CWE Base Weaknesses

Browse 543 Base level CWE entries. Specific weakness types that are more concrete and often describe actual issues found in code.

543
Total
42
High Likelihood
42
Medium
18
Low
Showing 100 of 543 Base weaknesses
CWE-464High

Addition of Data Structure Sentinel

The accidental addition of a data-structure sentinel can cause serious programming logic problems.

CWE-770High

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

CWE-294High

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

CWE-639High

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CWE-805High

Buffer Access with Incorrect Length Value

The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.

CWE-120High

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

CWE-319High

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CWE-515High

Covert Storage Channel

A covert storage channel transfers information through the setting of bits by one program and the reading of those bits by another. What distinguishes this case from that of ordinary operation is that the bits are used to convey encoded information.

CWE-378High

Creation of Temporary File With Insecure Permissions

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

CWE-73High

External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

CWE-209High

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

CWE-22High

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-643High

Improper Neutralization of Data within XPath Expressions ('XPath Injection')

The product uses external input to dynamically construct an XPath expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input. This allows an attacker to control the structure of the query.

CWE-652High

Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')

The product uses external input to dynamically construct an XQuery expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input. This allows an attacker to control the structure of the query.

CWE-76High

Improper Neutralization of Equivalent Special Elements

The product correctly neutralizes certain special elements, but it improperly neutralizes equivalent special elements.

CWE-79High

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CWE-78High

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CWE-89High

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE-131High

Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

CWE-681High

Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

CWE-1333High

Inefficient Regular Expression Complexity

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

CWE-322High

Key Exchange without Entity Authentication

The product performs a key exchange with an actor without verifying the identity of that actor.

CWE-306High

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CWE-772High

Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

CWE-787High

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CWE-645High

Overly Restrictive Account Lockout Mechanism

The product contains an account lockout protection mechanism, but the mechanism is too restrictive and can be triggered too easily, which allows attackers to deny service to legitimate users by causing their accounts to be locked out.

CWE-256High

Plaintext Storage of a Password

The product stores a password in plaintext within resources such as memory or files.

CWE-268High

Privilege Chaining

Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.

CWE-649High

Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking

The product uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the product does not use integrity checks to detect if those inputs have been modified.

CWE-807High

Reliance on Untrusted Inputs in a Security Decision

The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

CWE-323High

Reusing a Nonce, Key Pair in Encryption

Nonces should be used for the present occasion and only once.

CWE-257High

Storing Passwords in a Recoverable Format

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

CWE-360High

Trust of System Event Data

Security based on event locations are insecure and can be spoofed.

CWE-426High

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

CWE-134High

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

CWE-798High

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

CWE-242High

Use of Inherently Dangerous Function

The product calls a function that can never be guaranteed to work safely.

CWE-309High

Use of Password System for Primary Authentication

The use of password systems as the primary means of authentication may be subject to several flaws or shortcomings, each reducing the effectiveness of the mechanism.

CWE-676High

Use of Potentially Dangerous Function

The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.

CWE-308High

Use of Single-factor Authentication

The product uses an authentication algorithm that uses a single factor (e.g., a password) in a security context that should require more than one factor.

CWE-640High

Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

CWE-123High

Write-what-where Condition

Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.

CWE-124Medium

Buffer Underwrite ('Buffer Underflow')

The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

CWE-385Medium

Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

CWE-502Medium

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

CWE-390Medium

Detection of Error Condition Without Action

The product detects a specific error, but takes no actions to handle the error.

CWE-369Medium

Divide By Zero

The product divides a value by zero.

CWE-494Medium

Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

CWE-250Medium

Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

CWE-202Medium

Exposure of Sensitive Information Through Data Queries

When trying to keep information confidential, an attacker can often infer some of the information by using statistics.

CWE-299Medium

Improper Check for Certificate Revocation

The product does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.

CWE-273Medium

Improper Check for Dropped Privileges

The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

CWE-460Medium

Improper Cleanup on Thrown Exception

The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.

CWE-94Medium

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CWE-59Medium

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CWE-170Medium

Improper Null Termination

The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.

CWE-117Medium

Improper Output Neutralization for Logs

The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.

CWE-776Medium

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

CWE-911Medium

Improper Update of Reference Count

The product uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count.

CWE-354Medium

Improper Validation of Integrity Check Value

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

CWE-276Medium

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CWE-468Medium

Incorrect Pointer Scaling

In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.

CWE-532Medium

Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

CWE-778Medium

Insufficient Logging

When a security-critical event occurs, the product either does not record the event or omits important details about the event when logging it.

CWE-1007Medium

Insufficient Visual Distinction of Homoglyphs Presented to User

The product displays information or identifiers to a user, but the display mechanism does not make it easy for the user to distinguish between visually similar or identical glyphs (homoglyphs), which may cause the user to misinterpret a glyph and perform an unintended, insecure action.

CWE-190Medium

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

CWE-771Medium

Missing Reference to Active Allocated Resource

The product does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed.

CWE-353Medium

Missing Support for Integrity Check

The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

CWE-476Medium

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

CWE-484Medium

Omitted Break Statement in Switch

The product omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems when the programmer only intended to execute code associated with one condition.

CWE-374Medium

Passing Mutable Objects to an Untrusted Method

The product sends non-cloned mutable data as an argument to a method or function.

CWE-366Medium

Race Condition within a Thread

If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.

CWE-301Medium

Reflection Attack in an Authentication Protocol

Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user.

CWE-487Medium

Reliance on Package-level Scope

Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.

CWE-375Medium

Returning a Mutable Object to an Untrusted Caller

Sending non-cloned mutable data as a return value may result in that data being altered or deleted by the calling function.

CWE-364Medium

Signal Handler Race Condition

The product uses a signal handler that introduces a race condition.

CWE-367Medium

Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

CWE-391Medium

Unchecked Error Condition

[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.

CWE-434Medium

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CWE-338Medium

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

CWE-910Medium

Use of Expired File Descriptor

The product uses or accesses a file descriptor after it has been closed.

CWE-469Medium

Use of Pointer Subtraction to Determine Size

The product subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory chunk.

CWE-908Medium

Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

CWE-128Medium

Wrap-around Error

Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore "wraps around" to a very small, negative, or undefined value.

CWE-379Low

Creation of Temporary File in Directory with Insecure Permissions

The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.

CWE-749Low

Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

CWE-296Low

Improper Following of a Certificate's Chain of Trust

The product does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate.

CWE-641Low

Improper Restriction of Names for Files and Other Resources

The product constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.

CWE-483Low

Incorrect Block Delimitation

The code does not explicitly delimit a block that is intended to contain 2 or more statements, creating a logic error.

CWE-253Low

Incorrect Check of Function Return Value

The product incorrectly checks a return value from a function, which prevents it from detecting errors or exceptional conditions.

CWE-648Low

Incorrect Use of Privileged APIs

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

CWE-779Low

Logging of Excessive Data

The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.

CWE-262Low

Not Using Password Aging

The product does not have a mechanism in place for managing password aging.

CWE-197Low

Numeric Truncation Error

Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.

CWE-783Low

Operator Precedence Logic Error

The product uses an expression in which operator precedence causes incorrect logic to be used.

CWE-263Low

Password Aging with Long Expiration

The product supports password aging, but the expiration period is too long.

CWE-1037Low

Processor Optimization Removal or Modification of Security-critical Code

The developer builds a security-critical protection mechanism into the software, but the processor optimizes the execution of the program such that the mechanism is removed or modified.

CWE-188Low

Reliance on Data/Memory Layout

The product makes invalid assumptions about how protocol data or memory is organized at a lower level, resulting in unintended program behavior.

CWE-601Low

URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

CWE-252Low

Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Don't leave your security to chance

Get a free security assessment from our experts. We'll identify vulnerabilities and create a protection plan tailored to your business.

⚠️ Security Notice

This tool is provided for educational and authorized security testing purposes only. Always ensure you have proper authorization before testing any systems or networks you do not own. All processing happens client-side in your browser — no data is sent to our servers.