|
CWE Number
|
Name
|
Number Of Related Vulnerabilities
|
|
640 |
Weak Password Recovery Mechanism for Forgotten Password |
55
|
|
191 |
Integer Underflow (Wrap or Wraparound) |
51
|
|
665 |
Improper Initialization |
47
|
|
346 |
Origin Validation Error |
45
|
|
312 |
Cleartext Storage of Sensitive Information |
42
|
|
330 |
Use of Insufficiently Random Values |
42
|
|
613 |
Insufficient Session Expiration |
39
|
|
754 |
Improper Check for Unusual or Exceptional Conditions |
39
|
|
428 |
Unquoted Search Path or Element |
36
|
|
755 |
Improper Handling of Exceptional Conditions |
33
|
|
674 |
Uncontrolled Recursion |
31
|
|
93 |
Failure to Sanitize CRLF Sequences ('CRLF Injection') |
31
|
|
281 |
Improper Preservation of Permissions |
30
|
|
338 |
Use of Cryptographically Weak PRNG |
30
|
|
693 |
Protection Mechanism Failure |
29
|
|
521 |
Weak Password Requirements |
26
|
|
682 |
Incorrect Calculation |
26
|
|
425 |
Direct Request ('Forced Browsing') |
25
|
|
307 |
Improper Restriction of Excessive Authentication Attempts |
23
|
|
358 |
Improperly Implemented Security Check for Standard |
23
|
|
444 |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') |
23
|
|
639 |
Access Control Bypass Through User-Controlled Key |
22
|
|
91 |
XML Injection (aka Blind XPath Injection) |
22
|
|
113 |
Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting') |
20
|
|
203 |
Information Exposure Through Discrepancy |
20
|
|
552 |
Files or Directories Accessible to External Parties |
19
|
|
88 |
Argument Injection or Modification |
19
|
|
290 |
Authentication Bypass by Spoofing |
17
|
|
185 |
Incorrect Regular Expression |
15
|
|
331 |
Insufficient Entropy |
15
|
|
209 |
Information Exposure Through an Error Message |
14
|
|
118 |
Improper Access of Indexable Resource ('Range Error') |
13
|
|
116 |
Improper Encoding or Escaping of Output |
12
|
|
367 |
Time-of-check Time-of-use (TOCTOU) Race Condition |
11
|
|
90 |
Failure to Sanitize Data into LDAP Queries ('LDAP Injection') |
11
|
|
332 |
Insufficient Entropy in PRNG |
10
|
|
172 |
Encoding Error |
9
|
|
749 |
Exposed Dangerous Method or Function |
9
|
|
297 |
Improper Validation of Host-specific Certificate Data |
8
|
|
494 |
Download of Code Without Integrity Check |
8
|
|
538 |
File and Directory Information Exposure |
8
|
|
610 |
Externally Controlled Reference to a Resource in Another Sphere |
8
|
|
123 |
Write-what-where Condition |
7
|
|
354 |
Improper Validation of Integrity Check Value |
7
|
|
565 |
Reliance on Cookies without Validation and Integrity Checking |
7
|
|
184 |
Incomplete Blacklist |
6
|
|
252 |
Unchecked Return Value |
6
|
|
294 |
Authentication Bypass by Capture-replay |
6
|
|
669 |
Incorrect Resource Transfer Between Spheres |
6
|
|
131 |
Incorrect Calculation of Buffer Size |
5
|
