CWE

Common Weakness Enumeration

A Community-Developed List of Software & Hardware Weakness Types

New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE Top 25 > 2023 CWE Top 10 KEV Weaknesses  
ID

2023 CWE Top 10 KEV Weaknesses

Share via:
2023 CWE Top 10 KEV Weaknesses
×
KEV Weaknesses Rank CWE-ID Weakness Name Analysis Score Number of Mappings in the KEV Dataset Average CVSS
1 CWE-416 Use After Free 73.99 44 8.54
2 CWE-122 Heap-based Buffer Overflow 56.56 32 8.79
3 CWE-787 Out-of-bounds Write 51.96 34 8.19
4 CWE-20 Improper Input Validation 51.38 33 8.27
5 CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 49.44 25 9.36
6 CWE-502 Deserialization of Untrusted Data 29.00 16 9.06
7 CWE-918 Server-Side Request Forgery (SSRF) 27.33 16 8.72
8 CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') 26.24 16 8.61
9 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 19.90 14 8.09
10 CWE-306 Missing Authentication for Critical Function 12.98 8 8.86
  1. Use After Free
    CWE-416 Analysis score: 73.99 # CVE Mappings in KEV: 44 Avg. CVSS: 8.54
  2. Heap-based Buffer Overflow
    CWE-122 Analysis score: 56.56 # CVE Mappings in KEV: 32 Avg. CVSS: 8.79
  3. Out-of-bounds Write
    CWE-787 Analysis score: 51.96 # CVE Mappings in KEV: 34 Avg. CVSS: 8.19
  4. Improper Input Validation
    CWE-20 Analysis score: 51.38 # CVE Mappings in KEV: 33 Avg. CVSS: 8.27
  5. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    CWE-78 Analysis score: 49.44 # CVE Mappings in KEV: 25 Avg. CVSS: 9.36
  6. Deserialization of Untrusted Data
    CWE-502 Analysis score: 29.00 # CVE Mappings in KEV: 16 Avg. CVSS: 9.06
  7. Server-Side Request Forgery (SSRF)
    CWE-918 Analysis score: 27.33 # CVE Mappings in KEV: 16 Avg. CVSS: 8.72
  8. Access of Resource Using Incompatible Type ('Type Confusion')
    CWE-843 Analysis score: 26.24 # CVE Mappings in KEV: 16 Avg. CVSS: 8.61
  9. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    CWE-22 Analysis score: 19.90 # CVE Mappings in KEV: 14 Avg. CVSS: 8.09
  10. Missing Authentication for Critical Function
    CWE-306 Analysis score: 12.98 # CVE Mappings in KEV: 8 Avg. CVSS: 8.86
Page Last Updated: December 05, 2023