the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew  

CWE Definitions

Select   Select&Copy
CWE Number Name Number Of Related Vulnerabilities
323 Reusing a Nonce, Key Pair in Encryption 1
325 Missing Required Cryptographic Step 1
334 Small Space of Random Values 1
349 Acceptance of Extraneous Untrusted Data With Trusted Data 1
359 Privacy Violation 1
364 Signal Handler Race Condition 1
398 Indicator of Poor Code Quality 1
406 Insufficient Control of Network Message Volume (Network Amplification) 1
42 Path Equivalence: 'filename.' (Trailing Dot) 1
435 Interaction Error 1
440 Expected Behavior Violation 1
457 Use of Uninitialized Variable 1
485 Insufficient Encapsulation 1
506 Embedded Malicious Code 1
507 Trojan Horse 1
523 Unprotected Transport of Credentials 1
525 Information Leak Through Browser Caching 1
527 Exposure of CVS Repository to an Unauthorized Control Sphere 1
539 Information Leak Through Persistent Cookies 1
540 Information Leak Through Source Code 1
567 Unsynchronized Access to Shared Data 1
573 Failure to Follow Specification 1
598 Information Leak Through Query Strings in GET Request 1
603 Use of Client-Side Authentication 1
620 Unverified Password Change 1
64 Windows Shortcut Following (.LNK) 1
644 Improper Neutralization of HTTP Headers for Scripting Syntax 1
649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking 1
653 Insufficient Compartmentalization 1
684 Failure to Provide Specified Functionality 1
688 Function Call With Incorrect Variable or Reference as Argument 1
708 Incorrect Ownership Assignment 1
710 Coding Standards Violation 1
75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) 1
757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') 1
759 Use of a One-Way Hash without a Salt 1
760 Use of a One-Way Hash with a Predictable Salt 1
774 Allocation of File Descriptors or Handles Without Limits or Throttling 1
775 Missing Release of File Descriptor or Handle after Effective Lifetime 1
778 Insufficient Logging 1
807 Reliance on Untrusted Inputs in a Security Decision 1
87 Failure to Sanitize Alternate XSS Syntax 1
98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') 1
102 Struts: Duplicate Validation Forms
103 Struts: Incomplete validate() Method Definition
104 Struts: Form Bean Does Not Extend Validation Class
105 Struts: Form Field Without Validator
106 Struts: Plug-in Framework not in Use
107 Struts: Unused Validation Form
108 Struts: Unvalidated Action Form
Total number of cwe definitions : 668   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14
The CWE definitions are only provided as a quick reference.They are not complete and may not be up to date!
You must visit for a complete list of CWE entries and for more details.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.