CWE Number
|
Name
|
Number Of Related Vulnerabilities
|
129 |
Improper Validation of Array Index |
233
|
665 |
Improper Initialization |
218
|
613 |
Insufficient Session Expiration |
216
|
754 |
Improper Check for Unusual or Exceptional Conditions |
212
|
311 |
Missing Encryption of Sensitive Data |
208
|
209 |
Information Exposure Through an Error Message |
194
|
704 |
Incorrect Type Conversion or Cast |
194
|
307 |
Improper Restriction of Excessive Authentication Attempts |
192
|
404 |
Improper Resource Shutdown or Release |
182
|
121 |
Stack-based Buffer Overflow |
172
|
330 |
Use of Insufficiently Random Values |
172
|
552 |
Files or Directories Accessible to External Parties |
168
|
346 |
Origin Validation Error |
160
|
367 |
Time-of-check Time-of-use (TOCTOU) Race Condition |
157
|
674 |
Uncontrolled Recursion |
157
|
444 |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') |
150
|
281 |
Improper Preservation of Permissions |
140
|
191 |
Integer Underflow (Wrap or Wraparound) |
137
|
428 |
Unquoted Search Path or Element |
136
|
290 |
Authentication Bypass by Spoofing |
134
|
122 |
Heap-based Buffer Overflow |
132
|
88 |
Argument Injection or Modification |
129
|
521 |
Weak Password Requirements |
128
|
610 |
Externally Controlled Reference to a Resource in Another Sphere |
121
|
640 |
Weak Password Recovery Mechanism for Forgotten Password |
119
|
116 |
Improper Encoding or Escaping of Output |
105
|
294 |
Authentication Bypass by Capture-replay |
94
|
285 |
Improper Access Control (Authorization) |
79
|
425 |
Direct Request ('Forced Browsing') |
75
|
91 |
XML Injection (aka Blind XPath Injection) |
73
|
354 |
Improper Validation of Integrity Check Value |
70
|
494 |
Download of Code Without Integrity Check |
69
|
682 |
Incorrect Calculation |
68
|
252 |
Unchecked Return Value |
64
|
338 |
Use of Cryptographically Weak PRNG |
62
|
697 |
Insufficient Comparison |
60
|
667 |
Insufficient Locking |
58
|
459 |
Incomplete Cleanup |
53
|
693 |
Protection Mechanism Failure |
53
|
193 |
Off-by-one Error |
52
|
131 |
Incorrect Calculation of Buffer Size |
50
|
763 |
Release of Invalid Pointer or Reference |
49
|
331 |
Insufficient Entropy |
48
|
681 |
Incorrect Conversion between Numeric Types |
48
|
776 |
Unrestricted Recursive Entity References in DTDs ('XML Bomb') |
44
|
670 |
Always-Incorrect Control Flow Implementation |
40
|
93 |
Failure to Sanitize CRLF Sequences ('CRLF Injection') |
38
|
788 |
Access of Memory Location After End of Buffer |
36
|
669 |
Incorrect Resource Transfer Between Spheres |
35
|
706 |
Use of Incorrectly-Resolved Name or Reference |
34
|