CSURFACE
THREAT SENSOR
Home
Analytics
News
About
Tools
Constellation
Libraries
CWE
CAPEC
MITRE ATT&CK
MITRE D3FEND
OWASP Top 10
Ransomware Groups
References
Support
EN
|
PT
CWE Library
Common Weakness Enumeration
All
Pillar
Root categories
Class
Abstract weaknesses
Base
Detectable weaknesses
Variant
Technology-specific
Compound
Multi-weakness
CWE-20
Class
Improper Input Validation
Likelihood: High
Stable
CWE-74
Class
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Likelihood: High
Incomplete
CWE-75
Class
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Draft
CWE-77
Class
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Likelihood: High
Draft
CWE-99
Class
Improper Control of Resource Identifiers ('Resource Injection')
Likelihood: High
Draft
CWE-114
Class
Process Control
Incomplete
CWE-116
Class
Improper Encoding or Escaping of Output
Likelihood: High
Draft
CWE-118
Class
Incorrect Access of Indexable Resource ('Range Error')
Incomplete
CWE-119
Class
Improper Restriction of Operations within the Bounds of a Memory Buffer
Likelihood: High
Stable
CWE-138
Class
Improper Neutralization of Special Elements
Draft
CWE-159
Class
Improper Handling of Invalid Use of Special Elements
Draft
CWE-172
Class
Encoding Error
Draft
CWE-185
Class
Incorrect Regular Expression
Draft
CWE-200
Class
Exposure of Sensitive Information to an Unauthorized Actor
Likelihood: High
Draft
CWE-216
Class
DEPRECATED: Containment Errors (Container Errors)
Deprecated
CWE-221
Class
Information Loss or Omission
Incomplete
CWE-228
Class
Improper Handling of Syntactically Invalid Structure
Incomplete
CWE-269
Class
Improper Privilege Management
Likelihood: Medium
Draft
CWE-271
Class
Privilege Dropping / Lowering Errors
Likelihood: High
Incomplete
CWE-282
Class
Improper Ownership Management
Draft
CWE-285
Class
Improper Authorization
Likelihood: High
Draft
CWE-286
Class
Incorrect User Management
Incomplete
CWE-287
Class
Improper Authentication
Likelihood: High
Draft
CWE-300
Class
Channel Accessible by Non-Endpoint
Draft
CWE-311
Class
Missing Encryption of Sensitive Data
Likelihood: High
Draft
CWE-326
Class
Inadequate Encryption Strength
Draft
CWE-327
Class
Use of a Broken or Risky Cryptographic Algorithm
Likelihood: High
Draft
CWE-330
Class
Use of Insufficiently Random Values
Likelihood: High
Stable
CWE-340
Class
Generation of Predictable Numbers or Identifiers
Incomplete
CWE-345
Class
Insufficient Verification of Data Authenticity
Draft
CWE-346
Class
Origin Validation Error
Draft
CWE-362
Class
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Likelihood: Medium
Draft
CWE-377
Class
Insecure Temporary File
Incomplete
CWE-400
Class
Uncontrolled Resource Consumption
Likelihood: High
Draft
CWE-402
Class
Transmission of Private Resources into a New Sphere ('Resource Leak')
Draft
CWE-404
Class
Improper Resource Shutdown or Release
Likelihood: Medium
Draft
CWE-405
Class
Asymmetric Resource Consumption (Amplification)
Incomplete
CWE-406
Class
Insufficient Control of Network Message Volume (Network Amplification)
Incomplete
CWE-407
Class
Inefficient Algorithmic Complexity
Likelihood: Low
Incomplete
CWE-410
Class
Insufficient Resource Pool
Incomplete
CWE-424
Class
Improper Protection of Alternate Path
Draft
CWE-436
Class
Interpretation Conflict
Incomplete
CWE-441
Class
Unintended Proxy or Intermediary ('Confused Deputy')
Draft
CWE-446
Class
UI Discrepancy for Security Feature
Incomplete
CWE-451
Class
User Interface (UI) Misrepresentation of Critical Information
Draft
CWE-506
Class
Embedded Malicious Code
Incomplete
CWE-514
Class
Covert Channel
Incomplete
CWE-522
Class
Insufficiently Protected Credentials
Incomplete
CWE-573
Class
Improper Following of Specification by Caller
Draft
CWE-592
Class
DEPRECATED: Authentication Bypass Issues
Deprecated