Categories (CWE)

CWE-755 Improper Handling of Exceptional Conditions 35
CWE-834 Excessive Iteration 35
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') 34
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 30
CWE-693 Protection Mechanism Failure 30
CWE-281 Improper Preservation of Permissions 30
CWE-682 Incorrect Calculation 28
CWE-521 Weak Password Requirements 28
CWE-91 XML Injection (aka Blind XPath Injection) 26
CWE-824 Access of Uninitialized Pointer 25
CWE-425 Direct Request ('Forced Browsing') 25
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') 25
CWE-358 Improperly Implemented Security Check for Standard 23
CWE-307 Improper Restriction of Excessive Authentication Attempts 23
CWE-639 Authorization Bypass Through User-Controlled Key 22
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') 22
CWE-88 Argument Injection or Modification 20
CWE-203 Information Exposure Through Discrepancy 20
CWE-552 Files or Directories Accessible to External Parties 20
CWE-909 Missing Initialization of Resource 20

Filter by ID

Filter by name