Browse 10 Pillar level CWE entries. Highest-level weaknesses representing the most abstract categorization of software security issues.
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
The product does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.
An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses.
The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
The product compares two entities in a security-relevant context, but the comparison is incorrect.
The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Get a free security assessment from our experts. We'll identify vulnerabilities and create a protection plan tailored to your business.
Continue with these related tools
This tool is provided for educational and authorized security testing purposes only. Always ensure you have proper authorization before testing any systems or networks you do not own. All processing happens client-side in your browser — no data is sent to our servers.