Tipos de falha

CWE-79 · XSS (CWE-79)25.980 CWE-89 · Unauthenticated SQL injection (CWE-89)11.496 CWE-862 · The software does not perform an authorization check when an actor attempts to access a resource or perform an action.6.679 CWE-352 · The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.5.662 CWE-22 · The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.4.653 CWE-20 · The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.4.566 CWE-787 · OUT-OF-BOUNDS WRITE CWE-7874.447 CWE-284 · The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.4.335 CWE-125 · OUT-OF-BOUNDS READ CWE-1254.244 CWE-74 · Injection4.124 CWE-416 · USE AFTER FREE CWE-416 (CVE-2019-13510)3.990 CWE-200 · The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.3.859 CWE-78 · The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.3.752 CWE-94 · Script injection3.706 CWE-121 · Stack buffer overflow (CWE-121)3.413 CWE-119 · Memory Corruption - Generic (CWE-119)2.920 CWE-120 · Execute unauthorized code or commands2.893 CWE-434 · UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-4342.782 CWE-77 · The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.2.513 CWE-400 · UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-4002.364 CWE-122 · Heap Overflow (CWE-122)2.327 CWE-502 · The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.2.197 CWE-918 · The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.2.119 CWE-476 · Remote authenticated null dereference (CWE-476)2.103 CWE-863 · The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.2.054 CWE-287 · When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.1.825 CWE-269 · The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.1.772 CWE-306 · The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.1.687 CWE-639 · The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.1.501 CWE-770 · The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.1.308 CWE-190 · INTEGER OVERFLOW OR WRAPAROUND CWE-1901.282 CWE-285 · The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.1.280 CWE-98 · Remote File Inclusion (CWE-98)1.230 CWE-601 · URL REDIRECTION TO UNTRUSTED SITE ('OPEN REDIRECT') CWE-601987 CWE-266 · Incorrect Privilege Assignment938 CWE-276 · INCORRECT DEFAULT PERMISSIONS CWE-276904 CWE-427 · Uncontrolled Search Path or Element841 CWE-362 · Race Condition (CWE-362), Classic Buffer Overflow (CWE-120)820 CWE-798 · USE OF HARD-CODED CREDENTIALS CWE-798819 CWE-532 · Sensitive Information in Log Files741 CWE-732 · The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.686 CWE-295 · Information disclosure672 CWE-59 · Link Following613 CWE-404 · IMPROPER RESOURCE SHUTDOWN OR RELEASE CWE-404598 CWE-288 · Improper access control579 CWE-401 · Missing Release of Memory after Effective Lifetime576 CWE-611 · XXE CWE-611571 CWE-522 · INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522550 CWE-693 · PROTECTIONS MECHANISM FAILURE CWE-693548 CWE-843 · Type Confusion548 CWE-80 · Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)543 CWE-367 · Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)502 CWE-319 · The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.487 CWE-347 · Information disclosure463 CWE-290 · This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.460 CWE-73 · Improper access control457 CWE-126 · Stack buffer over-read (CWE-126)449 CWE-23 · The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as .. that can resolve to a location that is outside of that directory.420 CWE-307 · IMPROPER RESTRICTION OF EXCESSIVE AUTHENTICATION ATTEMPTS CWE-307409 CWE-754 · The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.407 CWE-312 · Information disclosure406 CWE-613 · Session Expiration383 CWE-346 · ORIGIN VALIDATION ERROR CWE-346372 CWE-617 · Reachable Assertion (CWE-617)371 CWE-209 · Information Exposure Through Error Message370 CWE-345 · Insufficient Verification of Data Authenticity (CWE-345)365 CWE-327 · USE OF A BROKEN OR RISKY CRYPTOGRAPHIC ALGORITHM CWE-327357 CWE-428 · UNQUOTED SEARCH PATH OR ELEMENT CWE-428348 CWE-1333 · The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.336 CWE-497 · Information disclosure334 CWE-201 · Insertion of Sensitive Information Into Sent Data329 CWE-250 · EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250328 CWE-552 · Files or Directories Accessible to External Parties (CWE-552)327 CWE-835 · The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.323 CWE-311 · MISSING ENCRYPTION OF SENSITIVE DATA CWE-311301 CWE-1321 · Prototype Pollution300 CWE-321 · USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321298 CWE-203 · Observable Discrepancy293 CWE-415 · Execute unauthorized code or commands291 CWE-191 · INTEGER UNDERFLOW (WRAP OR WRAPAROUND) CWE-191291 CWE-264 · Privileges, and Access Control [CWE-264]284 CWE-426 · UNTRUSTED SEARCH PATH CWE-426281 CWE-116 · Improper Encoding or Escaping of Output (CWE-116), Improper Handling of Unicode Encoding (CWE-176)279 CWE-922 · INSECURE STORAGE OF SENSITIVE INFORMATION CWE-922278 CWE-129 · IMPROPER VALIDATION OF ARRAY INDEX CWE-129263 CWE-707 · Improper Neutralization249 CWE-674 · UNCONTROLLED RECURSION CWE-674236 CWE-908 · Use of Uninitialized Resource (CWE-908)234 CWE-444 · Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')234 CWE-451 · User Interface (UI) Misrepresentation of Critical Information (CWE-451)231 CWE-1284 · Improper Validation of Specified Quantity in Input230 CWE-755 · Improper handling of exceptional conditions CWE-755222 CWE-384 · Session Fixiation221 CWE-88 · Information disclosure218 CWE-281 · Improper Preservation of Permissions210 CWE-248 · UNCAUGHT EXCEPTION CWE-248207 CWE-256 · Use of Hard-coded Password or Plaintext Storage of a Password206 CWE-668 · EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668205 CWE-822 · UNTRUSTED POINTER DEREFERENCE CWE-822201 CWE-824 · Uninitialized Pointer198 CWE-259 · USE OF HARD-CODED PASSWORD CWE-259194 CWE-1021 · Inappropriate implementation189 CWE-359 · Privacy Violation (CWE-359)187 CWE-369 · Division by zero182 CWE-1336 · Information disclosure178 CWE-326 · INADEQUATE ENCRYPTION STRENGTH CWE-326175 CWE-457 · Use of Uninitialized Variable173 CWE-829 · Inclusion of Functionality from Untrusted Control Sphere (CWE-829)171 CWE-1236 · IMPROPER NEUTRALIZATION OF FORMULA ELEMENTS IN A CSV FILE CWE-1236170 CWE-35 · The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.170 CWE-640 · WEAK PASSWORD RECOVERY MECHANISM FOR FORGOTTEN PASSWORD CWE-640169 CWE-1188 · The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.167 CWE-749 · Exposed Dangerous Method or Function (CWE-749)162 CWE-399 · Resource Management Errors160 CWE-204 · The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.158 CWE-494 · Escalation of privilege155 CWE-789 · Uncontrolled Memory Allocation154 CWE-521 · WEAK PASSWORD REQUIREMENTS CWE-521153 CWE-294 · CWE-294: Authentication Bypass by Capture-Replay150 CWE-93 · Information disclosure149 CWE-667 · Improper Locking149 CWE-703 · IMPROPER CHECK OR HANDLING OF EXCEPTIONAL CONDITIONS CWE-703149 CWE-330 · USE OF INSUFFICIENTLY RANDOM VALUES CWE-330148 CWE-305 · The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.147 CWE-788 · CWE-788: Access of Memory Location After End of Buffer147 CWE-280 · Improper Handling of Insufficient Permissions or Privileges (CWE-280)144 CWE-665 · The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.143 CWE-95 · Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')141 CWE-61 · UNIX Symbolic Link (Symlink) Following140 CWE-208 · Observable Timing Discrepancy138 CWE-1287 · Improper Validation of Specified Type of Input136 CWE-134 · Use of Externally-Controlled Format String134 CWE-36 · The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as /abs/path that can resolve to a location that is outside of that directory.127 CWE-184 · Incomplete List of Disallowed Inputs127 CWE-338 · Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)125 CWE-472 · Integer overflow123 CWE-602 · The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.120 CWE-131 · Incorrect Calculation of Buffer Size (CWE-131)118 CWE-24 · Path Traversal: '../filedir'111 CWE-425 · The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.109 CWE-358 · Security Check for Standard105 CWE-680 · Integer Overflow to Buffer Overflow (CWE-680)105 CWE-915 · Improperly Controlled Modification of Dynamically-Determined Object Attributes100 CWE-1392 · Use of Default Credentials100 CWE-942 · Permissive Cross-domain Security Policy with Untrusted Domains99 CWE-117 · The software does not neutralize or incorrectly neutralizes output that is written to logs.98 CWE-252 · Unchecked Return Value98 CWE-193 · OFF-BY-ONE ERROR CWE-19396 CWE-670 · Incorrect Control Flow95 CWE-823 · Use of Out-of-range Pointer Offset (CWE-823)94 CWE-130 · Improper Handling of Length Parameter Inconsistency (CWE-130)93 CWE-377 · Insecure Temporary File (CWE-377)93 CWE-354 · Improper Validation of Integrity Check Value93 CWE-441 · Unintended Proxy or Intermediary ('Confused Deputy')89 CWE-407 · Inefficient Algorithmic Complexity88 CWE-840 · CWE-840: Business Logic Errors87 CWE-303 · Incorrect Implementation of Authentication Algorithms (CWE-303)86 CWE-1220 · Insufficient Granularity of Access Control85 CWE-506 · Embedded Malicious Code (CWE-506)85 CWE-610 · Improper access control84 CWE-538 · Insertion of Sensitive Information into Externally-Accessible File or Directory83 CWE-620 · Unverified Password Change (CWE-620)83 CWE-113 · The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.82 CWE-459 · INCOMPLETE CLEANUP CWE-45982 CWE-1390 · Weak Authentication81 CWE-331 · Insufficient Entropy81 CWE-328 · Use of Weak Hash80 CWE-1286 · Improper Validation of Syntactic Correctness of Input80 CWE-598 · Use of HTTP Request With Sensitive Query String80 CWE-926 · Improper Export of Android Application Components79 CWE-489 · LEFTOVER DEBUG CODE CWE-48979 CWE-912 · HIDDEN FUNCTIONALITY CWE-91279 CWE-807 · Reliance on Untrusted Inputs in a Security Decision (CWE-807)78 CWE-310 · Information disclosure78 CWE-591 · CWE-591: Sensitive Data Storage in Improperly Locked Memory77 CWE-704 · INCORRECT TYPE VERSION OR CAST CWE-70477 CWE-436 · Interpretation Conflict76 CWE-91 · XML Injection (CWE-91)72 CWE-697 · Incorrect Comparison (CWE-697)70 CWE-772 · Missing Release of Resource after Effective Lifetime70 CWE-277 · Insecure Inherited Permissions (CWE-277)70 CWE-799 · Improper Control of Interaction Frequency69 CWE-913 · Improper Control of Dynamically-Managed Code Resources68 CWE-15 · External Control of System or Configuration Setting65 CWE-916 · USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT CWE-91665 CWE-150 · Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150)65 CWE-212 · Information disclosure64 CWE-257 · STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-25764 CWE-267 · Privilege Defined With Unsafe Actions64 CWE-29 · Path Traversal: '..filename'64 CWE-648 · Incorrect Use of Privileged APIs63 CWE-409 · Improper Handling of Highly Compressed Data (Data Amplification) (CWE-409)61 CWE-255 · CWE-255 Credentials Management Errors61 CWE-923 · Improper Restriction of Communication Channel to Intended Endpoints60 CWE-16 · Misconfiguration (CWE-16)60 CWE-669 · Incorrect resource transfer between spheres59 CWE-682 · INCORRECT CALCULATION CWE-68259 CWE-614 · Sensitive Cookie Without Secure Attribute58 CWE-548 · INFORMATION EXPOSURE THROUGH DIRECTORY LISTING CWE-54857 CWE-706 · Use of Incorrectly-Resolved Name or Reference (CWE-706)57 CWE-320 · Key Management Error56 CWE-90 · Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')56 CWE-681 · Incorrect Conversion between Numeric Types56 CWE-644 · IMPROPER NEUTRALIZATION OF HTTP HEADERS FOR SCRIPTING SYNTAX CWE-64455 CWE-379 · CWE-379: Creation of Temporary File in Directory with Insecure Permissions55 CWE-653 · The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.54 CWE-99 · Resource Injection (CWE-99)54 CWE-300 · Man-in-the-Middle (CWE-300)54 CWE-943 · Improper Neutralization of Special Elements in Data Query Logic54 CWE-87 · Improper Neutralization of Alternate XSS Syntax53 CWE-348 · Use of Less Trusted Source52 CWE-297 · Information disclosure52 CWE-940 · Improper Verification of Source of a Communication Channel52 CWE-1391 · Use of Weak Credentials50 CWE-841 · Enforcement of Behavioral Workflow50 CWE-325 · Missing Required Cryptographic Step (CWE-325)50 CWE-672 · OPERATION ON A RESOURCE AFTER EXPIRATION OR RELEASE CWE-67250 CWE-170 · Improper Null Termination (CWE-170)49 CWE-178 · Improper Handling of Case Sensitivity49 CWE-275 · Permission Issues (CWE-275)49 CWE-1285 · Improper Validation of Specified Index, Position, or Offset in Input49 CWE-917 · Improper Neutralization of Special Elements used in an Expression Language Statement49 CWE-470 · Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')47 CWE-524 · Use of Cache Containing Sensitive Information47 CWE-805 · CWE-805: Buffer Access with Incorrect Length Value47 CWE-340 · Generation of Predictable Numbers or Identifiers46 CWE-197 · Execute unauthorized code or commands46 CWE-378 · CWE-378: Creation of Temporary File With Insecure Permissions45 CWE-405 · CWE-405: Asymmetric Resource Consumption (Amplification)44 CWE-1395 · Dependency on Vulnerable Third-Party Component (CWE-1395)44 CWE-123 · WRITE-WHAT-WHERE CONDITION CWE-12344 CWE-274 · Privilege Escalation (CWE-274)41 CWE-1004 · CWE-1004: Sensitive Cookie Without HttpOnly Flag41 CWE-440 · CWE-440: Expected Behavior Violation41 CWE-565 · Reliance on Cookies without Validation and Integrity Checking40 CWE-385 · CWE-385: Covert Timing Channel40 CWE-261 · Weak encoding for password40 CWE-1393 · Use of Default Password40 CWE-664 · CWE-664: Improper Control of a Resource Through its Lifetime39 CWE-353 · Missing Support for Integrity Check (CWE-353)38 CWE-302 · CWE-302: Authentication Bypass by Assumed-Immutable Data38 CWE-323 · Reusing a Nonce, Key Pair in Encryption37 CWE-420 · Unprotected Alternate Channel37 CWE-349 · CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data36 CWE-124 · Execute unauthorized code or commands36 CWE-471 · Modification of Assumed-Immutable Data (MAID) (CWE-471)36 CWE-316 · The product stores sensitive information in cleartext in memory.36 CWE-696 · Incorrect Behavior Order35 CWE-825 · Expired Pointer Dereference35 CWE-202 · Exposure of Sensitive Information Through Data Queries35 CWE-776 · XML Entity Expansion (CWE-776)34 CWE-636 · When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.34 CWE-75 · Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)34 CWE-791 · Incomplete Filtering of Special Elements34 CWE-92 · Improper conditions check34 CWE-183 · Permissive List of Allowed Inputs34 CWE-834 · Excessive Iteration (CWE-834)34 CWE-763 · Release of Invalid Pointer or Reference33 CWE-690 · CWE-690: Unchecked Return Value to NULL Pointer Dereference33 CWE-241 · Improper Handling of Unexpected Data Type32 CWE-782 · Exposed IOCTL with Insufficient Access Control (CWE-782)32 CWE-424 · Improper Protection of Alternate Path32 CWE-691 · Insufficient Control Flow Management (CWE-691)32 CWE-356 · Product UI does not warn user of unsafe actions CWE-35632 CWE-272 · Least Privilege Violation32 CWE-226 · Sensitive Information in Resource Not Removed Before Reuse31 CWE-304 · The product implements an authentication technique, but it skips a step that weakens the technique.31 CWE-286 · Incorrect User Management30 CWE-233 · Improper Handling of Parameters (CWE-233)30 CWE-1385 · Missing Origin Validation in WebSockets30 CWE-540 · Inclusion of Sensitive Information in Source Code30 CWE-289 · CWE-289: Authentication Bypass by Alternate Name29 CWE-213 · CWE-213: Intentional Information Exposure29 CWE-488 · Exposure of Data Element to Wrong Session29 CWE-525 · CWE-525: Use of Web Browser Cache Containing Sensitive Information29 CWE-1289 · CWE-1289: Improper Validation of Unsafe Equivalence in Input28 CWE-282 · Improper Ownership Management28 CWE-313 · CWE-313: Cleartext Storage in a File or on Disk28 CWE-115 · Misinterpretation of Input27 CWE-27 · Path Traversal: 'dir/../../filename'27 CWE-684 · Incorrect Provision of Specified Functionality27 CWE-114 · CWE-114: Process Control26 CWE-41 · Information disclosure26 CWE-185 · Incorrect Regular Expression26 CWE-189 · Numeric Error26 CWE-176 · The software does not properly handle when an input contains Unicode encoding.26 CWE-158 · IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-15826 CWE-270 · Privilege Context Switching Error26 CWE-279 · Incorrect Execution-Assigned Permissions25 CWE-1230 · Inappropriate implementation25 CWE-778 · Insufficient Logging (CWE-778)25 CWE-758 · Reliance on Undefined, Unspecified, or Implementation-Defined Behavior25 CWE-592 · This weakness has been deprecated because it covered redundant concepts already described in CWE-287.24 CWE-939 · Improper Authorization in Handler for Custom URL Scheme24 CWE-391 · Unchecked Error Condition (CWE-391)24 CWE-1275 · Sensitive Cookie with Improper SameSite Attribute24 CWE-260 · Password in Configuration File24 CWE-501 · Trust Boundary Violation24 CWE-322 · Key Exchange without Entity Authentication24 CWE-757 · Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')24 CWE-96 · CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')23 CWE-402 · Transmission of Private Resources into a New Sphere ('Resource Leak')23 CWE-523 · UNPROTECTED TRANSPORT OF CREDENTIALS CWE-52323 CWE-273 · Improper Check for Dropped Privileges22 CWE-460 · Improper cleanup on thrown exception CWE-46022 CWE-833 · Deadlock22 CWE-603 · USE OF CLIENT-SIDE AUTHENTICATION CWE-60322 CWE-268 · Privilege Chaining22 CWE-350 · Reliance on Reverse DNS Resolution for a Security-Critical Action (CWE-350)22 CWE-283 · Unverified Ownership22 CWE-83 · The product does not neutralize or incorrectly neutralizes "javascript:" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.22 CWE-606 · Unchecked Input for Loop Condition21 CWE-1288 · Improper Validation of Consistency within Input21 CWE-253 · Incorrect Check of Function Return Value21 CWE-1295 · Information disclosure21 CWE-924 · CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel21 CWE-779 · Logging of Excessive Data20 CWE-783 · Operator Precedence Logic Error20 CWE-1191 · On-Chip Debug and Test Interface With Improper Access Control20 CWE-708 · Incorrect Ownership Assignment20 CWE-410 · Insufficient Resource Pool20 CWE-214 · CWE-214: Invocation of Process Using Visible Sensitive Information20 CWE-335 · CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)19 CWE-228 · Improper Handling of Syntactically Invalid Structure19 CWE-1104 · Use of Unmaintained Third Party Components19 CWE-195 · CWE-195: Signed to Unsigned Conversion Error19 CWE-244 · Improper Clearing of Heap Memory Before Release ('Heap Inspection')19 CWE-357 · INSUFFICIENT UI WARNING OF DANGEROUS OPERATIONS CWE-35719 CWE-590 · Free of Memory not on the Heap19 CWE-324 · Use of a Key Past its Expiration Date19 CWE-657 · Violation of Secure Design Principles (CWE-657)18 CWE-140 · CWE-140: Improper Neutralization of Delimiters18 CWE-1240 · CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation18 CWE-1327 · CWE-1327: Binding to an Unrestricted IP Address18 CWE-927 · CWE-927: Use of Implicit Intent for Sensitive Communication 18 CWE-84 · The web application improperly neutralizes user-controlled input for executable script disguised with URI encodings.18 CWE-453 · CWE-453: Insecure Default Variable Initialization18 CWE-526 · CWE-526: Exposure of Sensitive Information Through Environmental Variables18 CWE-1325 · Improperly Controlled Sequential Memory Allocation17 CWE-296 · Improper Following of a Certificate's Chain of Trust (CWE-296)17 CWE-26 · Path Traversal17 CWE-395 · NULL pointer dereference17 CWE-215 · Insertion of Sensitive Information Into Debugging Code17 CWE-229 · Improper Handling of Values17 CWE-549 · Missing Password Field Masking16 CWE-366 · Race Condition within a Thread16 CWE-1394 · Use of Default Cryptographic Key16 CWE-837 · Improper Enforcement of a Single, Unique Action16 CWE-698 · Execution After Redirect16 CWE-390 · Detection of Error Condition Without Action16 CWE-759 · USE OF A ONE-WAY HASH WITHOUT A SALT CWE-75916 CWE-662 · Improper Synchronization16 CWE-642 · External Control of Critical State Data (CWE-642)16 CWE-477 · USE OF OBSOLETE FUNCTION CWE-47716 CWE-406 · CWE-406: Insufficient Control of Network Message Volume (Network Amplification)16 CWE-1259 · CWE-1259: Improper Restriction of Security Token Assignment15 CWE-1260 · Improper Handling of Overlap Between Protected Memory Ranges15 CWE-1386 · CWE-1386: Insecure Operation on Windows Junction / Mount Point15 CWE-155 · CWE-155: Improper Neutralization of Wildcards or Matching Symbols15 CWE-413 · Improper Resource Locking15 CWE-804 · Guessable CAPTCHA15 CWE-909 · CWE-909: Missing Initialization of Resource15 CWE-394 · CWE-394: Unexpected Status Code or Return Value14 CWE-449 · CWE-449: The UI Performs the Wrong Action14 CWE-180 · Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).14 CWE-351 · CWE-351: Insufficient Type Distinction14 CWE-1300 · Side-channel information leakage14 CWE-1242 · Inclusion of undocumented features or chicken bits14 CWE-364 · Signal Handler Race Condition14 CWE-790 · CWE-790: Improper Filtering of Special Elements14 CWE-836 · Use of Password Hash Instead of Password for Authentication14 CWE-475 · Undefined Behavior for Input to API13 CWE-643 · Improper Neutralization of Data within XPath Expressions ('XPath Injection')13 CWE-1263 · Improper Physical Access Control13 CWE-138 · Improper Neutralization of Special Elements13 CWE-599 · CWE-599: Missing Validation of OpenSSL Certificate13 CWE-337 · Predictable Seed in Pseudo-Random Number Generator (PRNG)13 CWE-641 · Improper Restriction of Names for Files and Other Resources13 CWE-334 · Small Space of Random Values13 CWE-159 · CWE-159: Improper Handling of Invalid Use of Special Elements13 CWE-19 · Data Handling13 CWE-762 · Mismatched Memory Management Routines12 CWE-821 · Incorrect Synchronization12 CWE-25 · Path Traversal: '/../filedir'12 CWE-1022 · CWE-1022: Use of Web Link to Untrusted Target with window.opener Access12 CWE-830 · CWE-830: Inclusion of Web Functionality from an Untrusted Source12 CWE-341 · PREDICTABLE FROM OBSERVABLE STATE CWE-34112 CWE-419 · CWE-419: Unprotected Primary Channel12 CWE-1258 · Exposure of Sensitive System Information Due to Uncleared Debug Information12 CWE-230 · Improper Handling of Missing Values12 CWE-911 · Improper Update of Reference Count12 CWE-1244 · Improper Authorization on Physical Debug and Test Interfaces12 CWE-271 · Privilege Dropping / Lowering Errors12 CWE-392 · Missing Report of Error Condition12 CWE-308 · CWE-308: Use of Single-factor Authentication12 CWE-1023 · Incomplete Comparison with Missing Factors11 CWE-656 · CWE-656: Reliance on Security Through Obscurity11 CWE-612 · Improper Authorization of Index Containing Sensitive Information11 CWE-1427 · CWE-1427: Improper Neutralization of Input Used for LLM Prompting11 CWE-1050 · Excessive Platform Resource Consumption within a Loop11