CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities
New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE Top 25 > 2024 On the Cusp  
ID

2024 “On the Cusp” – Other Dangerous Software Weaknesses

Top 25 Home
Share via: Share via
View in table format
On the Cusp Insights

2024 CWE Top 25 - On the Cusp
×
Rank ID NameScore CVEs in KEV Rank Change vs. 2023
26 CWE-770 Allocation of Resources Without Limits or Throttling 2.65 0 +3
27 CWE-668 Exposure of Resource to Wrong Sphere 2.56 0 +13
28 CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') 2.10 0 +19
29 CWE-427 Uncontrolled Search Path Element 2.08 0 -2
30 CWE-639 Authorization Bypass Through User-Controlled Key 2.05 0 +8
31 CWE-532 Insertion of Sensitive Information into Log File 1.99 0 +14
32 CWE-732 Incorrect Permission Assignment for Critical Resource 1.94 0 -1
33 CWE-601 URL Redirection to Untrusted Site ('Open Redirect') 1.85 0 -1
34 CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 1.75 2 -13
35 CWE-522 Insufficiently Protected Credentials 1.71 0 0
36 CWE-276 Incorrect Default Permissions 1.68 0 -11
37 CWE-203 Observable Discrepancy 1.61 0 +14
38 CWE-59 Improper Link Resolution Before File Access ('Link Following') 1.40 0 +1
39 CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') 1.38 6 +7
40 CWE-312 Cleartext Storage of Sensitive Information 1.37 0 +3
  1. Allocation of Resources Without Limits or Throttling
    CWE-770 CVEs in KEV: 0 Rank Last Year: 29 (up 3) upward trend
  2. Exposure of Resource to Wrong Sphere
    CWE-668 CVEs in KEV: 0 Rank Last Year: 40 (up 13) upward trend
  3. Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    CWE-74 CVEs in KEV: 0 Rank Last Year: 47 (up 19) upward trend
  4. Uncontrolled Search Path Element
    CWE-427 CVEs in KEV: 0 Rank Last Year: 27 (down 2) downward trend
  5. Authorization Bypass Through User-Controlled Key
    CWE-639 CVEs in KEV: 0 Rank Last Year: 38 (up 8) upward trend
  6. Insertion of Sensitive Information into Log File
    CWE-532 CVEs in KEV: 0 Rank Last Year: 45 (up 14) upward trend
  7. Incorrect Permission Assignment for Critical Resource
    CWE-732 CVEs in KEV: 0 Rank Last Year: 31 (down 1) downward trend
  8. URL Redirection to Untrusted Site ('Open Redirect')
    CWE-601 CVEs in KEV: 0 Rank Last Year: 32 (down 1) downward trend
  9. Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    CWE-362 CVEs in KEV: 2 Rank Last Year: 21 (down 13) downward trend
  10. Insufficiently Protected Credentials
    CWE-522 CVEs in KEV: 0 Rank Last Year: 35
  11. Incorrect Default Permissions
    CWE-276 CVEs in KEV: 0 Rank Last Year: 25 (down 11) downward trend
  12. Observable Discrepancy
    CWE-203 CVEs in KEV: 0 Rank Last Year: 51 (up 14) upward trend
  13. Improper Link Resolution Before File Access ('Link Following')
    CWE-59 CVEs in KEV: 0 Rank Last Year: 39 (up 1) upward trend
  14. Access of Resource Using Incompatible Type ('Type Confusion')
    CWE-843 CVEs in KEV: 6 Rank Last Year: 46 (up 7) upward trend
  15. Cleartext Storage of Sensitive Information
    CWE-312 CVEs in KEV: 0 Rank Last Year: 43 (up 3) upward trend
Back to top
Page Last Updated: December 17, 2024
 

Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2024, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.