DATASHEET
CWE Weakness Enforcement (2023)
ENFORCEMENT FOR KW 2024.2
CWE enforcement is measured against defined lists of weaknesses which do not all apply to every language.
2023 CWE Top 25 Most Dangerous Software Weaknesses
https://cwe.mitre.org/top25/archive/2023/2023_top25_list.html
Rank | CWE ID | Description | Enforced C/C++ | Enforced C# | Enforced Java |
|---|---|---|---|---|---|
[1] | Out-of-bounds Write | Yes | Yes | No | |
[2] | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Yes | Yes | Yes | |
[3] | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | Yes | Yes | Yes | |
[4] | Use After Free | Yes | Yes | No | |
[5] | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | Yes | Yes | Yes | |
[6] | Improper Input Validation | Yes | Yes | Yes | |
[7] | Out-of-bounds Read | Yes | Yes | No | |
[8] | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Yes | Yes | Yes | |
[9] | Cross-Site Request Forgery (CSRF) | No | Yes | Yes | |
[10] | Unrestricted Upload of File with Dangerous Type | No | No | Yes | |
[11] | Missing Authorization | No | Yes | Yes | |
[12] | NULL Pointer Dereference | Yes | Yes | Yes | |
[13] | Improper Authentication | Yes | No | Yes | |
[14] | Integer Overflow or Wraparound | Yes | Yes | Yes | |
[15] | Deserialization of Untrusted Data | No | Yes | Yes | |
[16] | Improper Neutralization of Special Elements used in a Command ('Command Injection') | Yes | No | No | |
[17] | Improper Restriction of Operations within the Bounds of a Memory Buffer | Yes | Yes | No | |
[18] | Use of Hard-coded Credentials | Yes | No | No | |
[19] | Server-Side Request Forgery (SSRF) | No | No | Yes | |
[20] | Missing Authentication for Critical Function | No | No | Yes | |
[21] | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | Yes | No | No | |
[22] | Improper Privilege Management | Yes | Yes | Yes | |
[23] | Improper Control of Generation of Code ('Code Injection') | Yes | Yes | Yes | |
[24] | Incorrect Authorization | No | No | No | |
[25] | Incorrect Default Permissions | Yes | No | No |