2023 CWE Top 25 Most Dangerous Software Weaknesses
Often easy to find and exploit, these can lead to exploitable vulnerabilities that allow adversaries to completely take over a system, steal data, or prevent applications from working.
- Rank
- ID
- Name
- Last Updated
- 1
CWE-787
- Out-of-bounds Write
- 2024-07-16
- 4
CWE-416
- Use After Free
- 2024-07-16
- 6
CWE-20
- Improper Input Validation
- 2024-07-16
- 7
CWE-125
- Out-of-bounds Read
- 2024-07-16
- 9
CWE-352
- Cross-Site Request Forgery (CSRF)
- 2023-06-29
- 11
CWE-862
- Missing Authorization
- 2023-06-29
- 12
CWE-476
- NULL Pointer Dereference
- 2024-07-16
- 13
CWE-287
- Improper Authentication
- 2024-07-16
- 14
CWE-190
- Integer Overflow or Wraparound
- 2024-07-16
- 15
CWE-502
- Deserialization of Untrusted Data
- 2023-06-29
- 18
CWE-798
- Use of Hard-coded Credentials
- 2024-07-16
- 19
CWE-918
- Server-Side Request Forgery (SSRF)
- 2023-06-29
- 22
CWE-269
- Improper Privilege Management
- 2024-07-16
- 24
CWE-863
- Incorrect Authorization
- 2024-02-29
- 25
CWE-276
- Incorrect Default Permissions
- 2023-06-29
source: cwe.mitre.org