CWEs

CWE NameCWE-IDVulnerabilities
Assignment of a Fixed Address to a Pointer5871
Attempt to Access Child of a Non-structure Pointer5882
Call to Non-ubiquitous API5890
Free of Memory not on the Heap59011
Sensitive Data Storage in Improperly Locked Memory59150
Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created5930
J2EE Framework: Saving Unserializable Objects to Disk5940
Comparison of Object References Instead of Object Contents5951
Use of Wrong Operator in String Comparison5973
Use of GET Request Method With Sensitive Query Strings59826
Missing Validation of OpenSSL Certificate5998
Uncaught Exception in Servlet 6001
URL Redirection to Untrusted Site ('Open Redirect')6011060
Client-Side Enforcement of Server-Side Security60228
Use of Client-Side Authentication60310
Multiple Binds to the Same Port6051
Unchecked Input for Loop Condition60611
Public Static Final Field References Mutable Object6070
Struts: Non-private Field in ActionForm Class6080
Double-Checked Locking6091
Externally Controlled Reference to a Resource in Another Sphere610178
Improper Restriction of XML External Entity Reference6111062
Improper Authorization of Index Containing Sensitive Information6126
Insufficient Session Expiration613341
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute61429
Inclusion of Sensitive Information in Source Code Comments6151
Incomplete Identification of Uploaded File Variables (PHP)6165
Reachable Assertion617490
Exposed Unsafe ActiveX Method6180
Dangling Database Cursor ('Cursor Injection')6190
Unverified Password Change62025
Variable Extraction Error6211
Improper Validation of Function Hook Arguments6222
Unsafe ActiveX Control Marked Safe For Scripting6231
Executable Regular Expression Error6241
Permissive Regular Expression6255
Null Byte Interaction Error (Poison Null Byte)6264
Dynamic Variable Evaluation6271
Function Call with Incorrectly Specified Arguments6282
Not Failing Securely ('Failing Open')63610
Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')6370
Not Using Complete Mediation6380
Authorization Bypass Through User-Controlled Key639713
Weak Password Recovery Mechanism for Forgotten Password640177
Improper Restriction of Names for Files and Other Resources6417
External Control of Critical State Data64210
Improper Neutralization of Data within XPath Expressions ('XPath Injection')6437
Improper Neutralization of HTTP Headers for Scripting Syntax64419
Overly Restrictive Account Lockout Mechanism6454
Reliance on File Name or Extension of Externally-Supplied File6466
Use of Non-Canonical URL Paths for Authorization Decisions6470
Incorrect Use of Privileged APIs64834
Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking6493
Trusting HTTP Permission Methods on the Server Side6506
Exposure of WSDL File Containing Sensitive Information6510
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')6520
Improper Isolation or Compartmentalization65311
Reliance on a Single Factor in a Security Decision6541
Insufficient Psychological Acceptability6550
Reliance on Security Through Obscurity6564
Violation of Secure Design Principles65717
Improper Synchronization66260
Use of a Non-reentrant Function in a Concurrent Context6630
Improper Control of a Resource Through its Lifetime66428
Improper Initialization665311
Operation on Resource in Wrong Phase of Lifetime6660
Improper Locking667284
Exposure of Resource to Wrong Sphere6681085
Incorrect Resource Transfer Between Spheres66952
Always-Incorrect Control Flow Implementation67092
Lack of Administrator Control over Security6714
Operation on a Resource after Expiration or Release67249
External Influence of Sphere Definition6731
Uncontrolled Recursion674267
Multiple Operations on Resource in Single-Operation Context6751
Use of Potentially Dangerous Function6766
Integer Overflow to Buffer Overflow68089
Incorrect Conversion between Numeric Types68194
Incorrect Calculation682106
Function Call With Incorrect Order of Arguments6831
Incorrect Provision of Specified Functionality6849
Function Call With Incorrect Number of Arguments6850
Function Call With Incorrect Argument Type6862
Function Call With Incorrectly Specified Argument Value6871
Function Call With Incorrect Variable or Reference as Argument6881
Permission Race Condition During Resource Copy6891
Unchecked Return Value to NULL Pointer Dereference69023
Insufficient Control Flow Management69114
Incomplete Denylist to Cross-Site Scripting6923
Protection Mechanism Failure693203
Use of Multiple Resources with Duplicate Identifier6943
Use of Low-Level Functionality6950
Incorrect Behavior Order69610
Incorrect Comparison697137
Execution After Redirect (EAR)6987
Improper Check or Handling of Exceptional Conditions70384
Incorrect Type Conversion or Cast704239
Incorrect Control Flow Scoping7051
Use of Incorrectly-Resolved Name or Reference70670
Improper Neutralization707239