Common Weakness Enumeration: CWE

CWE is a community-developed list of common software and hardware weakness types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities. The CWE List and associated classification taxonomy serve as a language that can be used to identify and describe these weaknesses in terms of CWEs.

CWE Number	Name	Action
CWE-282	Improper Ownership Management
CWE-283	Unverified Ownership
CWE-284	Improper Access Control
CWE-285	Improper Authorization
CWE-286	Incorrect User Management
CWE-287	Improper Authentication
CWE-288	Authentication Bypass Using an Alternate Path or Channel
CWE-289	Authentication Bypass by Alternate Name
CWE-290	Authentication Bypass by Spoofing
CWE-291	Reliance on IP Address for Authentication
CWE-292	DEPRECATED: Trusting Self-reported DNS Name
CWE-293	Using Referer Field for Authentication
CWE-294	Authentication Bypass by Capture-replay
CWE-295	Improper Certificate Validation
CWE-296	Improper Following of a Certificate's Chain of Trust
CWE-297	Improper Validation of Certificate with Host Mismatch
CWE-298	Improper Validation of Certificate Expiration
CWE-299	Improper Check for Certificate Revocation
CWE-300	Channel Accessible by Non-Endpoint
CWE-301	Reflection Attack in an Authentication Protocol
CWE-302	Authentication Bypass by Assumed-Immutable Data
CWE-303	Incorrect Implementation of Authentication Algorithm
CWE-304	Missing Critical Step in Authentication
CWE-305	Authentication Bypass by Primary Weakness
CWE-306	Missing Authentication for Critical Function
CWE-307	Improper Restriction of Excessive Authentication Attempts
CWE-308	Use of Single-factor Authentication
CWE-309	Use of Password System for Primary Authentication
CWE-311	Missing Encryption of Sensitive Data
CWE-312	Cleartext Storage of Sensitive Information
CWE-313	Cleartext Storage in a File or on Disk
CWE-314	Cleartext Storage in the Registry
CWE-315	Cleartext Storage of Sensitive Information in a Cookie
CWE-316	Cleartext Storage of Sensitive Information in Memory
CWE-317	Cleartext Storage of Sensitive Information in GUI
CWE-318	Cleartext Storage of Sensitive Information in Executable
CWE-319	Cleartext Transmission of Sensitive Information
CWE-321	Use of Hard-coded Cryptographic Key
CWE-322	Key Exchange without Entity Authentication
CWE-323	Reusing a Nonce, Key Pair in Encryption
CWE-324	Use of a Key Past its Expiration Date
CWE-325	Missing Cryptographic Step
CWE-326	Inadequate Encryption Strength
CWE-327	Use of a Broken or Risky Cryptographic Algorithm
CWE-328	Use of Weak Hash
CWE-329	Generation of Predictable IV with CBC Mode
CWE-330	Use of Insufficiently Random Values
CWE-331	Insufficient Entropy
CWE-332	Insufficient Entropy in PRNG
CWE-333	Improper Handling of Insufficient Entropy in TRNG

Showing 50 of 959 Results

Common Weakness Enumeration: CWE

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable