CWE Top 25 Most Dangerous Software Weaknesses

GPTKB entity

Statements (46)
Predicate Object
gptkbp:instanceOf software security list
gptkbp:annualEvent true
gptkbp:basedOn gptkb:Common_Weakness_Enumeration
gptkbp:contains CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
CWE-125: Out-of-bounds Read
CWE-190: Integer Overflow or Wraparound
CWE-201: Information Exposure through Sent Data
CWE-204: Response Discrepancy Information Exposure
CWE-20: Improper Input Validation
CWE-22: Path Traversal
CWE-269: Improper Privilege Management
CWE-276: Incorrect Default Permissions
CWE-287: Improper Authentication
CWE-352: Cross-Site Request Forgery (CSRF)
CWE-362: Race Condition
CWE-400: Uncontrolled Resource Consumption
CWE-416: Use After Free
CWE-476: NULL Pointer Dereference
CWE-502: Deserialization of Untrusted Data
CWE-522: Insufficiently Protected Credentials
CWE-77: Command Injection
CWE-787: Out-of-bounds Write
CWE-78: OS Command Injection
CWE-798: Use of Hard-coded Credentials
CWE-79: Cross-site Scripting (XSS)
CWE-862: Missing Authorization
CWE-89: SQL Injection
CWE-918: Server-Side Request Forgery (SSRF)
CWE-94: Code Injection
CWE-306: Missing Authentication for Critical Function
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-434: Unrestricted Upload of File with Dangerous Type
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-732: Incorrect Permission Assignment for Critical Resource
CWE-611: Improper Restriction of XML External Entity Reference (XXE)
CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)
gptkbp:firstPublished 2010
gptkbp:focusesOn software vulnerabilities
https://www.w3.org/2000/01/rdf-schema#label CWE Top 25 Most Dangerous Software Weaknesses
gptkbp:publishedBy gptkb:MITRE_Corporation
gptkbp:usedBy software developers
security professionals
penetration testers
gptkbp:bfsParent gptkb:CWE-119
gptkb:CWE-862
gptkbp:bfsLayer 7