COMMON WEAKNESS ENUMERATION
Software
weaknesses.
The CWE Top 25 Most Dangerous plus other common weakness types — each explained in plain English with impact, mitigations, and real CVE examples. Cross-linked to the KEV catalog and ATT&CK matrix.
CWE Top 25 Most Dangerous
CWE-787
Out-of-bounds Write
CWE-79Cross-site Scripting (XSS)
CWE-89SQL Injection
CWE-416Use After Free
CWE-78OS Command Injection
CWE-20Improper Input Validation
CWE-125Out-of-bounds Read
CWE-22Path Traversal
CWE-352Cross-Site Request Forgery (CSRF)
CWE-434Unrestricted Upload of File with Dangerous Type
CWE-862Missing Authorization
CWE-476NULL Pointer Dereference
CWE-287Improper Authentication
CWE-190Integer Overflow or Wraparound
CWE-502Deserialization of Untrusted Data
CWE-77Command Injection
CWE-119Improper Restriction of Operations within Memory Buffer
CWE-798Use of Hard-coded Credentials
CWE-918Server-Side Request Forgery (SSRF)
CWE-306Missing Authentication for Critical Function
CWE-362Race Condition
CWE-269Improper Privilege Management
CWE-94Code Injection
CWE-863Incorrect Authorization
CWE-276Incorrect Default Permissions
Other common weaknesses
CWE-200
Exposure of Sensitive Information
CWE-611XML External Entity (XXE)
CWE-400Uncontrolled Resource Consumption
CWE-522Insufficiently Protected Credentials
CWE-732Incorrect Permission Assignment for Critical Resource
CWE-327Use of a Broken or Risky Cryptographic Algorithm
CWE-295Improper Certificate Validation
CWE-601Open Redirect
CWE-384Session Fixation
CWE-209Sensitive Information in Error Message
CWE-311Missing Encryption of Sensitive Data
CWE-326Inadequate Encryption Strength
CWE-770Allocation of Resources Without Limits
CWE-74Injection
CWE-668Exposure of Resource to Wrong Sphere
CWE-285Improper Authorization
CWE-1321Prototype Pollution
CWE-88Argument Injection
CWE-90LDAP Injection
CWE-444HTTP Request Smuggling
CWE-312Cleartext Storage of Sensitive Information
CWE-426Untrusted Search Path
CWE-116Improper Encoding or Escaping of Output
CWE-1236Formula Injection (CSV Injection)
CWE-639Authorization Bypass Through User-Controlled Key (IDOR)
CWE-613Insufficient Session Expiration