Cyber Resilience

CWE — cumulative coverage

666 of 969 CWE items carry authoritative control / attack-technique coverage. Each control's verdict is the strongest single inbound mapping; the bar shows the spread and the row shows how many sources (and from which frameworks) contribute. Authoritative mappings only.

← All cross-walks

Base
372/539 · 372 covered
CWE-770Allocation of Resources Without Limits or ThrottlingFull32 src · CAPEC 19, MITRE ATT&CK 7, DISA STIG Oracle Linux 8 2, DISA STIG Oracle Linux 9 2, DISA STIG Rhel 8 1, OWASP ASVS 5.0 1
CWE-308Use of Single-factor AuthenticationFull30 src · MITRE ATT&CK 13, CAPEC 13, OWASP ASVS 5.0 3, OWASP Web Top 10 (2025) 1
CWE-654Reliance on a Single Factor in a Security DecisionFull29 src · MITRE ATT&CK 15, CAPEC 10, OWASP ASVS 5.0 1, DISA STIG Ubuntu 22 04 1, DISA STIG Oracle Linux 9 1, DISA STIG Rhel 9 1
CWE-829Inclusion of Functionality from Untrusted Control SphereFull28 src · CAPEC 11, MITRE ATT&CK 8, OWASP ASVS 5.0 2, OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 8 1, DISA STIG Oracle Linux 9 1, DISA STIG Rhel 7 1, DISA STIG Rhel 8 1, DISA STIG Rhel 9 1, DISA STIG Windows 10 1
CWE-290Authentication Bypass by SpoofingFull27 src · MITRE ATT&CK 10, CAPEC 10, OWASP ASVS 5.0 3, OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 8 1, DISA STIG Rhel 7 1, DISA STIG Rhel 8 1
CWE-309Use of Password System for Primary AuthenticationFull25 src · CAPEC 12, MITRE ATT&CK 11, OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 8 1
CWE-521Weak Password RequirementsFull24 src · MITRE ATT&CK 9, CAPEC 9, OWASP ASVS 5.0 3, DISA STIG Rhel 7 2, OWASP Web Top 10 (2025) 1
CWE-494Download of Code Without Integrity CheckFull23 src · CAPEC 12, MITRE ATT&CK 4, DISA STIG Rhel 7 2, DISA STIG Oracle Linux 9 1, DISA STIG Rhel 8 1, OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 8 1, DISA STIG Rhel 9 1
CWE-778Insufficient LoggingFull23 src · NIST CSF 2.0 14, DISA STIG Rhel 8 4, DISA STIG Oracle Linux 8 2, OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 9 1, DISA STIG Rhel 9 1
CWE-328Use of Weak HashFull19 src · MITRE ATT&CK 8, OWASP ASVS 5.0 2, OWASP Web Top 10 (2025) 2, CAPEC 2, DISA STIG Windows 11 1, DISA STIG Windows Server 2016 1, DISA STIG Windows Server 2022 1, DISA STIG Windows 10 1, DISA STIG Windows Server 2019 1
CWE-354Improper Validation of Integrity Check ValueFull19 src · MITRE ATT&CK 9, DISA STIG Oracle Linux 8 2, DISA STIG Rhel 7 2, DISA STIG Rhel 8 2, CAPEC 2, DISA STIG Oracle Linux 9 1, OWASP Web Top 10 (2025) 1
CWE-757Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')Full19 src · OWASP ASVS 5.0 8, CAPEC 3, MITRE ATT&CK 2, DISA STIG Windows 10 1, OWASP Web Top 10 (2025) 1, DISA STIG Windows 11 1, DISA STIG Windows Server 2016 1, DISA STIG Windows Server 2019 1, DISA STIG Windows Server 2022 1
CWE-223Omission of Security-relevant InformationFull17 src · NIST CSF 2.0 12, DISA STIG Ubuntu 22 04 2, DISA STIG Ubuntu 24 04 2, OWASP Web Top 10 (2025) 1
CWE-294Authentication Bypass by Capture-replayFull17 src · MITRE ATT&CK 8, CAPEC 6, OWASP ASVS 5.0 2, OWASP Web Top 10 (2025) 1
CWE-306Missing Authentication for Critical FunctionFull16 src · CAPEC 4, OWASP ASVS 5.0 3, DISA STIG Rhel 8 2, DISA STIG Rhel 7 2, DISA STIG Oracle Linux 8 2, MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1
CWE-353Missing Support for Integrity CheckFull16 src · MITRE ATT&CK 4, CAPEC 4, OWASP ASVS 5.0 3, DISA STIG Oracle Linux 8 3, OWASP Web Top 10 (2025) 1, DISA STIG Rhel 8 1
CWE-94Improper Control of Generation of Code ('Code Injection')Full16 src · MITRE ATT&CK 10, CAPEC 3, OWASP Web Top 10 (2025) 1, OWASP ASVS 5.0 1, NIST CSF 2.0 1
CWE-347Improper Verification of Cryptographic SignatureFull15 src · MITRE ATT&CK 5, DISA STIG Oracle Linux 9 2, DISA STIG Oracle Linux 8 2, DISA STIG Rhel 7 2, DISA STIG Rhel 8 1, DISA STIG Rhel 9 1, CAPEC 1, OWASP Web Top 10 (2025) 1
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Full15 src · CAPEC 5, MITRE ATT&CK 5, OWASP ASVS 5.0 2, NIST CSF 2.0 2, OWASP Web Top 10 (2025) 1
CWE-288Authentication Bypass Using an Alternate Path or ChannelFull14 src · DISA STIG Rhel 7 3, MITRE ATT&CK 3, DISA STIG Oracle Linux 9 2, DISA STIG Oracle Linux 8 2, OWASP ASVS 5.0 2, OWASP Web Top 10 (2025) 1, CAPEC 1
CWE-307Improper Restriction of Excessive Authentication AttemptsFull14 src · CAPEC 6, MITRE ATT&CK 5, DISA STIG Rhel 7 2, OWASP Web Top 10 (2025) 1
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')Full14 src · CAPEC 5, MITRE ATT&CK 4, OWASP ASVS 5.0 2, NIST CSF 2.0 2, OWASP Web Top 10 (2025) 1
CWE-1188Initialization of a Resource with an Insecure DefaultFull13 src · MITRE ATT&CK 4, OWASP ASVS 5.0 2, DISA STIG Rhel 7 1, DISA STIG Windows Server 2019 1, DISA STIG Ubuntu 22 04 1, DISA STIG Ubuntu 24 04 1, CAPEC 1, DISA STIG Windows Server 2016 1, DISA STIG Oracle Linux 8 1
CWE-1241Use of Predictable Algorithm in Random Number GeneratorFull12 src · OWASP ASVS 5.0 4, DISA STIG Oracle Linux 8 2, DISA STIG Rhel 8 2, MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1, CAPEC 1
CWE-1284Improper Validation of Specified Quantity in InputFull12 src · OWASP ASVS 5.0 7, MITRE ATT&CK 5
CWE-295Improper Certificate ValidationFull12 src · DISA STIG Oracle Linux 8 3, MITRE ATT&CK 3, DISA STIG Rhel 7 2, DISA STIG Rhel 8 2, CAPEC 1, OWASP Web Top 10 (2025) 1
CWE-343Predictable Value Range from Previous ValuesFull12 src · OWASP ASVS 5.0 7, MITRE ATT&CK 4, DISA STIG Oracle Linux 8 1
CWE-940Improper Verification of Source of a Communication ChannelFull12 src · MITRE ATT&CK 4, CAPEC 4, OWASP ASVS 5.0 3, OWASP Web Top 10 (2025) 1
CWE-1285Improper Validation of Specified Index, Position, or Offset in InputFull10 src · OWASP ASVS 5.0 5, MITRE ATT&CK 5
CWE-88Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')Full10 src · MITRE ATT&CK 4, CAPEC 4, OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1
CWE-1282Assumed-Immutable Data is Stored in Writable MemoryFull9 src · MITRE ATT&CK 7, CAPEC 2
CWE-1287Improper Validation of Specified Type of InputFull9 src · OWASP ASVS 5.0 5, MITRE ATT&CK 4
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')Full9 src · CAPEC 5, OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1, NIST CSF 2.0 1
CWE-302Authentication Bypass by Assumed-Immutable DataFull9 src · CAPEC 6, MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1
CWE-798Use of Hard-coded CredentialsFull9 src · MITRE ATT&CK 5, CAPEC 2, OWASP Web Top 10 (2025) 1, NIST CSF 2.0 1
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')Full9 src · CAPEC 5, NIST CSF 2.0 2, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-1240Use of a Cryptographic Primitive with a Risky ImplementationFull8 src · DISA STIG Oracle Linux 8 2, DISA STIG Rhel 8 2, DISA STIG Oracle Linux 9 1, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1, CAPEC 1
CWE-209Generation of Error Message Containing Sensitive InformationFull8 src · CAPEC 3, MITRE ATT&CK 3, OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1
CWE-419Unprotected Primary ChannelFull8 src · MITRE ATT&CK 3, DISA STIG Oracle Linux 8 2, DISA STIG Oracle Linux 9 1, OWASP Web Top 10 (2025) 1, CAPEC 1
CWE-426Untrusted Search PathFull8 src · MITRE ATT&CK 6, OWASP Web Top 10 (2025) 1, CAPEC 1
CWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')Full8 src · OWASP ASVS 5.0 4, CAPEC 2, MITRE ATT&CK 1, OWASP Web Top 10 (2025) 1
CWE-538Insertion of Sensitive Information into Externally-Accessible File or DirectoryFull8 src · OWASP ASVS 5.0 2, MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1, CAPEC 1, DISA STIG Oracle Linux 8 1, DISA STIG Rhel 8 1
CWE-565Reliance on Cookies without Validation and Integrity CheckingFull8 src · MITRE ATT&CK 4, CAPEC 3, OWASP Web Top 10 (2025) 1
CWE-749Exposed Dangerous Method or FunctionFull8 src · DISA STIG Ubuntu 22 04 3, OWASP Web Top 10 (2025) 1, OWASP ASVS 5.0 1, MITRE ATT&CK 1, CAPEC 1, DISA STIG Ubuntu 24 04 1
CWE-843Access of Resource Using Incompatible Type ('Type Confusion')Full8 src · MITRE ATT&CK 5, OWASP ASVS 5.0 3
CWE-1295Debug Messages Revealing Unnecessary InformationFull7 src · MITRE ATT&CK 2, OWASP ASVS 5.0 1, CAPEC 1, DISA STIG Windows 10 1, DISA STIG Windows Server 2016 1, DISA STIG Windows Server 2019 1
CWE-1392Use of Default CredentialsFull7 src · MITRE ATT&CK 5, OWASP Web Top 10 (2025) 1, OWASP ASVS 5.0 1
CWE-201Insertion of Sensitive Information Into Sent DataFull7 src · CAPEC 3, MITRE ATT&CK 2, OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1
CWE-208Observable Timing DiscrepancyFull7 src · CAPEC 3, MITRE ATT&CK 3, OWASP ASVS 5.0 1
CWE-296Improper Following of a Certificate's Chain of TrustFull7 src · MITRE ATT&CK 2, DISA STIG Oracle Linux 8 1, DISA STIG Rhel 8 1, DISA STIG Oracle Linux 9 1, DISA STIG Rhel 9 1, OWASP Web Top 10 (2025) 1
CWE-335Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)Full7 src · OWASP ASVS 5.0 2, MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 8 1, DISA STIG Rhel 8 1
CWE-338Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)Full7 src · OWASP ASVS 5.0 2, OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 8 1, DISA STIG Ubuntu 22 04 1, DISA STIG Rhel 8 1, MITRE ATT&CK 1
CWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionFull7 src · MITRE ATT&CK 3, OWASP ASVS 5.0 2, CAPEC 2
CWE-838Inappropriate Encoding for Output ContextFull7 src · OWASP ASVS 5.0 4, MITRE ATT&CK 2, CAPEC 1
CWE-1104Use of Unmaintained Third Party ComponentsFull6 src · MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1, OWASP ASVS 5.0 1, DISA STIG Oracle Linux 8 1, NIST CSF 2.0 1
CWE-1204Generation of Weak Initialization Vector (IV)Full6 src · OWASP Web Top 10 (2025) 1, DISA STIG Rhel 7 1, CAPEC 1, DISA STIG Oracle Linux 8 1, DISA STIG Rhel 8 1, MITRE ATT&CK 1
CWE-134Use of Externally-Controlled Format StringFull6 src · MITRE ATT&CK 4, CAPEC 2
CWE-23Relative Path TraversalFull6 src · MITRE ATT&CK 2, CAPEC 2, OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1
CWE-257Storing Passwords in a Recoverable FormatFull6 src · MITRE ATT&CK 4, OWASP ASVS 5.0 1, CAPEC 1
CWE-304Missing Critical Step in AuthenticationFull6 src · DISA STIG Rhel 7 2, OWASP Web Top 10 (2025) 1, DISA STIG Ubuntu 22 04 1, OWASP ASVS 5.0 1, MITRE ATT&CK 1
CWE-319Cleartext Transmission of Sensitive InformationFull6 src · CAPEC 4, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-524Use of Cache Containing Sensitive InformationFull6 src · MITRE ATT&CK 4, OWASP ASVS 5.0 1, CAPEC 1
CWE-603Use of Client-Side AuthenticationFull6 src · OWASP ASVS 5.0 4, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-76Improper Neutralization of Equivalent Special ElementsFull6 src · MITRE ATT&CK 5, OWASP Web Top 10 (2025) 1
CWE-918Server-Side Request Forgery (SSRF)Full6 src · OWASP ASVS 5.0 3, CAPEC 1, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-93Improper Neutralization of CRLF Sequences ('CRLF Injection')Full6 src · CAPEC 2, MITRE ATT&CK 2, OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1
CWE-299Improper Check for Certificate RevocationFull5 src · MITRE ATT&CK 4, OWASP ASVS 5.0 1
CWE-341Predictable from Observable StateFull5 src · OWASP ASVS 5.0 3, MITRE ATT&CK 2
CWE-356Product UI does not Warn User of Unsafe ActionsFull5 src · MITRE ATT&CK 4, OWASP Web Top 10 (2025) 1
CWE-425Direct Request ('Forced Browsing')Full5 src · CAPEC 3, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-502Deserialization of Untrusted DataFull5 src · MITRE ATT&CK 3, OWASP Web Top 10 (2025) 1, CAPEC 1
CWE-523Unprotected Transport of CredentialsFull5 src · DISA STIG Rhel 8 2, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1, CAPEC 1
CWE-611Improper Restriction of XML External Entity ReferenceFull5 src · MITRE ATT&CK 2, OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1, CAPEC 1
CWE-613Insufficient Session ExpirationFull5 src · MITRE ATT&CK 4, OWASP Web Top 10 (2025) 1
CWE-916Use of Password Hash With Insufficient Computational EffortFull5 src · MITRE ATT&CK 2, OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1, CAPEC 1
CWE-917Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')Full5 src · OWASP ASVS 5.0 3, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-1236Improper Neutralization of Formula Elements in a CSV FileFull4 src · MITRE ATT&CK 3, OWASP ASVS 5.0 1
CWE-1326Missing Immutable Root of Trust in HardwareFull4 src · MITRE ATT&CK 4
CWE-1336Improper Neutralization of Special Elements Used in a Template EngineFull4 src · OWASP ASVS 5.0 2, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-210Self-generated Error Message Containing Sensitive InformationFull4 src · MITRE ATT&CK 3, OWASP ASVS 5.0 1
CWE-260Password in Configuration FileFull4 src · MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1, DISA STIG Rhel 7 1
CWE-289Authentication Bypass by Alternate NameFull4 src · OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 8 1, MITRE ATT&CK 1, DISA STIG Rhel 7 1
CWE-334Small Space of Random ValuesFull4 src · MITRE ATT&CK 3, OWASP Web Top 10 (2025) 1
CWE-601URL Redirection to Untrusted Site ('Open Redirect')Full4 src · OWASP ASVS 5.0 1, CAPEC 1, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-643Improper Neutralization of Data within XPath Expressions ('XPath Injection')Full4 src · OWASP ASVS 5.0 2, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-652Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')Full4 src · OWASP ASVS 5.0 2, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-776Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')Full4 src · MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1, CAPEC 1
CWE-836Use of Password Hash Instead of Password for AuthenticationFull4 src · MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1, CAPEC 1
CWE-90Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')Full4 src · OWASP ASVS 5.0 1, CAPEC 1, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-215Insertion of Sensitive Information Into Debugging CodeFull3 src · OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-248Uncaught ExceptionFull3 src · MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1
CWE-358Improperly Implemented Security Check for StandardFull3 src · MITRE ATT&CK 2, OWASP ASVS 5.0 1
CWE-36Absolute Path TraversalFull3 src · OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1, CAPEC 1
CWE-363Race Condition Enabling Link FollowingFull3 src · OWASP ASVS 5.0 1, CAPEC 1, MITRE ATT&CK 1
CWE-640Weak Password Recovery Mechanism for Forgotten PasswordFull3 src · OWASP Web Top 10 (2025) 1, CAPEC 1, OWASP ASVS 5.0 1
CWE-1327Binding to an Unrestricted IP AddressFull2 src · OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-1333Inefficient Regular Expression ComplexityFull2 src · MITRE ATT&CK 1, CAPEC 1
CWE-323Reusing a Nonce, Key Pair in EncryptionFull2 src · OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1
CWE-620Unverified Password ChangeFull2 src · OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-639Authorization Bypass Through User-Controlled KeyFull2 src · OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-1024Comparison of Incompatible TypesFull1 src · OWASP ASVS 5.0 1
CWE-1271Uninitialized Value on Reset for Registers Holding Security SettingsFull1 src · OWASP Web Top 10 (2025) 1
CWE-390Detection of Error Condition Without ActionFull1 src · OWASP Web Top 10 (2025) 1
CWE-391Unchecked Error ConditionFull1 src · OWASP Web Top 10 (2025) 1
CWE-460Improper Cleanup on Thrown ExceptionFull1 src · OWASP Web Top 10 (2025) 1
CWE-549Missing Password Field MaskingFull1 src · OWASP ASVS 5.0 1
CWE-15External Control of System or Configuration SettingMostly21 src · MITRE ATT&CK 12, CAPEC 8, OWASP Web Top 10 (2025) 1
CWE-212Improper Removal of Sensitive Information Before Storage or TransferMostly19 src · MITRE ATT&CK 12, DISA STIG Oracle Linux 8 3, OWASP ASVS 5.0 2, DISA STIG Rhel 8 1, DISA STIG Oracle Linux 9 1
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')Mostly17 src · CAPEC 12, MITRE ATT&CK 5
CWE-552Files or Directories Accessible to External PartiesMostly16 src · MITRE ATT&CK 11, CAPEC 2, DISA STIG Oracle Linux 8 2, OWASP Web Top 10 (2025) 1
CWE-1220Insufficient Granularity of Access ControlMostly15 src · OWASP ASVS 5.0 5, MITRE ATT&CK 4, NIST CSF 2.0 2, CAPEC 2, DISA STIG Windows Server 2016 1, DISA STIG Windows Server 2022 1
CWE-250Execution with Unnecessary PrivilegesMostly15 src · MITRE ATT&CK 4, CAPEC 3, OWASP ASVS 5.0 2, NIST CSF 2.0 1, DISA STIG Windows 10 1, DISA STIG Windows 11 1, DISA STIG Windows Server 2016 1, DISA STIG Windows Server 2019 1, DISA STIG Windows Server 2022 1
CWE-267Privilege Defined With Unsafe ActionsMostly15 src · MITRE ATT&CK 8, DISA STIG Ubuntu 22 04 3, CAPEC 2, DISA STIG Oracle Linux 9 1, OWASP ASVS 5.0 1
CWE-205Observable Behavioral DiscrepancyMostly14 src · MITRE ATT&CK 9, CAPEC 2, DISA STIG Oracle Linux 8 2, DISA STIG Oracle Linux 9 1
CWE-359Exposure of Private Personal Information to an Unauthorized ActorMostly14 src · MITRE ATT&CK 5, CAPEC 4, OWASP ASVS 5.0 2, OWASP Web Top 10 (2025) 1, DISA STIG Ubuntu 22 04 1, DISA STIG Ubuntu 24 04 1
CWE-204Observable Response DiscrepancyMostly13 src · MITRE ATT&CK 8, CAPEC 4, OWASP ASVS 5.0 1
CWE-226Sensitive Information in Resource Not Removed Before ReuseMostly13 src · MITRE ATT&CK 6, OWASP ASVS 5.0 2, CAPEC 1, DISA STIG Oracle Linux 8 1, DISA STIG Oracle Linux 9 1, DISA STIG Rhel 8 1, DISA STIG Rhel 9 1
CWE-348Use of Less Trusted SourceMostly13 src · MITRE ATT&CK 6, CAPEC 4, DISA STIG Oracle Linux 8 1, DISA STIG Oracle Linux 9 1, DISA STIG Rhel 7 1
CWE-73External Control of File Name or PathMostly13 src · CAPEC 8, MITRE ATT&CK 3, OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1
CWE-213Exposure of Sensitive Information Due to Incompatible PoliciesMostly12 src · MITRE ATT&CK 6, OWASP ASVS 5.0 4, DISA STIG Ubuntu 24 04 1, DISA STIG Windows Server 2019 1
CWE-276Incorrect Default PermissionsMostly12 src · MITRE ATT&CK 4, DISA STIG Windows Server 2016 2, DISA STIG Windows Server 2019 2, DISA STIG Windows Server 2022 2, CAPEC 1, OWASP Web Top 10 (2025) 1
CWE-312Cleartext Storage of Sensitive InformationMostly12 src · MITRE ATT&CK 6, DISA STIG Oracle Linux 8 1, DISA STIG Oracle Linux 9 1, DISA STIG Rhel 8 1, OWASP Web Top 10 (2025) 1, CAPEC 1, OWASP ASVS 5.0 1
CWE-427Uncontrolled Search Path ElementMostly12 src · MITRE ATT&CK 8, CAPEC 2, DISA STIG Oracle Linux 8 1, OWASP Web Top 10 (2025) 1
CWE-266Incorrect Privilege AssignmentMostly11 src · DISA STIG Ubuntu 24 04 2, DISA STIG Ubuntu 22 04 2, MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 8 1, DISA STIG Oracle Linux 9 1, DISA STIG Rhel 8 1, DISA STIG Rhel 9 1
CWE-497Exposure of Sensitive System Information to an Unauthorized Control SphereMostly11 src · CAPEC 2, DISA STIG Oracle Linux 8 2, MITRE ATT&CK 2, DISA STIG Rhel 8 1, OWASP Web Top 10 (2025) 1, DISA STIG Ubuntu 22 04 1, DISA STIG Ubuntu 24 04 1, OWASP ASVS 5.0 1
CWE-123Write-what-where ConditionMostly10 src · MITRE ATT&CK 6, DISA STIG Windows 10 1, DISA STIG Windows 11 1, DISA STIG Oracle Linux 8 1, DISA STIG Rhel 8 1
CWE-179Incorrect Behavior Order: Early ValidationMostly10 src · OWASP ASVS 5.0 6, CAPEC 3, MITRE ATT&CK 1
CWE-184Incomplete List of Disallowed InputsMostly10 src · CAPEC 8, OWASP ASVS 5.0 1, MITRE ATT&CK 1
CWE-268Privilege ChainingMostly10 src · MITRE ATT&CK 4, DISA STIG Ubuntu 22 04 1, DISA STIG Ubuntu 24 04 1, DISA STIG Windows 10 1, DISA STIG Windows Server 2016 1, DISA STIG Windows Server 2019 1, DISA STIG Windows Server 2022 1
CWE-325Missing Cryptographic StepMostly10 src · DISA STIG Oracle Linux 8 2, DISA STIG Rhel 8 1, DISA STIG Ubuntu 22 04 1, DISA STIG Ubuntu 24 04 1, DISA STIG Oracle Linux 9 1, OWASP Web Top 10 (2025) 1, CAPEC 1, DISA STIG Rhel 7 1, MITRE ATT&CK 1
CWE-331Insufficient EntropyMostly10 src · MITRE ATT&CK 3, DISA STIG Oracle Linux 8 2, DISA STIG Rhel 7 1, DISA STIG Rhel 8 1, OWASP Web Top 10 (2025) 1, CAPEC 1, OWASP ASVS 5.0 1
CWE-471Modification of Assumed-Immutable Data (MAID)Mostly10 src · CAPEC 5, MITRE ATT&CK 4, DISA STIG Windows 10 1
CWE-1269Product Released in Non-Release ConfigurationMostly9 src · MITRE ATT&CK 6, DISA STIG Rhel 7 1, DISA STIG Oracle Linux 8 1, CAPEC 1
CWE-1050Excessive Platform Resource Consumption within a LoopMostly8 src · MITRE ATT&CK 3, OWASP ASVS 5.0 3, DISA STIG Oracle Linux 9 1, DISA STIG Rhel 9 1
CWE-1125Excessive Attack SurfaceMostly8 src · DISA STIG Rhel 7 2, OWASP Web Top 10 (2025) 2, DISA STIG Oracle Linux 8 2, DISA STIG Rhel 8 1, MITRE ATT&CK 1
CWE-1286Improper Validation of Syntactic Correctness of InputMostly8 src · OWASP ASVS 5.0 5, CAPEC 2, MITRE ATT&CK 1
CWE-130Improper Handling of Length Parameter InconsistencyMostly8 src · MITRE ATT&CK 4, OWASP ASVS 5.0 2, CAPEC 1, OWASP Web Top 10 (2025) 1
CWE-805Buffer Access with Incorrect Length ValueMostly8 src · MITRE ATT&CK 5, CAPEC 2, OWASP ASVS 5.0 1
CWE-823Use of Out-of-range Pointer OffsetMostly8 src · MITRE ATT&CK 5, OWASP ASVS 5.0 1, CAPEC 1, DISA STIG Windows 10 1
CWE-842Placement of User into Incorrect GroupMostly8 src · DISA STIG Windows Server 2016 2, DISA STIG Windows Server 2019 2, DISA STIG Windows 10 1, DISA STIG Windows 11 1, DISA STIG Windows Server 2022 1, MITRE ATT&CK 1
CWE-1021Improper Restriction of Rendered UI Layers or FramesMostly7 src · CAPEC 5, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-1230Exposure of Sensitive Information Through MetadataMostly7 src · OWASP ASVS 5.0 4, MITRE ATT&CK 3
CWE-1289Improper Validation of Unsafe Equivalence in InputMostly7 src · OWASP ASVS 5.0 6, MITRE ATT&CK 1
CWE-131Incorrect Calculation of Buffer SizeMostly7 src · MITRE ATT&CK 5, CAPEC 2
CWE-183Permissive List of Allowed InputsMostly7 src · CAPEC 4, OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-281Improper Preservation of PermissionsMostly7 src · MITRE ATT&CK 3, DISA STIG Windows Server 2022 2, DISA STIG Windows Server 2019 1, OWASP Web Top 10 (2025) 1
CWE-349Acceptance of Extraneous Untrusted Data With Trusted DataMostly7 src · CAPEC 3, OWASP ASVS 5.0 2, DISA STIG Oracle Linux 8 1, MITRE ATT&CK 1
CWE-437Incomplete Model of Endpoint FeaturesMostly7 src · MITRE ATT&CK 5, NIST CSF 2.0 2
CWE-454External Initialization of Trusted Variables or Data StoresMostly7 src · OWASP ASVS 5.0 4, MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1
CWE-649Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity CheckingMostly7 src · DISA STIG Rhel 8 2, MITRE ATT&CK 2, OWASP ASVS 5.0 1, CAPEC 1, DISA STIG Oracle Linux 9 1
CWE-787Out-of-bounds WriteMostly7 src · MITRE ATT&CK 7
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')Mostly7 src · CAPEC 4, OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-117Improper Output Neutralization for LogsMostly6 src · CAPEC 3, OWASP Web Top 10 (2025) 2, MITRE ATT&CK 1
CWE-124Buffer Underwrite ('Buffer Underflow')Mostly6 src · MITRE ATT&CK 5, OWASP ASVS 5.0 1
CWE-128Wrap-around ErrorMostly6 src · MITRE ATT&CK 5, CAPEC 1
CWE-1329Reliance on Component That is Not UpdateableMostly6 src · MITRE ATT&CK 5, OWASP Web Top 10 (2025) 1
CWE-190Integer Overflow or WraparoundMostly6 src · MITRE ATT&CK 4, CAPEC 1, OWASP ASVS 5.0 1
CWE-261Weak Encoding for PasswordMostly6 src · MITRE ATT&CK 4, OWASP Web Top 10 (2025) 2
CWE-280Improper Handling of Insufficient Permissions or PrivilegesMostly6 src · DISA STIG Rhel 9 2, DISA STIG Oracle Linux 8 2, OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 9 1
CWE-305Authentication Bypass by Primary WeaknessMostly6 src · OWASP ASVS 5.0 2, OWASP Web Top 10 (2025) 1, DISA STIG Ubuntu 22 04 1, DISA STIG Ubuntu 24 04 1, MITRE ATT&CK 1
CWE-366Race Condition within a ThreadMostly6 src · OWASP ASVS 5.0 3, CAPEC 2, MITRE ATT&CK 1
CWE-368Context Switching Race ConditionMostly6 src · MITRE ATT&CK 3, CAPEC 2, OWASP ASVS 5.0 1
CWE-434Unrestricted Upload of File with Dangerous TypeMostly6 src · MITRE ATT&CK 4, OWASP Web Top 10 (2025) 1, OWASP ASVS 5.0 1
CWE-472External Control of Assumed-Immutable Web ParameterMostly6 src · CAPEC 4, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-532Insertion of Sensitive Information into Log FileMostly6 src · MITRE ATT&CK 4, OWASP Web Top 10 (2025) 1, CAPEC 1
CWE-786Access of Memory Location Before Start of BufferMostly6 src · MITRE ATT&CK 5, OWASP ASVS 5.0 1
CWE-788Access of Memory Location After End of BufferMostly6 src · MITRE ATT&CK 5, OWASP ASVS 5.0 1
CWE-115Misinterpretation of InputMostly5 src · MITRE ATT&CK 4, OWASP Web Top 10 (2025) 1
CWE-1173Improper Use of Validation FrameworkMostly5 src · MITRE ATT&CK 3, OWASP ASVS 5.0 2
CWE-1190DMA Device Enabled Too Early in Boot PhaseMostly5 src · MITRE ATT&CK 3, OWASP Web Top 10 (2025) 1, CAPEC 1
CWE-1247Improper Protection Against Voltage and Clock GlitchesMostly5 src · MITRE ATT&CK 3, CAPEC 2
CWE-1274Improper Access Control for Volatile Memory Containing Boot CodeMostly5 src · CAPEC 2, MITRE ATT&CK 2, NIST CSF 2.0 1
CWE-1299Missing Protection Mechanism for Alternate Hardware InterfaceMostly5 src · CAPEC 2, OWASP Web Top 10 (2025) 1, NIST CSF 2.0 1, MITRE ATT&CK 1
CWE-191Integer Underflow (Wrap or Wraparound)Mostly5 src · MITRE ATT&CK 5
CWE-242Use of Inherently Dangerous FunctionMostly5 src · MITRE ATT&CK 5
CWE-342Predictable Exact Value from Previous ValuesMostly5 src · MITRE ATT&CK 2, DISA STIG Oracle Linux 8 1, DISA STIG Rhel 8 1, OWASP Web Top 10 (2025) 1
CWE-408Incorrect Behavior Order: Early AmplificationMostly5 src · MITRE ATT&CK 5
CWE-59Improper Link Resolution Before File Access ('Link Following')Mostly5 src · MITRE ATT&CK 2, OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1, CAPEC 1
CWE-91XML Injection (aka Blind XPath Injection)Mostly5 src · CAPEC 2, MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1
CWE-915Improperly Controlled Modification of Dynamically-Determined Object AttributesMostly5 src · MITRE ATT&CK 4, OWASP Web Top 10 (2025) 1
CWE-924Improper Enforcement of Message Integrity During Transmission in a Communication ChannelMostly5 src · DISA STIG Oracle Linux 8 4, MITRE ATT&CK 1
CWE-1250Improper Preservation of Consistency Between Independent Representations of Shared StateMostly4 src · OWASP ASVS 5.0 4
CWE-1288Improper Validation of Consistency within InputMostly4 src · OWASP ASVS 5.0 2, MITRE ATT&CK 2
CWE-1325Improperly Controlled Sequential Memory AllocationMostly4 src · MITRE ATT&CK 2, CAPEC 1, OWASP ASVS 5.0 1
CWE-303Incorrect Implementation of Authentication AlgorithmMostly4 src · MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1, CAPEC 1
CWE-322Key Exchange without Entity AuthenticationMostly4 src · OWASP Web Top 10 (2025) 2, OWASP ASVS 5.0 1, MITRE ATT&CK 1
CWE-344Use of Invariant Value in Dynamically Changing ContextMostly4 src · MITRE ATT&CK 3, OWASP ASVS 5.0 1
CWE-379Creation of Temporary File in Directory with Insecure PermissionsMostly4 src · MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 8 1
CWE-386Symbolic Name not Mapping to Correct ObjectMostly4 src · MITRE ATT&CK 4
CWE-489Active Debug CodeMostly4 src · CAPEC 2, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-507Trojan HorseMostly4 src · MITRE ATT&CK 3, DISA STIG Oracle Linux 9 1
CWE-540Inclusion of Sensitive Information in Source CodeMostly4 src · MITRE ATT&CK 4
CWE-708Incorrect Ownership AssignmentMostly4 src · MITRE ATT&CK 3, DISA STIG Rhel 7 1
CWE-756Missing Custom Error PageMostly4 src · MITRE ATT&CK 3, OWASP Web Top 10 (2025) 1
CWE-807Reliance on Untrusted Inputs in a Security DecisionMostly4 src · MITRE ATT&CK 3, OWASP Web Top 10 (2025) 1
CWE-1049Excessive Data Query Operations in a Large Data TableMostly3 src · MITRE ATT&CK 2, OWASP ASVS 5.0 1
CWE-1242Inclusion of Undocumented Features or Chicken BitsMostly3 src · CAPEC 2, OWASP ASVS 5.0 1
CWE-1262Improper Access Control for Register InterfaceMostly3 src · MITRE ATT&CK 2, CAPEC 1
CWE-1393Use of Default PasswordMostly3 src · MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1
CWE-214Invocation of Process Using Visible Sensitive InformationMostly3 src · MITRE ATT&CK 2, OWASP ASVS 5.0 1
CWE-256Plaintext Storage of a PasswordMostly3 src · MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1
CWE-283Unverified OwnershipMostly3 src · OWASP Web Top 10 (2025) 1, DISA STIG Windows Server 2016 1, DISA STIG Windows Server 2019 1
CWE-357Insufficient UI Warning of Dangerous OperationsMostly3 src · MITRE ATT&CK 3
CWE-412Unrestricted Externally Accessible LockMostly3 src · MITRE ATT&CK 2, CAPEC 1
CWE-420Unprotected Alternate ChannelMostly3 src · MITRE ATT&CK 3
CWE-466Return of Pointer Value Outside of Expected RangeMostly3 src · MITRE ATT&CK 2, OWASP ASVS 5.0 1
CWE-470Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')Mostly3 src · CAPEC 1, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-606Unchecked Input for Loop ConditionMostly3 src · MITRE ATT&CK 2, OWASP ASVS 5.0 1
CWE-779Logging of Excessive DataMostly3 src · NIST CSF 2.0 3
CWE-1254Incorrect Comparison Logic GranularityMostly2 src · OWASP ASVS 5.0 1, MITRE ATT&CK 1
CWE-1310Missing Ability to Patch ROM CodeMostly2 src · CAPEC 1, MITRE ATT&CK 1
CWE-1328Security Version Number Mutable to Older VersionsMostly2 src · MITRE ATT&CK 1, CAPEC 1
CWE-1431Driving Intermediate Cryptographic State/Results to Hardware Module OutputsMostly2 src · OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1
CWE-252Unchecked Return ValueMostly2 src · OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-324Use of a Key Past its Expiration DateMostly2 src · OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-360Trust of System Event DataMostly2 src · MITRE ATT&CK 2
CWE-369Divide By ZeroMostly2 src · OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-396Declaration of Catch for Generic ExceptionMostly2 src · OWASP Web Top 10 (2025) 1, OWASP ASVS 5.0 1
CWE-409Improper Handling of Highly Compressed Data (Data Amplification)Mostly2 src · MITRE ATT&CK 2
CWE-515Covert Storage ChannelMostly2 src · MITRE ATT&CK 2
CWE-617Reachable AssertionMostly2 src · MITRE ATT&CK 2
CWE-694Use of Multiple Resources with Duplicate IdentifierMostly2 src · OWASP ASVS 5.0 2
CWE-833DeadlockMostly2 src · OWASP ASVS 5.0 1, CAPEC 1
CWE-837Improper Enforcement of a Single, Unique ActionMostly2 src · OWASP ASVS 5.0 2
CWE-1052Excessive Use of Hard-Coded Literals in InitializationMostly1 src · OWASP ASVS 5.0 1
CWE-1058Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member ElementMostly1 src · OWASP ASVS 5.0 1
CWE-1209Failure to Disable Reserved BitsMostly1 src · OWASP ASVS 5.0 1
CWE-1280Access Control Check Implemented After Asset is AccessedMostly1 src · MITRE ATT&CK 1
CWE-1429Missing Security-Relevant Feedback for Unexecuted Operations in Hardware InterfaceMostly1 src · OWASP Web Top 10 (2025) 1
CWE-211Externally-Generated Error Message Containing Sensitive InformationMostly1 src · OWASP ASVS 5.0 1
CWE-222Truncation of Security-relevant InformationMostly1 src · OWASP Web Top 10 (2025) 1
CWE-224Obscured Security-relevant Information by Alternate NameMostly1 src · OWASP Web Top 10 (2025) 1
CWE-301Reflection Attack in an Authentication ProtocolMostly1 src · CAPEC 1
CWE-364Signal Handler Race ConditionMostly1 src · MITRE ATT&CK 1
CWE-394Unexpected Status Code or Return ValueMostly1 src · OWASP Web Top 10 (2025) 1
CWE-397Declaration of Throws for Generic ExceptionMostly1 src · OWASP Web Top 10 (2025) 1
CWE-428Unquoted Search Path or ElementMostly1 src · MITRE ATT&CK 1
CWE-450Multiple Interpretations of UI InputMostly1 src · MITRE ATT&CK 1
CWE-501Trust Boundary ViolationMostly1 src · OWASP Web Top 10 (2025) 1
CWE-544Missing Standardized Error Handling MechanismMostly1 src · OWASP Web Top 10 (2025) 1
CWE-612Improper Authorization of Index Containing Sensitive InformationMostly1 src · MITRE ATT&CK 1
CWE-624Executable Regular Expression ErrorMostly1 src · MITRE ATT&CK 1
CWE-791Incomplete Filtering of Special ElementsMostly1 src · MITRE ATT&CK 1
CWE-1233Security-Sensitive Hardware Controls with Missing Lock Bit ProtectionPartial8 src · MITRE ATT&CK 6, CAPEC 2
CWE-263Password Aging with Long ExpirationPartial8 src · CAPEC 5, MITRE ATT&CK 3
CWE-270Privilege Context Switching ErrorPartial8 src · MITRE ATT&CK 4, CAPEC 2, DISA STIG Ubuntu 22 04 1, OWASP ASVS 5.0 1
CWE-262Not Using Password AgingPartial7 src · CAPEC 4, MITRE ATT&CK 3
CWE-509Replicating Malicious Code (Virus or Worm)Partial7 src · DISA STIG Windows 10 1, DISA STIG Windows 11 1, DISA STIG Windows Server 2016 1, DISA STIG Windows Server 2019 1, DISA STIG Windows Server 2022 1, DISA STIG Oracle Linux 8 1, MITRE ATT&CK 1
CWE-1112Incomplete Documentation of Program ExecutionPartial6 src · OWASP ASVS 5.0 6
CWE-125Out-of-bounds ReadPartial6 src · MITRE ATT&CK 5, CAPEC 1
CWE-1332Improper Handling of Faults that Lead to Instruction SkipsPartial6 src · MITRE ATT&CK 4, CAPEC 2
CWE-822Untrusted Pointer DereferencePartial6 src · MITRE ATT&CK 5, CAPEC 1
CWE-1256Improper Restriction of Software Interfaces to Hardware FeaturesPartial5 src · CAPEC 2, NIST CSF 2.0 2, MITRE ATT&CK 1
CWE-1258Exposure of Sensitive System Information Due to Uncleared Debug InformationPartial5 src · CAPEC 2, OWASP ASVS 5.0 2, OWASP Web Top 10 (2025) 1
CWE-1283Mutable Attestation or Measurement Reporting DataPartial5 src · MITRE ATT&CK 4, CAPEC 1
CWE-188Reliance on Data/Memory LayoutPartial5 src · MITRE ATT&CK 5
CWE-193Off-by-one ErrorPartial5 src · MITRE ATT&CK 5
CWE-237Improper Handling of Structural ElementsPartial5 src · MITRE ATT&CK 4, OWASP ASVS 5.0 1
CWE-272Least Privilege ViolationPartial5 src · CAPEC 1, DISA STIG Ubuntu 24 04 1, DISA STIG Windows 10 1, DISA STIG Windows Server 2022 1, MITRE ATT&CK 1
CWE-274Improper Handling of Insufficient PrivilegesPartial5 src · DISA STIG Oracle Linux 9 2, DISA STIG Rhel 9 1, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-372Incomplete Internal State DistinctionPartial5 src · MITRE ATT&CK 3, CAPEC 2
CWE-681Incorrect Conversion between Numeric TypesPartial5 src · MITRE ATT&CK 5
CWE-824Access of Uninitialized PointerPartial5 src · MITRE ATT&CK 5
CWE-825Expired Pointer DereferencePartial5 src · MITRE ATT&CK 5
CWE-1007Insufficient Visual Distinction of Homoglyphs Presented to UserPartial4 src · MITRE ATT&CK 3, CAPEC 1
CWE-1067Excessive Execution of Sequential Searches of Data ResourcePartial4 src · OWASP ASVS 5.0 2, MITRE ATT&CK 2
CWE-1068Inconsistency Between Implementation and Documented DesignPartial4 src · DISA STIG Rhel 7 2, DISA STIG Oracle Linux 8 1, OWASP ASVS 5.0 1
CWE-1191On-Chip Debug and Test Interface With Improper Access ControlPartial4 src · MITRE ATT&CK 3, CAPEC 1
CWE-1224Improper Restriction of Write-Once Bit FieldsPartial4 src · MITRE ATT&CK 2, CAPEC 1, NIST CSF 2.0 1
CWE-1231Improper Prevention of Lock Bit ModificationPartial4 src · MITRE ATT&CK 3, CAPEC 1
CWE-1245Improper Finite State Machines (FSMs) in Hardware LogicPartial4 src · MITRE ATT&CK 3, CAPEC 1
CWE-1268Policy Privileges are not Assigned Consistently Between Control and Data AgentsPartial4 src · MITRE ATT&CK 2, CAPEC 1, NIST CSF 2.0 1
CWE-1270Generation of Incorrect Security TokensPartial4 src · CAPEC 2, MITRE ATT&CK 2
CWE-1272Sensitive Information Uncleared Before Debug/Power State TransitionPartial4 src · CAPEC 2, MITRE ATT&CK 2
CWE-1323Improper Management of Sensitive Trace DataPartial4 src · CAPEC 2, MITRE ATT&CK 2
CWE-167Improper Handling of Additional Special ElementPartial4 src · MITRE ATT&CK 4
CWE-203Observable DiscrepancyPartial4 src · MITRE ATT&CK 3, CAPEC 1
CWE-241Improper Handling of Unexpected Data TypePartial4 src · MITRE ATT&CK 3, CAPEC 1
CWE-676Use of Potentially Dangerous FunctionPartial4 src · MITRE ATT&CK 4
CWE-921Storage of Sensitive Data in a Mechanism without Access ControlPartial4 src · MITRE ATT&CK 4
CWE-112Missing XML ValidationPartial3 src · CAPEC 1, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-1221Incorrect Register Defaults or Module ParametersPartial3 src · MITRE ATT&CK 2, CAPEC 1
CWE-1260Improper Handling of Overlap Between Protected Memory RangesPartial3 src · CAPEC 2, MITRE ATT&CK 1
CWE-1264Hardware Logic with Insecure De-Synchronization between Control and Data ChannelsPartial3 src · CAPEC 2, OWASP Web Top 10 (2025) 1
CWE-1301Insufficient or Incomplete Data Removal within Hardware ComponentPartial3 src · MITRE ATT&CK 2, CAPEC 1
CWE-1312Missing Protection for Mirrored Regions in On-Chip Fabric FirewallPartial3 src · CAPEC 2, MITRE ATT&CK 1
CWE-1322Use of Blocking Code in Single-threaded, Non-blocking ContextPartial3 src · MITRE ATT&CK 2, OWASP ASVS 5.0 1
CWE-135Incorrect Calculation of Multi-Byte String LengthPartial3 src · MITRE ATT&CK 3
CWE-140Improper Neutralization of DelimitersPartial3 src · MITRE ATT&CK 2, CAPEC 1
CWE-170Improper Null TerminationPartial3 src · MITRE ATT&CK 3
CWE-197Numeric Truncation ErrorPartial3 src · MITRE ATT&CK 3
CWE-351Insufficient Type DistinctionPartial3 src · MITRE ATT&CK 2, OWASP ASVS 5.0 1
CWE-378Creation of Temporary File With Insecure PermissionsPartial3 src · MITRE ATT&CK 3
CWE-41Improper Resolution of Path EquivalencePartial3 src · MITRE ATT&CK 2, CAPEC 1
CWE-459Incomplete CleanupPartial3 src · MITRE ATT&CK 2, OWASP ASVS 5.0 1
CWE-468Incorrect Pointer ScalingPartial3 src · MITRE ATT&CK 3
CWE-476NULL Pointer DereferencePartial3 src · MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1
CWE-508Non-Replicating Malicious CodePartial3 src · DISA STIG Windows 10 1, DISA STIG Windows 11 1, DISA STIG Windows Server 2016 1
CWE-648Incorrect Use of Privileged APIsPartial3 src · MITRE ATT&CK 2, CAPEC 1
CWE-763Release of Invalid Pointer or ReferencePartial3 src · MITRE ATT&CK 3
CWE-804Guessable CAPTCHAPartial3 src · MITRE ATT&CK 3
CWE-826Premature Release of Resource During Expected LifetimePartial3 src · MITRE ATT&CK 3
CWE-835Loop with Unreachable Exit Condition ('Infinite Loop')Partial3 src · MITRE ATT&CK 3
CWE-911Improper Update of Reference CountPartial3 src · MITRE ATT&CK 3
CWE-1108Excessive Reliance on Global VariablesPartial2 src · OWASP ASVS 5.0 2
CWE-1278Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging TechniquesPartial2 src · CAPEC 2
CWE-1291Public Key Re-Use for Signing both Debug and Production CodePartial2 src · MITRE ATT&CK 2
CWE-1300Improper Protection of Physical Side ChannelsPartial2 src · CAPEC 2
CWE-1313Hardware Allows Activation of Test or Debug Logic at RuntimePartial2 src · CAPEC 1, MITRE ATT&CK 1
CWE-1319Improper Protection against Electromagnetic Fault Injection (EM-FI)Partial2 src · CAPEC 2
CWE-1334Unauthorized Error Injection Can Degrade Hardware RedundancyPartial2 src · CAPEC 1, MITRE ATT&CK 1
CWE-1386Insecure Operation on Windows Junction / Mount PointPartial2 src · OWASP ASVS 5.0 1, MITRE ATT&CK 1
CWE-1394Use of Default Cryptographic KeyPartial2 src · MITRE ATT&CK 2
CWE-178Improper Handling of Case SensitivityPartial2 src · MITRE ATT&CK 2
CWE-182Collapse of Data into Unsafe ValuePartial2 src · MITRE ATT&CK 2
CWE-202Exposure of Sensitive Information Through Data QueriesPartial2 src · MITRE ATT&CK 2
CWE-233Improper Handling of ParametersPartial2 src · MITRE ATT&CK 2
CWE-273Improper Check for Dropped PrivilegesPartial2 src · MITRE ATT&CK 2
CWE-385Covert Timing ChannelPartial2 src · CAPEC 1, MITRE ATT&CK 1
CWE-430Deployment of Wrong HandlerPartial2 src · CAPEC 1, MITRE ATT&CK 1
CWE-449The UI Performs the Wrong ActionPartial2 src · DISA STIG Ubuntu 22 04 1, MITRE ATT&CK 1
CWE-511Logic/Time BombPartial2 src · MITRE ATT&CK 2
CWE-645Overly Restrictive Account Lockout MechanismPartial2 src · CAPEC 1, MITRE ATT&CK 1
CWE-772Missing Release of Resource after Effective LifetimePartial2 src · CAPEC 1, MITRE ATT&CK 1
CWE-821Incorrect SynchronizationPartial2 src · MITRE ATT&CK 2
CWE-1051Initialization with Hard-Coded Network Resource Configuration DataPartial1 src · NIST CSF 2.0 1
CWE-1053Missing Documentation for DesignPartial1 src · OWASP ASVS 5.0 1
CWE-1057Data Access Operations Outside of Expected Data Manager ComponentPartial1 src · MITRE ATT&CK 1
CWE-1060Excessive Number of Inefficient Server-Side Data AccessesPartial1 src · OWASP ASVS 5.0 1
CWE-1066Missing Serialization Control ElementPartial1 src · MITRE ATT&CK 1
CWE-1072Data Resource Access without Use of Connection PoolingPartial1 src · MITRE ATT&CK 1
CWE-1088Synchronous Access of Remote Resource without TimeoutPartial1 src · MITRE ATT&CK 1
CWE-1100Insufficient Isolation of System-Dependent FunctionsPartial1 src · DISA STIG Oracle Linux 9 1
CWE-1106Insufficient Use of Symbolic ConstantsPartial1 src · OWASP ASVS 5.0 1
CWE-1109Use of Same Variable for Multiple PurposesPartial1 src · OWASP ASVS 5.0 1
CWE-1118Insufficient Documentation of Error Handling TechniquesPartial1 src · OWASP ASVS 5.0 1
CWE-1189Improper Isolation of Shared Resources on System-on-a-Chip (SoC)Partial1 src · CAPEC 1
CWE-1223Race Condition for Write-Once AttributesPartial1 src · CAPEC 1
CWE-1234Hardware Internal or Debug Modes Allow Override of LocksPartial1 src · CAPEC 1
CWE-1244Internal Asset Exposed to Unsafe Debug Access Level or StatePartial1 src · CAPEC 1
CWE-1246Improper Write Handling in Limited-write Non-Volatile MemoriesPartial1 src · CAPEC 1
CWE-1253Incorrect Selection of Fuse ValuesPartial1 src · CAPEC 1
CWE-1257Improper Access Control Applied to Mirrored or Aliased Memory RegionsPartial1 src · CAPEC 1
CWE-1259Improper Restriction of Security Token AssignmentPartial1 src · CAPEC 1
CWE-1273Device Unlock Credential SharingPartial1 src · NIST CSF 2.0 1
CWE-1277Firmware Not UpdateablePartial1 src · NIST CSF 2.0 1
CWE-1279Cryptographic Operations are run Before Supporting Units are ReadyPartial1 src · CAPEC 1
CWE-1281Sequence of Processor Instructions Leads to Unexpected BehaviorPartial1 src · CAPEC 1
CWE-1298Hardware Logic Contains Race ConditionsPartial1 src · CAPEC 1
CWE-1303Non-Transparent Sharing of Microarchitectural ResourcesPartial1 src · CAPEC 1
CWE-1304Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore OperationPartial1 src · CAPEC 1
CWE-1314Missing Write Protection for Parametric Data ValuesPartial1 src · CAPEC 1
CWE-1316Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected RangesPartial1 src · CAPEC 1
CWE-1320Improper Protection for Outbound Error Messages and Alert SignalsPartial1 src · MITRE ATT&CK 1
CWE-1342Information Exposure through Microarchitectural State after Transient ExecutionPartial1 src · CAPEC 1
CWE-1426Improper Validation of Generative AI OutputPartial1 src · NIST CSF 2.0 1
CWE-168Improper Handling of Inconsistent Special ElementsPartial1 src · MITRE ATT&CK 1
CWE-186Overly Restrictive Regular ExpressionPartial1 src · MITRE ATT&CK 1
CWE-421Race Condition During Access to Alternate ChannelPartial1 src · MITRE ATT&CK 1
CWE-469Use of Pointer Subtraction to Determine SizePartial1 src · MITRE ATT&CK 1
CWE-478Missing Default Case in Multiple Condition ExpressionPartial1 src · OWASP Web Top 10 (2025) 1
CWE-551Incorrect Behavior Order: Authorization Before Parsing and CanonicalizationPartial1 src · MITRE ATT&CK 1
CWE-562Return of Stack Variable AddressPartial1 src · MITRE ATT&CK 1
CWE-567Unsynchronized Access to Shared Data in a Multithreaded ContextPartial1 src · MITRE ATT&CK 1
CWE-625Permissive Regular ExpressionPartial1 src · MITRE ATT&CK 1
CWE-641Improper Restriction of Names for Files and Other ResourcesPartial1 src · MITRE ATT&CK 1
CWE-66Improper Handling of File Names that Identify Virtual ResourcesPartial1 src · MITRE ATT&CK 1
CWE-695Use of Low-Level FunctionalityPartial1 src · CAPEC 1
CWE-698Execution After Redirect (EAR)Partial1 src · MITRE ATT&CK 1
CWE-771Missing Reference to Active Allocated ResourcePartial1 src · MITRE ATT&CK 1
CWE-820Missing SynchronizationPartial1 src · MITRE ATT&CK 1
CWE-908Use of Uninitialized ResourcePartial1 src · MITRE ATT&CK 1
Variant
184/299 · 184 covered
CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)Full11 src · OWASP ASVS 5.0 4, MITRE ATT&CK 3, CAPEC 3, OWASP Web Top 10 (2025) 1
CWE-258Empty Password in Configuration FileFull10 src · MITRE ATT&CK 3, DISA STIG Oracle Linux 8 2, DISA STIG Oracle Linux 9 2, DISA STIG Rhel 7 2, OWASP Web Top 10 (2025) 1
CWE-337Predictable Seed in Pseudo-Random Number Generator (PRNG)Full9 src · OWASP ASVS 5.0 3, DISA STIG Oracle Linux 8 3, MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1
CWE-416Use After FreeFull9 src · MITRE ATT&CK 5, OWASP ASVS 5.0 1, DISA STIG Rhel 9 1, DISA STIG Oracle Linux 8 1, DISA STIG Rhel 8 1
CWE-539Use of Persistent Cookies Containing Sensitive InformationFull9 src · MITRE ATT&CK 4, CAPEC 4, OWASP Web Top 10 (2025) 1
CWE-95Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')Full9 src · MITRE ATT&CK 6, OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1, CAPEC 1
CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')Full8 src · OWASP ASVS 5.0 3, CAPEC 3, MITRE ATT&CK 1, OWASP Web Top 10 (2025) 1
CWE-180Incorrect Behavior Order: Validate Before CanonicalizeFull8 src · CAPEC 6, OWASP ASVS 5.0 1, MITRE ATT&CK 1
CWE-313Cleartext Storage in a File or on DiskFull8 src · MITRE ATT&CK 3, DISA STIG Oracle Linux 8 1, DISA STIG Oracle Linux 9 1, DISA STIG Rhel 8 1, DISA STIG Rhel 9 1, OWASP Web Top 10 (2025) 1
CWE-333Improper Handling of Insufficient Entropy in TRNGFull8 src · DISA STIG Oracle Linux 8 3, OWASP ASVS 5.0 2, DISA STIG Rhel 8 2, DISA STIG Oracle Linux 9 1
CWE-122Heap-based Buffer OverflowFull7 src · MITRE ATT&CK 5, OWASP ASVS 5.0 1, CAPEC 1
CWE-646Reliance on File Name or Extension of Externally-Supplied FileFull7 src · MITRE ATT&CK 6, OWASP Web Top 10 (2025) 1
CWE-784Reliance on Cookies without Validation and Integrity Checking in a Security DecisionFull7 src · MITRE ATT&CK 5, OWASP Web Top 10 (2025) 1, OWASP ASVS 5.0 1
CWE-332Insufficient Entropy in PRNGFull6 src · OWASP ASVS 5.0 2, OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 8 1, DISA STIG Rhel 8 1, MITRE ATT&CK 1
CWE-525Use of Web Browser Cache Containing Sensitive InformationFull6 src · OWASP ASVS 5.0 2, MITRE ATT&CK 2, CAPEC 1, OWASP Web Top 10 (2025) 1
CWE-553Command Shell in Externally Accessible DirectoryFull6 src · MITRE ATT&CK 5, CAPEC 1
CWE-614Sensitive Cookie in HTTPS Session Without 'Secure' AttributeFull6 src · MITRE ATT&CK 3, OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1, CAPEC 1
CWE-83Improper Neutralization of Script in Attributes in a Web PageFull6 src · CAPEC 2, MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1, OWASP ASVS 5.0 1
CWE-942Permissive Cross-domain Security Policy with Untrusted DomainsFull6 src · MITRE ATT&CK 3, OWASP ASVS 5.0 2, OWASP Web Top 10 (2025) 1
CWE-1321Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')Full5 src · MITRE ATT&CK 3, OWASP ASVS 5.0 1, CAPEC 1
CWE-146Improper Neutralization of Expression/Command DelimitersFull5 src · MITRE ATT&CK 2, CAPEC 2, OWASP Web Top 10 (2025) 1
CWE-291Reliance on IP Address for AuthenticationFull5 src · MITRE ATT&CK 3, OWASP Web Top 10 (2025) 1, CAPEC 1
CWE-57Path Equivalence: 'fakedir/../realdir/filename'Full5 src · OWASP ASVS 5.0 2, MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1
CWE-69Improper Handling of Windows ::DATA Alternate Data StreamFull5 src · MITRE ATT&CK 4, CAPEC 1
CWE-12ASP.NET Misconfiguration: Missing Custom Error PageFull4 src · MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1, NIST CSF 2.0 1
CWE-321Use of Hard-coded Cryptographic KeyFull4 src · MITRE ATT&CK 3, OWASP Web Top 10 (2025) 1
CWE-527Exposure of Version-Control Repository to an Unauthorized Control SphereFull4 src · MITRE ATT&CK 4
CWE-550Server-generated Error Message Containing Sensitive InformationFull4 src · MITRE ATT&CK 3, OWASP Web Top 10 (2025) 1
CWE-598Use of HTTP Request With Sensitive Query StringFull4 src · OWASP ASVS 5.0 2, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-647Use of Non-Canonical URL Paths for Authorization DecisionsFull4 src · OWASP ASVS 5.0 2, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-759Use of a One-Way Hash without a SaltFull4 src · MITRE ATT&CK 3, OWASP Web Top 10 (2025) 1
CWE-82Improper Neutralization of Script in Attributes of IMG Tags in a Web PageFull4 src · MITRE ATT&CK 3, OWASP ASVS 5.0 1
CWE-105Struts: Form Field Without ValidatorFull3 src · OWASP ASVS 5.0 2, OWASP Web Top 10 (2025) 1
CWE-11ASP.NET Misconfiguration: Creating Debug BinaryFull3 src · OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-1275Sensitive Cookie with Improper SameSite AttributeFull3 src · OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1, CAPEC 1
CWE-339Small Seed Space in PRNGFull3 src · OWASP ASVS 5.0 2, MITRE ATT&CK 1
CWE-37Path Traversal: '/absolute/pathname/here'Full3 src · MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1
CWE-38Path Traversal: '\absolute\pathname\here'Full3 src · MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1
CWE-5J2EE Misconfiguration: Data Transmission Without EncryptionFull3 src · MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1
CWE-564SQL Injection: HibernateFull3 src · OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1, CAPEC 1
CWE-6J2EE Misconfiguration: Insufficient Session-ID LengthFull3 src · CAPEC 2, MITRE ATT&CK 1
CWE-760Use of a One-Way Hash with a Predictable SaltFull3 src · OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-81Improper Neutralization of Script in an Error Message Web PageFull3 src · OWASP ASVS 5.0 1, CAPEC 1, MITRE ATT&CK 1
CWE-97Improper Neutralization of Server-Side Includes (SSI) Within a Web PageFull3 src · CAPEC 1, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-98Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')Full3 src · CAPEC 1, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-1174ASP.NET Misconfiguration: Improper Model ValidationFull2 src · OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-1385Missing Origin Validation in WebSocketsFull2 src · OWASP ASVS 5.0 1, MITRE ATT&CK 1
CWE-187Partial String ComparisonFull2 src · OWASP ASVS 5.0 1, MITRE ATT&CK 1
CWE-39Path Traversal: 'C:dirname'Full2 src · OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-40Path Traversal: '\\UNC\share\name\' (Windows UNC Share)Full2 src · OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-537Java Runtime Error Message Containing Sensitive InformationFull2 src · OWASP Web Top 10 (2025) 1, OWASP ASVS 5.0 1
CWE-566Authorization Bypass Through User-Controlled SQL Primary KeyFull2 src · OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-774Allocation of File Descriptors or Handles Without Limits or ThrottlingFull2 src · MITRE ATT&CK 2
CWE-780Use of RSA Algorithm without OAEPFull2 src · OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 8 1
CWE-87Improper Neutralization of Alternate XSS SyntaxFull2 src · CAPEC 1, MITRE ATT&CK 1
CWE-109Struts: Validator Turned OffFull1 src · OWASP ASVS 5.0 1
CWE-13ASP.NET Misconfiguration: Password in Configuration FileFull1 src · OWASP Web Top 10 (2025) 1
CWE-597Use of Wrong Operator in String ComparisonFull1 src · OWASP ASVS 5.0 1
CWE-277Insecure Inherited PermissionsMostly9 src · MITRE ATT&CK 4, DISA STIG Windows Server 2016 2, DISA STIG Windows Server 2019 2, DISA STIG Windows Server 2022 1
CWE-318Cleartext Storage of Sensitive Information in ExecutableMostly8 src · MITRE ATT&CK 3, CAPEC 2, DISA STIG Oracle Linux 8 1, DISA STIG Oracle Linux 9 1, DISA STIG Rhel 9 1
CWE-142Improper Neutralization of Value DelimitersMostly6 src · MITRE ATT&CK 5, OWASP ASVS 5.0 1
CWE-150Improper Neutralization of Escape, Meta, or Control SequencesMostly6 src · CAPEC 4, OWASP ASVS 5.0 1, MITRE ATT&CK 1
CWE-207Observable Behavioral Discrepancy With Equivalent ProductsMostly6 src · MITRE ATT&CK 3, OWASP ASVS 5.0 2, DISA STIG Oracle Linux 8 1
CWE-259Use of Hard-coded PasswordMostly6 src · MITRE ATT&CK 5, OWASP Web Top 10 (2025) 1
CWE-315Cleartext Storage of Sensitive Information in a CookieMostly6 src · CAPEC 4, MITRE ATT&CK 2
CWE-415Double FreeMostly6 src · MITRE ATT&CK 5, DISA STIG Oracle Linux 8 1
CWE-153Improper Neutralization of Substitution CharactersMostly5 src · MITRE ATT&CK 3, OWASP ASVS 5.0 2
CWE-314Cleartext Storage in the RegistryMostly5 src · MITRE ATT&CK 3, CAPEC 1, DISA STIG Oracle Linux 8 1
CWE-316Cleartext Storage of Sensitive Information in MemoryMostly5 src · MITRE ATT&CK 4, DISA STIG Oracle Linux 9 1
CWE-1004Sensitive Cookie Without 'HttpOnly' FlagMostly4 src · NIST CSF 2.0 2, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-158Improper Neutralization of Null Byte or NUL CharacterMostly4 src · CAPEC 2, OWASP ASVS 5.0 1, MITRE ATT&CK 1
CWE-177Improper Handling of URL Encoding (Hex Encoding)Mostly4 src · CAPEC 3, MITRE ATT&CK 1
CWE-297Improper Validation of Certificate with Host MismatchMostly4 src · MITRE ATT&CK 3, OWASP ASVS 5.0 1
CWE-336Same Seed in Pseudo-Random Number Generator (PRNG)Mostly4 src · OWASP ASVS 5.0 2, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-473PHP External Variable ModificationMostly4 src · OWASP ASVS 5.0 2, MITRE ATT&CK 1, CAPEC 1
CWE-650Trusting HTTP Permission Methods on the Server SideMostly4 src · OWASP ASVS 5.0 3, MITRE ATT&CK 1
CWE-84Improper Neutralization of Encoded URI Schemes in a Web PageMostly4 src · MITRE ATT&CK 4
CWE-1022Use of Web Link to Untrusted Target with window.opener AccessMostly3 src · OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-149Improper Neutralization of Quoting SyntaxMostly3 src · MITRE ATT&CK 2, CAPEC 1
CWE-28Path Traversal: '..\filedir'Mostly3 src · MITRE ATT&CK 3
CWE-535Exposure of Information Through Shell Error MessageMostly3 src · OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-599Missing Validation of OpenSSL CertificateMostly3 src · MITRE ATT&CK 2, OWASP ASVS 5.0 1
CWE-65Windows Hard LinkMostly3 src · MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1
CWE-792Incomplete Filtering of One or More Instances of Special ElementsMostly3 src · MITRE ATT&CK 3
CWE-830Inclusion of Web Functionality from an Untrusted SourceMostly3 src · MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1
CWE-219Storage of File with Sensitive Data Under Web RootMostly2 src · OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-29Path Traversal: '\..\filename'Mostly2 src · MITRE ATT&CK 2
CWE-293Using Referer Field for AuthenticationMostly2 src · OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-401Missing Release of Memory after Effective LifetimeMostly2 src · MITRE ATT&CK 2
CWE-433Unparsed Raw Web Content DeliveryMostly2 src · OWASP ASVS 5.0 1, MITRE ATT&CK 1
CWE-526Cleartext Storage of Sensitive Information in an Environment VariableMostly2 src · OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-529Exposure of Access Control List Files to an Unauthorized Control SphereMostly2 src · OWASP ASVS 5.0 1, MITRE ATT&CK 1
CWE-541Inclusion of Sensitive Information in an Include FileMostly2 src · MITRE ATT&CK 2
CWE-548Exposure of Information Through Directory ListingMostly2 src · OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-555J2EE Misconfiguration: Plaintext Password in Configuration FileMostly2 src · MITRE ATT&CK 2
CWE-600Uncaught Exception in ServletMostly2 src · OWASP ASVS 5.0 1, MITRE ATT&CK 1
CWE-618Exposed Unsafe ActiveX MethodMostly2 src · MITRE ATT&CK 2
CWE-644Improper Neutralization of HTTP Headers for Scripting SyntaxMostly2 src · OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-782Exposed IOCTL with Insufficient Access ControlMostly2 src · OWASP ASVS 5.0 1, MITRE ATT&CK 1
CWE-789Memory Allocation with Excessive Size ValueMostly2 src · MITRE ATT&CK 2
CWE-925Improper Verification of Intent by Broadcast ReceiverMostly2 src · MITRE ATT&CK 1, CAPEC 1
CWE-1069Empty Exception BlockMostly1 src · OWASP Web Top 10 (2025) 1
CWE-1096Singleton Class Instance Creation without Proper Locking or SynchronizationMostly1 src · OWASP ASVS 5.0 1
CWE-234Failure to Handle Missing ParameterMostly1 src · OWASP Web Top 10 (2025) 1
CWE-25Path Traversal: '/../filedir'Mostly1 src · MITRE ATT&CK 1
CWE-26Path Traversal: '/dir/../filename'Mostly1 src · MITRE ATT&CK 1
CWE-27Path Traversal: 'dir/../../filename'Mostly1 src · MITRE ATT&CK 1
CWE-329Generation of Predictable IV with CBC ModeMostly1 src · OWASP Web Top 10 (2025) 1
CWE-422Unprotected Windows Messaging Channel ('Shatter')Mostly1 src · MITRE ATT&CK 1
CWE-495Private Data Structure Returned From A Public MethodMostly1 src · OWASP ASVS 5.0 1
CWE-50Path Equivalence: '//multiple/leading/slash'Mostly1 src · MITRE ATT&CK 1
CWE-806Buffer Access Using Size of Source BufferMostly1 src · OWASP ASVS 5.0 1
CWE-926Improper Export of Android Application ComponentsMostly1 src · MITRE ATT&CK 1
CWE-173Improper Handling of Alternate EncodingPartial17 src · CAPEC 12, OWASP ASVS 5.0 3, MITRE ATT&CK 2
CWE-121Stack-based Buffer OverflowPartial7 src · MITRE ATT&CK 5, DISA STIG Oracle Linux 8 1, DISA STIG Oracle Linux 9 1
CWE-230Improper Handling of Missing ValuesPartial6 src · DISA STIG Oracle Linux 8 4, DISA STIG Rhel 7 1, DISA STIG Ubuntu 24 04 1
CWE-127Buffer Under-readPartial5 src · MITRE ATT&CK 5
CWE-129Improper Validation of Array IndexPartial5 src · MITRE ATT&CK 4, CAPEC 1
CWE-164Improper Neutralization of Internal Special ElementsPartial5 src · MITRE ATT&CK 4, OWASP ASVS 5.0 1
CWE-192Integer Coercion ErrorPartial5 src · MITRE ATT&CK 5
CWE-195Signed to Unsigned Conversion ErrorPartial5 src · MITRE ATT&CK 5
CWE-370Missing Check for Certificate Revocation after Initial CheckPartial5 src · MITRE ATT&CK 2, CAPEC 1, DISA STIG Rhel 7 1, DISA STIG Ubuntu 24 04 1
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web PagesPartial5 src · CAPEC 2, MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1
CWE-157Failure to Sanitize Paired DelimitersPartial4 src · MITRE ATT&CK 3, CAPEC 1
CWE-176Improper Handling of Unicode EncodingPartial4 src · MITRE ATT&CK 3, CAPEC 1
CWE-528Exposure of Core Dump File to an Unauthorized Control SpherePartial4 src · MITRE ATT&CK 3, DISA STIG Oracle Linux 8 1
CWE-530Exposure of Backup File to an Unauthorized Control SpherePartial4 src · MITRE ATT&CK 4
CWE-591Sensitive Data Storage in Improperly Locked MemoryPartial4 src · MITRE ATT&CK 2, NIST CSF 2.0 1, DISA STIG Oracle Linux 8 1
CWE-1222Insufficient Granularity of Address Regions Protected by Register LocksPartial3 src · MITRE ATT&CK 2, CAPEC 1
CWE-154Improper Neutralization of Variable Name DelimitersPartial3 src · MITRE ATT&CK 3
CWE-194Unexpected Sign ExtensionPartial3 src · MITRE ATT&CK 3
CWE-350Reliance on Reverse DNS Resolution for a Security-Critical ActionPartial3 src · CAPEC 2, MITRE ATT&CK 1
CWE-588Attempt to Access Child of a Non-structure PointerPartial3 src · MITRE ATT&CK 3
CWE-615Inclusion of Sensitive Information in Source Code CommentsPartial3 src · MITRE ATT&CK 3
CWE-627Dynamic Variable EvaluationPartial3 src · MITRE ATT&CK 3
CWE-64Windows Shortcut Following (.LNK)Partial3 src · MITRE ATT&CK 2, OWASP ASVS 5.0 1
CWE-761Free of Pointer not at Start of BufferPartial3 src · MITRE ATT&CK 2, OWASP ASVS 5.0 1
CWE-762Mismatched Memory Management RoutinesPartial3 src · MITRE ATT&CK 3
CWE-126Buffer Over-readPartial2 src · MITRE ATT&CK 2
CWE-147Improper Neutralization of Input TerminatorsPartial2 src · CAPEC 1, MITRE ATT&CK 1
CWE-162Improper Neutralization of Trailing Special ElementsPartial2 src · MITRE ATT&CK 2
CWE-231Improper Handling of Extra ValuesPartial2 src · MITRE ATT&CK 2
CWE-235Improper Handling of Extra ParametersPartial2 src · CAPEC 1, MITRE ATT&CK 1
CWE-24Path Traversal: '../filedir'Partial2 src · MITRE ATT&CK 2
CWE-244Improper Clearing of Heap Memory Before Release ('Heap Inspection')Partial2 src · MITRE ATT&CK 2
CWE-298Improper Validation of Certificate ExpirationPartial2 src · MITRE ATT&CK 2
CWE-35Path Traversal: '.../...//'Partial2 src · MITRE ATT&CK 2
CWE-44Path Equivalence: 'file.name' (Internal Dot)Partial2 src · MITRE ATT&CK 2
CWE-467Use of sizeof() on a Pointer TypePartial2 src · MITRE ATT&CK 2
CWE-499Serializable Class Containing Sensitive DataPartial2 src · MITRE ATT&CK 2
CWE-556ASP.NET Misconfiguration: Use of Identity ImpersonationPartial2 src · MITRE ATT&CK 2
CWE-621Variable Extraction ErrorPartial2 src · OWASP ASVS 5.0 1, MITRE ATT&CK 1
CWE-622Improper Validation of Function Hook ArgumentsPartial2 src · MITRE ATT&CK 2
CWE-623Unsafe ActiveX Control Marked Safe For ScriptingPartial2 src · MITRE ATT&CK 2
CWE-794Incomplete Filtering of Multiple Instances of Special ElementsPartial2 src · MITRE ATT&CK 2
CWE-85Doubled Character XSS ManipulationsPartial2 src · CAPEC 1, MITRE ATT&CK 1
CWE-102Struts: Duplicate Validation FormsPartial1 src · MITRE ATT&CK 1
CWE-1255Comparison Logic is Vulnerable to Power Side-Channel AttacksPartial1 src · CAPEC 1
CWE-141Improper Neutralization of Parameter/Argument DelimitersPartial1 src · MITRE ATT&CK 1
CWE-144Improper Neutralization of Line DelimitersPartial1 src · MITRE ATT&CK 1
CWE-160Improper Neutralization of Leading Special ElementsPartial1 src · MITRE ATT&CK 1
CWE-196Unsigned to Signed Conversion ErrorPartial1 src · CAPEC 1
CWE-236Improper Handling of Undefined ParametersPartial1 src · MITRE ATT&CK 1
CWE-279Incorrect Execution-Assigned PermissionsPartial1 src · MITRE ATT&CK 1
CWE-30Path Traversal: '\dir\..\filename'Partial1 src · MITRE ATT&CK 1
CWE-31Path Traversal: 'dir\..\..\filename'Partial1 src · MITRE ATT&CK 1
CWE-317Cleartext Storage of Sensitive Information in GUIPartial1 src · MITRE ATT&CK 1
CWE-32Path Traversal: '...' (Triple Dot)Partial1 src · MITRE ATT&CK 1
CWE-34Path Traversal: '....//'Partial1 src · MITRE ATT&CK 1
CWE-42Path Equivalence: 'filename.' (Trailing Dot)Partial1 src · MITRE ATT&CK 1
CWE-43Path Equivalence: 'filename....' (Multiple Trailing Dot)Partial1 src · MITRE ATT&CK 1
CWE-491Public cloneable() Method Without Final ('Object Hijack')Partial1 src · MITRE ATT&CK 1
CWE-520.NET Misconfiguration: Use of ImpersonationPartial1 src · MITRE ATT&CK 1
CWE-531Inclusion of Sensitive Information in Test CodePartial1 src · MITRE ATT&CK 1
CWE-590Free of Memory not on the HeapPartial1 src · MITRE ATT&CK 1
CWE-605Multiple Binds to the Same PortPartial1 src · MITRE ATT&CK 1
CWE-616Incomplete Identification of Uploaded File Variables (PHP)Partial1 src · MITRE ATT&CK 1
CWE-62UNIX Hard LinkPartial1 src · MITRE ATT&CK 1
CWE-67Improper Handling of Windows Device NamesPartial1 src · MITRE ATT&CK 1
CWE-775Missing Release of File Descriptor or Handle after Effective LifetimePartial1 src · MITRE ATT&CK 1
CWE-777Regular Expression without AnchorsPartial1 src · MITRE ATT&CK 1
CWE-8J2EE Misconfiguration: Entity Bean Declared RemotePartial1 src · OWASP ASVS 5.0 1
CWE-827Improper Control of Document Type DefinitionPartial1 src · MITRE ATT&CK 1
CWE-927Use of Implicit Intent for Sensitive CommunicationPartial1 src · MITRE ATT&CK 1
Class
94/114 · 94 covered
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')Full52 src · CAPEC 32, MITRE ATT&CK 11, OWASP ASVS 5.0 8, OWASP Web Top 10 (2025) 1
CWE-287Improper AuthenticationFull40 src · OWASP ASVS 5.0 11, CAPEC 9, NIST CSF 2.0 6, MITRE ATT&CK 5, DISA STIG Rhel 7 3, DISA STIG Ubuntu 24 04 2, OWASP Web Top 10 (2025) 1, DISA STIG Ubuntu 22 04 1, DISA STIG Oracle Linux 8 1, DISA STIG Rhel 8 1
CWE-285Improper AuthorizationFull36 src · MITRE ATT&CK 13, CAPEC 12, NIST CSF 2.0 4, DISA STIG Rhel 7 3, DISA STIG Oracle Linux 8 2, OWASP Web Top 10 (2025) 1, DISA STIG Rhel 8 1
CWE-732Incorrect Permission Assignment for Critical ResourceFull29 src · MITRE ATT&CK 13, CAPEC 8, DISA STIG Windows Server 2016 2, DISA STIG Windows Server 2019 2, DISA STIG Windows Server 2022 2, OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 8 1
CWE-311Missing Encryption of Sensitive DataFull27 src · CAPEC 10, MITRE ATT&CK 8, NIST CSF 2.0 2, DISA STIG Windows Server 2019 1, DISA STIG Oracle Linux 8 1, DISA STIG Oracle Linux 9 1, DISA STIG Rhel 8 1, DISA STIG Rhel 9 1, DISA STIG Windows Server 2016 1, OWASP Web Top 10 (2025) 1
CWE-1390Weak AuthenticationFull26 src · MITRE ATT&CK 11, OWASP ASVS 5.0 8, OWASP Web Top 10 (2025) 1, DISA STIG Rhel 7 1, DISA STIG Rhel 8 1, DISA STIG Ubuntu 22 04 1, DISA STIG Windows 10 1, DISA STIG Windows 11 1, DISA STIG Oracle Linux 8 1
CWE-522Insufficiently Protected CredentialsFull26 src · MITRE ATT&CK 12, CAPEC 12, OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1
CWE-346Origin Validation ErrorFull23 src · CAPEC 12, MITRE ATT&CK 7, DISA STIG Oracle Linux 8 3, OWASP Web Top 10 (2025) 1
CWE-300Channel Accessible by Non-EndpointFull22 src · CAPEC 9, MITRE ATT&CK 6, DISA STIG Oracle Linux 8 4, DISA STIG Oracle Linux 9 1, OWASP ASVS 5.0 1, OWASP Web Top 10 (2025) 1
CWE-114Process ControlFull19 src · MITRE ATT&CK 8, DISA STIG Oracle Linux 8 3, CAPEC 2, OWASP Web Top 10 (2025) 1, DISA STIG Windows 10 1, DISA STIG Windows 11 1, DISA STIG Windows Server 2016 1, DISA STIG Windows Server 2019 1, DISA STIG Windows Server 2022 1
CWE-668Exposure of Resource to Wrong SphereFull19 src · MITRE ATT&CK 10, DISA STIG Oracle Linux 8 2, OWASP Web Top 10 (2025) 1, DISA STIG Windows 11 1, DISA STIG Windows Server 2019 1, DISA STIG Rhel 7 1, DISA STIG Windows 10 1, DISA STIG Windows Server 2016 1, DISA STIG Windows Server 2022 1
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')Full19 src · MITRE ATT&CK 8, CAPEC 6, OWASP ASVS 5.0 4, OWASP Web Top 10 (2025) 1
CWE-602Client-Side Enforcement of Server-Side SecurityFull18 src · CAPEC 11, OWASP ASVS 5.0 5, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-923Improper Restriction of Communication Channel to Intended EndpointsFull18 src · MITRE ATT&CK 6, CAPEC 4, OWASP ASVS 5.0 3, DISA STIG Oracle Linux 8 2, DISA STIG Rhel 8 2, DISA STIG Rhel 7 1
CWE-327Use of a Broken or Risky Cryptographic AlgorithmFull17 src · CAPEC 7, MITRE ATT&CK 2, DISA STIG Windows 10 1, DISA STIG Windows Server 2019 1, DISA STIG Windows Server 2022 1, OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 8 1, DISA STIG Windows 11 1, DISA STIG Windows Server 2016 1, NIST CSF 2.0 1
CWE-330Use of Insufficiently Random ValuesFull16 src · MITRE ATT&CK 4, DISA STIG Oracle Linux 8 3, DISA STIG Rhel 8 3, CAPEC 3, OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 9 1, DISA STIG Rhel 9 1
CWE-506Embedded Malicious CodeFull16 src · MITRE ATT&CK 10, CAPEC 3, DISA STIG Oracle Linux 9 1, DISA STIG Rhel 9 1, OWASP Web Top 10 (2025) 1
CWE-636Not Failing Securely ('Failing Open')Full13 src · OWASP ASVS 5.0 12, OWASP Web Top 10 (2025) 1
CWE-653Improper Isolation or CompartmentalizationFull13 src · MITRE ATT&CK 6, DISA STIG Rhel 9 2, OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 9 1, DISA STIG Windows 10 1, DISA STIG Windows 11 1, DISA STIG Windows Server 2016 1
CWE-863Incorrect AuthorizationFull13 src · MITRE ATT&CK 8, DISA STIG Oracle Linux 8 2, OWASP Web Top 10 (2025) 1, DISA STIG Rhel 7 1, DISA STIG Rhel 8 1
CWE-326Inadequate Encryption StrengthFull12 src · CAPEC 3, OWASP ASVS 5.0 2, MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 9 1, DISA STIG Rhel 8 1, DISA STIG Rhel 9 1, DISA STIG Windows Server 2016 1
CWE-405Asymmetric Resource Consumption (Amplification)Full12 src · MITRE ATT&CK 6, DISA STIG Oracle Linux 8 2, DISA STIG Oracle Linux 9 2, DISA STIG Rhel 8 2
CWE-116Improper Encoding or Escaping of OutputFull11 src · MITRE ATT&CK 4, OWASP ASVS 5.0 3, CAPEC 3, OWASP Web Top 10 (2025) 1
CWE-799Improper Control of Interaction FrequencyFull11 src · MITRE ATT&CK 10, OWASP Web Top 10 (2025) 1
CWE-862Missing AuthorizationFull11 src · MITRE ATT&CK 5, DISA STIG Rhel 7 2, DISA STIG Oracle Linux 8 2, OWASP Web Top 10 (2025) 1, CAPEC 1
CWE-410Insufficient Resource PoolFull10 src · MITRE ATT&CK 3, OWASP ASVS 5.0 2, DISA STIG Oracle Linux 9 2, DISA STIG Rhel 8 2, DISA STIG Oracle Linux 8 1
CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')Full9 src · OWASP ASVS 5.0 5, CAPEC 2, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-657Violation of Secure Design PrinciplesFull9 src · DISA STIG Windows Server 2016 2, DISA STIG Windows Server 2019 2, DISA STIG Windows Server 2022 2, OWASP Web Top 10 (2025) 1, DISA STIG Ubuntu 24 04 1, DISA STIG Ubuntu 22 04 1
CWE-662Improper SynchronizationFull9 src · CAPEC 4, OWASP ASVS 5.0 3, MITRE ATT&CK 2
CWE-400Uncontrolled Resource ConsumptionFull8 src · MITRE ATT&CK 5, CAPEC 3
CWE-754Improper Check for Unusual or Exceptional ConditionsFull6 src · DISA STIG Oracle Linux 8 2, MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 9 1
CWE-1395Dependency on Vulnerable Third-Party ComponentFull5 src · NIST CSF 2.0 2, OWASP ASVS 5.0 2, OWASP Web Top 10 (2025) 1
CWE-1164Irrelevant CodeFull1 src · OWASP ASVS 5.0 1
CWE-200Exposure of Sensitive Information to an Unauthorized ActorMostly101 src · CAPEC 43, MITRE ATT&CK 31, NIST CSF 2.0 15, OWASP ASVS 5.0 4, DISA STIG Ubuntu 24 04 2, DISA STIG Windows Server 2016 1, DISA STIG Windows Server 2019 1, DISA STIG Windows Server 2022 1, OWASP Web Top 10 (2025) 1, DISA STIG Ubuntu 22 04 1, DISA STIG Windows 10 1
CWE-345Insufficient Verification of Data AuthenticityMostly39 src · MITRE ATT&CK 16, CAPEC 12, DISA STIG Oracle Linux 8 2, DISA STIG Rhel 7 2, DISA STIG Rhel 8 2, NIST CSF 2.0 1, OWASP ASVS 5.0 1, DISA STIG Oracle Linux 9 1, DISA STIG Rhel 9 1, OWASP Web Top 10 (2025) 1
CWE-1357Reliance on Insufficiently Trustworthy ComponentMostly36 src · NIST CSF 2.0 18, OWASP ASVS 5.0 5, MITRE ATT&CK 4, DISA STIG Oracle Linux 9 3, DISA STIG Oracle Linux 8 2, DISA STIG Rhel 7 2, DISA STIG Rhel 8 1, OWASP Web Top 10 (2025) 1
CWE-1391Use of Weak CredentialsMostly23 src · MITRE ATT&CK 7, NIST CSF 2.0 6, OWASP ASVS 5.0 4, DISA STIG Oracle Linux 8 3, OWASP Web Top 10 (2025) 1, DISA STIG Rhel 7 1, DISA STIG Rhel 8 1
CWE-269Improper Privilege ManagementMostly20 src · MITRE ATT&CK 7, NIST CSF 2.0 4, CAPEC 3, DISA STIG Windows 10 1, DISA STIG Windows 11 1, DISA STIG Windows Server 2016 1, DISA STIG Windows Server 2019 1, DISA STIG Windows Server 2022 1, OWASP Web Top 10 (2025) 1
CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferMostly19 src · CAPEC 12, MITRE ATT&CK 6, OWASP ASVS 5.0 1
CWE-642External Control of Critical State DataMostly16 src · MITRE ATT&CK 9, DISA STIG Oracle Linux 9 2, CAPEC 2, DISA STIG Oracle Linux 8 1, OWASP Web Top 10 (2025) 1, DISA STIG Rhel 7 1
CWE-451User Interface (UI) Misrepresentation of Critical InformationMostly15 src · MITRE ATT&CK 9, CAPEC 5, OWASP Web Top 10 (2025) 1
CWE-286Incorrect User ManagementMostly13 src · MITRE ATT&CK 10, DISA STIG Oracle Linux 9 1, DISA STIG Rhel 9 1, OWASP Web Top 10 (2025) 1
CWE-282Improper Ownership ManagementMostly10 src · MITRE ATT&CK 7, OWASP Web Top 10 (2025) 1, CAPEC 1, DISA STIG Windows Server 2016 1
CWE-1263Improper Physical Access ControlMostly9 src · MITRE ATT&CK 4, DISA STIG Oracle Linux 8 2, DISA STIG Rhel 7 2, CAPEC 1
CWE-340Generation of Predictable Numbers or IdentifiersMostly9 src · MITRE ATT&CK 3, DISA STIG Oracle Linux 8 2, DISA STIG Rhel 7 1, OWASP ASVS 5.0 1, DISA STIG Rhel 8 1, OWASP Web Top 10 (2025) 1
CWE-913Improper Control of Dynamically-Managed Code ResourcesMostly9 src · MITRE ATT&CK 7, DISA STIG Windows 10 1, DISA STIG Windows 11 1
CWE-922Insecure Storage of Sensitive InformationMostly9 src · MITRE ATT&CK 5, DISA STIG Windows Server 2016 2, OWASP Web Top 10 (2025) 1, DISA STIG Windows Server 2019 1
CWE-138Improper Neutralization of Special ElementsMostly8 src · MITRE ATT&CK 5, CAPEC 3
CWE-402Transmission of Private Resources into a New Sphere ('Resource Leak')Mostly8 src · MITRE ATT&CK 4, OWASP ASVS 5.0 1, DISA STIG Oracle Linux 8 1, OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 9 1
CWE-424Improper Protection of Alternate PathMostly8 src · CAPEC 2, OWASP Web Top 10 (2025) 1, DISA STIG Oracle Linux 9 1, DISA STIG Rhel 9 1, DISA STIG Ubuntu 22 04 1, DISA STIG Ubuntu 24 04 1, MITRE ATT&CK 1
CWE-441Unintended Proxy or Intermediary ('Confused Deputy')Mostly8 src · OWASP ASVS 5.0 3, CAPEC 2, MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1
CWE-790Improper Filtering of Special ElementsMostly8 src · MITRE ATT&CK 8
CWE-912Hidden FunctionalityMostly6 src · MITRE ATT&CK 4, CAPEC 2
CWE-1023Incomplete Comparison with Missing FactorsMostly5 src · OWASP ASVS 5.0 4, MITRE ATT&CK 1
CWE-656Reliance on Security Through ObscurityMostly5 src · MITRE ATT&CK 3, OWASP Web Top 10 (2025) 1, OWASP ASVS 5.0 1
CWE-75Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)Mostly5 src · MITRE ATT&CK 3, CAPEC 2
CWE-514Covert ChannelMostly4 src · MITRE ATT&CK 4
CWE-841Improper Enforcement of Behavioral WorkflowMostly4 src · MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1, OWASP ASVS 5.0 1
CWE-407Inefficient Algorithmic ComplexityMostly3 src · MITRE ATT&CK 2, OWASP ASVS 5.0 1
CWE-638Not Using Complete MediationMostly3 src · OWASP ASVS 5.0 2, CAPEC 1
CWE-673External Influence of Sphere DefinitionMostly3 src · MITRE ATT&CK 2, DISA STIG Rhel 8 1
CWE-674Uncontrolled RecursionMostly3 src · CAPEC 2, MITRE ATT&CK 1
CWE-755Improper Handling of Exceptional ConditionsMostly3 src · MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1
CWE-1229Creation of Emergent ResourceMostly2 src · OWASP ASVS 5.0 2
CWE-406Insufficient Control of Network Message Volume (Network Amplification)Mostly2 src · MITRE ATT&CK 2
CWE-671Lack of Administrator Control over SecurityMostly2 src · OWASP Web Top 10 (2025) 1, OWASP ASVS 5.0 1
CWE-834Excessive IterationMostly2 src · MITRE ATT&CK 2
CWE-943Improper Neutralization of Special Elements in Data Query LogicMostly2 src · MITRE ATT&CK 1, CAPEC 1
CWE-221Information Loss or OmissionMostly1 src · OWASP Web Top 10 (2025) 1
CWE-669Incorrect Resource Transfer Between SpheresMostly1 src · MITRE ATT&CK 1
CWE-670Always-Incorrect Control Flow ImplementationMostly1 src · OWASP ASVS 5.0 1
CWE-20Improper Input ValidationPartial57 src · CAPEC 50, MITRE ATT&CK 5, DISA STIG Rhel 8 1, OWASP Web Top 10 (2025) 1
CWE-118Incorrect Access of Indexable Resource ('Range Error')Partial14 src · CAPEC 8, MITRE ATT&CK 6
CWE-172Encoding ErrorPartial13 src · CAPEC 10, MITRE ATT&CK 3
CWE-1059Insufficient Technical DocumentationPartial11 src · OWASP ASVS 5.0 10, NIST CSF 2.0 1
CWE-706Use of Incorrectly-Resolved Name or ReferencePartial7 src · CAPEC 4, MITRE ATT&CK 3
CWE-99Improper Control of Resource Identifiers ('Resource Injection')Partial7 src · OWASP ASVS 5.0 4, CAPEC 1, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-436Interpretation ConflictPartial6 src · CAPEC 3, MITRE ATT&CK 2, OWASP Web Top 10 (2025) 1
CWE-667Improper LockingPartial6 src · CAPEC 3, MITRE ATT&CK 3
CWE-758Reliance on Undefined, Unspecified, or Implementation-Defined BehaviorPartial6 src · MITRE ATT&CK 6
CWE-159Improper Handling of Invalid Use of Special ElementsPartial5 src · MITRE ATT&CK 4, OWASP Web Top 10 (2025) 1
CWE-704Incorrect Type Conversion or CastPartial5 src · MITRE ATT&CK 5
CWE-271Privilege Dropping / Lowering ErrorsPartial4 src · MITRE ATT&CK 4
CWE-610Externally Controlled Reference to a Resource in Another SpherePartial4 src · MITRE ATT&CK 2, CAPEC 1, DISA STIG Oracle Linux 8 1
CWE-672Operation on a Resource after Expiration or ReleasePartial4 src · MITRE ATT&CK 4
CWE-1061Insufficient EncapsulationPartial3 src · OWASP ASVS 5.0 3
CWE-1177Use of Prohibited CodePartial3 src · OWASP ASVS 5.0 2, NIST CSF 2.0 1
CWE-185Incorrect Regular ExpressionPartial3 src · CAPEC 2, MITRE ATT&CK 1
CWE-404Improper Resource Shutdown or ReleasePartial3 src · MITRE ATT&CK 2, CAPEC 1
CWE-228Improper Handling of Syntactically Invalid StructurePartial2 src · MITRE ATT&CK 2
CWE-377Insecure Temporary FilePartial2 src · CAPEC 2
CWE-446UI Discrepancy for Security FeaturePartial2 src · MITRE ATT&CK 2
CWE-684Incorrect Provision of Specified FunctionalityPartial1 src · DISA STIG Rhel 9 1
CWE-696Incorrect Behavior OrderPartial1 src · CAPEC 1
Pillar
9/10 · 9 covered
CWE-284Improper Access ControlFull71 src · MITRE ATT&CK 34, CAPEC 17, NIST CSF 2.0 10, DISA STIG Oracle Linux 9 2, DISA STIG Oracle Linux 8 2, DISA STIG Rhel 7 2, DISA STIG Rhel 8 2, OWASP Web Top 10 (2025) 1, OWASP ASVS 5.0 1
CWE-693Protection Mechanism FailureFull56 src · MITRE ATT&CK 27, CAPEC 17, OWASP ASVS 5.0 3, DISA STIG Windows 10 2, DISA STIG Oracle Linux 8 2, DISA STIG Windows Server 2016 1, DISA STIG Windows Server 2019 1, DISA STIG Windows Server 2022 1, DISA STIG Windows 11 1, OWASP Web Top 10 (2025) 1
CWE-703Improper Check or Handling of Exceptional ConditionsFull7 src · MITRE ATT&CK 6, OWASP Web Top 10 (2025) 1
CWE-664Improper Control of a Resource Through its LifetimeMostly21 src · MITRE ATT&CK 13, CAPEC 5, DISA STIG Windows Server 2016 2, DISA STIG Windows Server 2019 1
CWE-707Improper NeutralizationMostly21 src · CAPEC 16, MITRE ATT&CK 3, OWASP ASVS 5.0 1, DISA STIG Oracle Linux 9 1
CWE-691Insufficient Control Flow ManagementMostly19 src · MITRE ATT&CK 16, CAPEC 1, DISA STIG Windows 10 1, DISA STIG Windows 11 1
CWE-435Improper Interaction Between Multiple Correctly-Behaving EntitiesMostly5 src · OWASP ASVS 5.0 5
CWE-697Incorrect ComparisonPartial27 src · CAPEC 22, MITRE ATT&CK 5
CWE-682Incorrect CalculationPartial7 src · MITRE ATT&CK 5, CAPEC 2
Compound
7/7 · 7 covered
CWE-384Session FixationFull10 src · CAPEC 6, OWASP ASVS 5.0 2, OWASP Web Top 10 (2025) 1, MITRE ATT&CK 1
CWE-352Cross-Site Request Forgery (CSRF)Full7 src · OWASP ASVS 5.0 3, CAPEC 3, OWASP Web Top 10 (2025) 1
CWE-61UNIX Symbolic Link (Symlink) FollowingMostly5 src · DISA STIG Oracle Linux 8 1, OWASP Web Top 10 (2025) 1, CAPEC 1, OWASP ASVS 5.0 1, MITRE ATT&CK 1
CWE-680Integer Overflow to Buffer OverflowPartial9 src · CAPEC 5, MITRE ATT&CK 4
CWE-692Incomplete Denylist to Cross-Site ScriptingPartial5 src · CAPEC 4, MITRE ATT&CK 1
CWE-690Unchecked Return Value to NULL Pointer DereferencePartial2 src · MITRE ATT&CK 2
CWE-689Permission Race Condition During Resource CopyPartial1 src · CAPEC 1

"Cumulative" here means breadth of corroboration, not summed coverage: overlapping partial mappings are NOT added up into "full". The headline per control is the best-attested single mapping, shown alongside the count and source frameworks behind it.