CSURFACE
THREAT SENSOR
Home
Analytics
News
About
Tools
Constellation
Libraries
CWE
CAPEC
MITRE ATT&CK
MITRE D3FEND
OWASP Top 10
Ransomware Groups
References
Support
EN
|
PT
CWE Library
Common Weakness Enumeration
All
Pillar
Root categories
Class
Abstract weaknesses
Base
Detectable weaknesses
Variant
Technology-specific
Compound
Multi-weakness
CWE-15
Base
External Control of System or Configuration Setting
Incomplete
CWE-22
Base
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Likelihood: High
Stable
CWE-23
Base
Relative Path Traversal
Draft
CWE-36
Base
Absolute Path Traversal
Draft
CWE-41
Base
Improper Resolution of Path Equivalence
Incomplete
CWE-59
Base
Improper Link Resolution Before File Access ('Link Following')
Likelihood: Medium
Draft
CWE-66
Base
Improper Handling of File Names that Identify Virtual Resources
Draft
CWE-73
Base
External Control of File Name or Path
Likelihood: High
Draft
CWE-76
Base
Improper Neutralization of Equivalent Special Elements
Likelihood: High
Draft
CWE-78
Base
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Likelihood: High
Stable
CWE-79
Base
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Likelihood: High
Stable
CWE-88
Base
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Draft
CWE-89
Base
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Likelihood: High
Stable
CWE-90
Base
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Draft
CWE-91
Base
XML Injection (aka Blind XPath Injection)
Draft
CWE-92
Base
DEPRECATED: Improper Sanitization of Custom Special Characters
Deprecated
CWE-93
Base
Improper Neutralization of CRLF Sequences ('CRLF Injection')
Draft
CWE-94
Base
Improper Control of Generation of Code ('Code Injection')
Likelihood: Medium
Draft
CWE-96
Base
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Draft
CWE-112
Base
Missing XML Validation
Draft
CWE-115
Base
Misinterpretation of Input
Incomplete
CWE-117
Base
Improper Output Neutralization for Logs
Likelihood: Medium
Draft
CWE-120
Base
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Likelihood: High
Incomplete
CWE-123
Base
Write-what-where Condition
Likelihood: High
Draft
CWE-124
Base
Buffer Underwrite ('Buffer Underflow')
Likelihood: Medium
Incomplete
CWE-125
Base
Out-of-bounds Read
Draft
CWE-128
Base
Wrap-around Error
Likelihood: Medium
Incomplete
CWE-130
Base
Improper Handling of Length Parameter Inconsistency
Incomplete
CWE-131
Base
Incorrect Calculation of Buffer Size
Likelihood: High
Draft
CWE-132
Base
DEPRECATED: Miscalculated Null Termination
Deprecated
CWE-134
Base
Use of Externally-Controlled Format String
Likelihood: High
Draft
CWE-135
Base
Incorrect Calculation of Multi-Byte String Length
Draft
CWE-140
Base
Improper Neutralization of Delimiters
Draft
CWE-166
Base
Improper Handling of Missing Special Element
Draft
CWE-167
Base
Improper Handling of Additional Special Element
Draft
CWE-168
Base
Improper Handling of Inconsistent Special Elements
Draft
CWE-170
Base
Improper Null Termination
Likelihood: Medium
Incomplete
CWE-178
Base
Improper Handling of Case Sensitivity
Incomplete
CWE-179
Base
Incorrect Behavior Order: Early Validation
Incomplete
CWE-182
Base
Collapse of Data into Unsafe Value
Draft
CWE-183
Base
Permissive List of Allowed Inputs
Draft
CWE-184
Base
Incomplete List of Disallowed Inputs
Draft
CWE-186
Base
Overly Restrictive Regular Expression
Draft
CWE-188
Base
Reliance on Data/Memory Layout
Likelihood: Low
Draft
CWE-190
Base
Integer Overflow or Wraparound
Likelihood: Medium
Stable
CWE-191
Base
Integer Underflow (Wrap or Wraparound)
Draft
CWE-193
Base
Off-by-one Error
Draft
CWE-197
Base
Numeric Truncation Error
Likelihood: Low
Incomplete
CWE-201
Base
Insertion of Sensitive Information Into Sent Data
Draft
CWE-202
Base
Exposure of Sensitive Information Through Data Queries
Likelihood: Medium
Draft