Common Weakness Enumeration: CWE

CWE is a community-developed list of common software and hardware weakness types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities. The CWE List and associated classification taxonomy serve as a language that can be used to identify and describe these weaknesses in terms of CWEs.
CWE Number Name Action
CWE-62 UNIX Hard Link
CWE-64 Windows Shortcut Following (.LNK)
CWE-65 Windows Hard Link
CWE-66 Improper Handling of File Names that Identify Virtual Resources
CWE-67 Improper Handling of Windows Device Names
CWE-69 Improper Handling of Windows ::DATA Alternate Data Stream
CWE-71 DEPRECATED: Apple '.DS_Store'
CWE-72 Improper Handling of Apple HFS+ Alternate Data Stream Path
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
CWE-76 Improper Neutralization of Equivalent Special Elements
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-81 Improper Neutralization of Script in an Error Message Web Page
CWE-82 Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
CWE-83 Improper Neutralization of Script in Attributes in a Web Page
CWE-84 Improper Neutralization of Encoded URI Schemes in a Web Page
CWE-85 Doubled Character XSS Manipulations
CWE-86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-87 Improper Neutralization of Alternate XSS Syntax
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CWE-91 XML Injection (aka Blind XPath Injection)
CWE-92 DEPRECATED: Improper Sanitization of Custom Special Characters
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-97 Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CWE-99 Improper Control of Resource Identifiers ('Resource Injection')
CWE-102 Struts: Duplicate Validation Forms
CWE-103 Struts: Incomplete validate() Method Definition
CWE-104 Struts: Form Bean Does Not Extend Validation Class
CWE-105 Struts: Form Field Without Validator
CWE-106 Struts: Plug-in Framework not in Use
CWE-107 Struts: Unused Validation Form
CWE-108 Struts: Unvalidated Action Form
CWE-109 Struts: Validator Turned Off
CWE-110 Struts: Validator Without Form Field
CWE-111 Direct Use of Unsafe JNI
CWE-112 Missing XML Validation
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE-114 Process Control
CWE-115 Misinterpretation of Input
CWE-116 Improper Encoding or Escaping of Output
Showing 50 of 959 Results