Page History

CWE-787

Out-of-bounds Write

• CWE-787-a
• CWE-787-b
• CWE-787-c
• CWE-787-d
• CWE-787-e
• CWE-787-f
• CWE-787-g
• CWE-787-h
• CWE-787-i

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

N/A

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

• CWE-89-a

CWE-416

Use After Free

• CWE-416-a
• CWE-416-b
• CWE-416-c

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

• CWE-78-a

CWE-20

Improper Input Validation

• CWE-20-a
• CWE-20-b
• CWE-20-c
• CWE-20-d
• CWE-20-e
• CWE-20-f
• CWE-20-g
• CWE-20-h
• CWE-20-i
• CWE-20-j

CWE-125

Out-of-bounds Read

• CWE-125-a
• CWE-125-b
• CWE-125-c
• CWE-125-d
• CWE-125-e
• CWE-125-f

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

• CWE-22-a

CWE-352

Cross-Site Request Forgery (CSRF)

N/A

CWE-434

Unrestricted Upload of File with Dangerous Type

N/A

CWE-862

Missing Authorization

N/A

CWE-476

NULL Pointer Dereference

• CWE-476-a

CWE-287

Improper Authentication

• CWE-287-a

CWE-190

Integer Overflow or Wraparound

• CWE-190-a
• CWE-190-b
• CWE-190-c
• CWE-190-d
• CWE-190-e
• CWE-190-f
• CWE-190-g
• CWE-190-h
• CWE-190-i
• CWE-190-j
• CWE-190-k

CWE-502

Deserialization of Untrusted Data

N/A

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

• CWE-77-a

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

• CWE-119-a
• CWE-119-b
• CWE-119-c
• CWE-119-d
• CWE-119-e
• CWE-119-f
• CWE-119-g
• CWE-119-h
• CWE-119-i
• CWE-119-j
• CWE-119-k
• CWE-119-l

CWE-798

Use of Hard-coded Credentials

• CWE-798-a

CWE-918

Server-Side Request Forgery (SSRF)

N/A

CWE-306

Missing Authentication for Critical Function

N/A

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

• CWE-362-a
• CWE-362-b
• CWE-362-c
• CWE-362-d
• CWE-362-e

CWE-269

Improper Privilege Management

• CWE-269-a
• CWE-269-b

CWE-94

Improper Control of Generation of Code ('Code Injection')

N/A

CWE-863

Incorrect Authorization

• CWE-863-a

CWE-276

Incorrect Default Permissions

N/A

CWE-617

Reachable Assertion

• CWE-617-a

CWE-427

Uncontrolled Search Path Element

• CWE-427-a

CWE-611

Improper Restriction of XML External Entity Reference

• CWE-611-a

CWE-770

Allocation of Resources Without Limits or Throttling

• CWE-770-a

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

• CWE-200-a

CWE-732

Incorrect Permission Assignment for Critical Resource

• CWE-732-a
• CWE-732-b

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

N/A

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

N/A

CWE-295

Improper Certificate Validation

N/A

CWE-522

Insufficiently Protected Credentials

N/A

CWE-401

Missing Release of Memory after Effective Lifetime

• CWE-401-a

CWE-400

Uncontrolled Resource Consumption

• CWE-400-a

CWE-639

Authorization Bypass Through User-Controlled Key

N/A

CWE-59

Improper Link Resolution Before File Access ('Link Following')

• CWE-59-a

CWE-668

Exposure of Resource to Wrong Sphere

• CWE-668-a