Common Weakness Enumeration — the root causes behind every CVE

CWE catalogs the root causes behind CVEs — SQL injection, XSS, broken auth, and 300+ others that keep showing up in security advisories. Each entry here covers how it happens, what it costs when someone exploits it, and the fix that actually closes it.

Showing 241–270 of 323 weaknesses

CWE-680

Integer Overflow to Buffer Overflow

This weakness occurs when a program calculates a buffer size using integer arithmetic, but an overflow in that calculation causes the result to wrap around to…

Read
CWE-681

Incorrect Conversion between Numeric Types

This weakness occurs when software converts a value from one numeric type to another for example, from a larger integer to a smaller one, or from a…

Read
CWE-682

Incorrect Calculation

Incorrect Calculation occurs when software performs a mathematical operation and produces a wrong result due to logic errors, type mismatches, overflow, or…

Read
CWE-684

Incorrect Provision of Specified Functionality

This weakness occurs when software fails to implement a feature, security control, or behavior exactly as it was designed or specified to work. The gap between…

Read
CWE-691

Insufficient Control Flow Management

This weakness occurs when an application fails to properly enforce the sequence or conditions under which operations should occur. An attacker can bypass…

Read
CWE-693

Protection Mechanism Failure

This weakness occurs when software has access to a security control—such as input validation, authentication, encryption, or access checks—but either doesn't…

Read
CWE-696

Incorrect Behavior Order

This weakness occurs when a software system performs security-critical operations in the wrong sequence, allowing an attacker to bypass checks or exploit a…

Read
CWE-697

Incorrect Comparison

Incorrect comparison occurs when software uses the wrong operator, compares values of different types without proper conversion, or applies logic that doesn't…

Read
CWE-703

Improper Check or Handling of Exceptional Conditions

This weakness occurs when software fails to properly detect, catch, or respond to error conditions and exceptional events during execution. When exceptions are…

Read
CWE-704

Incorrect Type Conversion or Cast

Type conversion weaknesses occur when software converts data from one type to another in a way that produces unexpected or unsafe results. In loosely-typed…

Read
CWE-706

Use of Incorrectly-Resolved Name or Reference

This weakness occurs when software attempts to access a resource by name or reference, but that name resolves to something other than what the developer…

Read
CWE-707

Improper Neutralization

This weakness describes a failure to properly validate and sanitize structured data before passing it to another component or system. When software doesn't…

Read
CWE-710

Improper Adherence to Coding Standards

This weakness describes code that violates established coding standards, conventions, or best practices — not because it's immediately broken, but because it…

Read
CWE-732

Incorrect Permission Assignment for Critical Resource

This weakness occurs when a security-critical file, directory, or resource is created with overly permissive access controls, allowing unauthorized users to…

Read
CWE-749

Exposed Dangerous Method or Function

This weakness occurs when software exposes a powerful or sensitive method, function, or API endpoint without adequate access controls or safety guardrails. An…

Read
CWE-754

Improper Check for Unusual or Exceptional Conditions

This weakness occurs when code fails to anticipate and handle edge cases, error states, or unusual inputs that fall outside normal operation. Rather than…

Read
CWE-755

Improper Handling of Exceptional Conditions

This weakness occurs when software fails to properly catch, log, or respond to errors and exceptional conditions. When exceptions go unhandled or are handled…

Read
CWE-757

Selection of Less-Secure Algorithm During Negotiation

This weakness occurs when software chooses a weaker encryption algorithm, protocol version, or security mechanism during negotiation, even though stronger…

Read
CWE-759

Use of a One-Way Hash without a Salt

This weakness occurs when a system hashes sensitive data typically passwords without adding a unique random value called a \"salt\" to each hash before…

Read
CWE-760

Use of a One-Way Hash with a Predictable Salt

This weakness occurs when a system hashes sensitive data like passwords with a salt, but the salt itself is predictable or reused across multiple users. A salt…

Read
CWE-770

Allocation of Resources Without Limits or Throttling

This weakness occurs when an application allocates resources—such as memory, disk space, network connections, or processing time—without enforcing any upper…

Read
CWE-772

Missing Release of Resource after Effective Lifetime

This weakness occurs when a program acquires a resource—such as a file handle, database connection, network socket, or memory allocation—but fails to release…

Read
CWE-776

Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion)

This weakness occurs when an application parses XML documents without limiting how many times entity references can be nested or expanded. An attacker can…

Read
CWE-778

Insufficient Logging

Insufficient logging occurs when an application fails to record security-relevant events or records them without enough detail to detect or investigate…

Read
CWE-779

Logging of Excessive Data

This weakness occurs when an application logs too much information—particularly sensitive data like passwords, API keys, personal identifiers, or full…

Read
CWE-787

Out-of-bounds Write

Out-of-bounds write occurs when a program writes data to a memory location outside the boundaries of an allocated buffer. This can corrupt adjacent memory…

Read
CWE-788

Access of Memory Location After End of Buffer

This weakness occurs when software reads from or writes to memory beyond the boundaries of an allocated buffer. Unlike a classic buffer overflow that writes…

Read
CWE-789

Memory Allocation with Excessive Size Value

This weakness occurs when a program allocates memory based on a size value that comes from untrusted input without proper validation. An attacker can supply an…

Read
CWE-798

Use of Hard-coded Credentials

Hard-coded credentials are usernames, passwords, API keys, or cryptographic keys embedded directly in source code, configuration files, or compiled binaries…

Read
CWE-799

Improper Control of Interaction Frequency

This weakness occurs when software fails to limit how often a user or automated system can perform a specific action—such as submitting a login attempt…

Read
Page 9 of 11