CWE Definitions list and vulnerabilities for CWE entries

Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.

CWE Number	Name
CWE-647	Use of Non-Canonical URL Paths for Authorization Decisions	Vulnerabilities
CWE-648	Incorrect Use of Privileged APIs	Vulnerabilities
CWE-649	Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking	Vulnerabilities
CWE-650	Trusting HTTP Permission Methods on the Server Side	Vulnerabilities
CWE-651	Exposure of WSDL File Containing Sensitive Information	Vulnerabilities
CWE-652	Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')	Vulnerabilities
CWE-653	Improper Isolation or Compartmentalization	Vulnerabilities
CWE-654	Reliance on a Single Factor in a Security Decision	Vulnerabilities
CWE-655	Insufficient Psychological Acceptability	Vulnerabilities
CWE-656	Reliance on Security Through Obscurity	Vulnerabilities
CWE-657	Violation of Secure Design Principles	Vulnerabilities
CWE-662	Improper Synchronization	Vulnerabilities
CWE-663	Use of a Non-reentrant Function in a Concurrent Context	Vulnerabilities
CWE-664	Improper Control of a Resource Through its Lifetime	Vulnerabilities
CWE-665	Improper Initialization	Vulnerabilities
CWE-666	Operation on Resource in Wrong Phase of Lifetime	Vulnerabilities
CWE-667	Improper Locking	Vulnerabilities
CWE-668	Exposure of Resource to Wrong Sphere	Vulnerabilities
CWE-669	Incorrect Resource Transfer Between Spheres	Vulnerabilities
CWE-670	Always-Incorrect Control Flow Implementation	Vulnerabilities
CWE-671	Lack of Administrator Control over Security	Vulnerabilities
CWE-672	Operation on a Resource after Expiration or Release	Vulnerabilities
CWE-673	External Influence of Sphere Definition	Vulnerabilities
CWE-674	Uncontrolled Recursion	Vulnerabilities
CWE-675	Multiple Operations on Resource in Single-Operation Context	Vulnerabilities
CWE-676	Use of Potentially Dangerous Function	Vulnerabilities
CWE-680	Integer Overflow to Buffer Overflow	Vulnerabilities
CWE-681	Incorrect Conversion between Numeric Types	Vulnerabilities
CWE-682	Incorrect Calculation	Vulnerabilities
CWE-683	Function Call With Incorrect Order of Arguments	Vulnerabilities
CWE-684	Incorrect Provision of Specified Functionality	Vulnerabilities
CWE-685	Function Call With Incorrect Number of Arguments	Vulnerabilities
CWE-686	Function Call With Incorrect Argument Type	Vulnerabilities
CWE-687	Function Call With Incorrectly Specified Argument Value	Vulnerabilities
CWE-688	Function Call With Incorrect Variable or Reference as Argument	Vulnerabilities
CWE-689	Permission Race Condition During Resource Copy	Vulnerabilities
CWE-690	Unchecked Return Value to NULL Pointer Dereference	Vulnerabilities
CWE-691	Insufficient Control Flow Management	Vulnerabilities
CWE-692	Incomplete Denylist to Cross-Site Scripting	Vulnerabilities
CWE-693	Protection Mechanism Failure	Vulnerabilities
CWE-694	Use of Multiple Resources with Duplicate Identifier	Vulnerabilities
CWE-695	Use of Low-Level Functionality	Vulnerabilities
CWE-696	Incorrect Behavior Order	Vulnerabilities
CWE-697	Incorrect Comparison	Vulnerabilities
CWE-698	Execution After Redirect (EAR)	Vulnerabilities
CWE-703	Improper Check or Handling of Exceptional Conditions	Vulnerabilities
CWE-704	Incorrect Type Conversion or Cast	Vulnerabilities
CWE-705	Incorrect Control Flow Scoping	Vulnerabilities
CWE-706	Use of Incorrectly-Resolved Name or Reference	Vulnerabilities
CWE-707	Improper Neutralization	Vulnerabilities

Found 668 CWE definitions

1 2 3 4 5 6 7 8 9 10 11 12 13 14

Please note that CWE definitions are provided as a quick reference only. Visit http://cwe.mitre.org/ for a complete list of CWE entries and for more details.