CWE - CWE-1032: CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration (4.17) Common Weakness Enumeration A community

for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') (4.17) Common Weakness Enumeration A community

Slice Special Element Sphere of Control Technology Technology-Specific Trailing Trigger Point Unexpected Variant Weakness View Vulnerability Weakness Back

CWE - Podcast Common Weakness Enumeration A community-developed list of SW & HW weaknesses that can

CWE - User Stories Common Weakness Enumeration A community-developed list of SW & HW weaknesses that can

CWE - CWE Board Common Weakness Enumeration A community-developed list of SW & HW weaknesses that can

CWE - CWE-1194: Hardware Design (4.17) Common Weakness Enumeration A community-developed list of SW &

CWE - 2023 CWE Top 10 KEV Weaknesses Common Weakness Enumeration A community-developed list of SW &

CWE - CWE-100: CWE CATEGORY: DEPRECATED: Technology-Specific Input Validation Problems (4.17) Common Weakness Enumeration A community-developed

CWE - CWE-699: Software Development (4.17) Common Weakness Enumeration A community-developed list of SW &

CWE - CVE → CWE "Root Cause Mapping" Quick Tips Common Weakness Enumeration A community-developed list of SW

CWE - Downloads Common Weakness Enumeration A community-developed list of SW & HW weaknesses that can

Does the weakness require hardware modifications to mitigate it? How frequently is this weakness detected during design? How

CWE - Documents Common Weakness Enumeration A community-developed list of SW & HW weaknesses that can

since the inability to cause significant harm by exploiting a weakness means that weakness should

CWE - Archive Common Weakness Enumeration A community-developed list of SW & HW weaknesses that can

CWE - CWE Capability Common Weakness Enumeration A community-developed list of SW & HW weaknesses that can

CWE - Search the CWE Web Site Common Weakness Enumeration A community-developed list of SW

CWE - CVE → CWE Mapping Guidance - Examples Common Weakness Enumeration A community-developed list of SW & HW

CWE - A Discussion List Sign-Up Common Weakness Enumeration A community-developed list of SW

CWE - Community Common Weakness Enumeration A community-developed list of SW & HW weaknesses that can

CWE - Reports Common Weakness Enumeration A community-developed list of SW & HW weaknesses that can

CWE - Archive Common Weakness Enumeration A community-developed list of SW & HW weaknesses that can