View: Weaknesses in the 2024 CWE Top 25 Most Dangerous Software Weaknesses
Draft
Type: Graph
Objective
CWE entries in this view are listed in the 2024 CWE Top 25 Most Dangerous Software Weaknesses.
Audience
| Type | Description |
|---|---|
| Software Developers | By following the CWE Top 25, developers are able to significantly reduce the number of weaknesses that occur in their software. |
| Product Customers | Customers can use the weaknesses in this view in order to formulate independent evidence of a claim by a product vendor to have eliminated / mitigated the most dangerous weaknesses. |
| Educators | Educators can use this view to focus curriculum and teachings on the most dangerous weaknesses. |
Relationships
Out-of-bounds Write- (CWE-787)
Cross-Site Request Forgery (CSRF)- (CWE-352)
Out-of-bounds Read- (CWE-125)
Use After Free- (CWE-416)
Missing Authorization- (CWE-862)
Improper Input Validation- (CWE-20)
Improper Authentication- (CWE-287)
Improper Privilege Management- (CWE-269)
Deserialization of Untrusted Data- (CWE-502)
Incorrect Authorization- (CWE-863)
Server-Side Request Forgery (SSRF)- (CWE-918)
NULL Pointer Dereference- (CWE-476)
Use of Hard-coded Credentials- (CWE-798)
Integer Overflow or Wraparound- (CWE-190)
Uncontrolled Resource Consumption- (CWE-400)
Missing Authentication for Critical Function- (CWE-306)
Mapping Notes
Usage: Prohibited
Reasons: View
Rationale:
This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.
Comment:
Use this View or other Views to search and navigate for the appropriate weakness.