CWE-511 – Logic/Time Bomb
Description The software contains code that is designed to disrupt the legitimate operation of the software (or its environment) when a certain time passes, or...
CWE-510 – Trapdoor
Description A trapdoor is a hidden piece of code that responds to a special input, allowing its user access to resources without passing through the...
CWE-51 – Path Equivalence: ‘/multiple//internal/slash’
Description A software system that accepts path input in the form of multiple internal slash ('/multiple//internal/slash/') without appropriate validation can lead to ambiguous path resolution...
CWE-509 – Replicating Malicious Code (Virus or Worm)
Description Replicating malicious code, including viruses and worms, will attempt to attack other systems once it has successfully compromised the target system or software. Modes...
CWE-508 – Non-Replicating Malicious Code
Description Non-replicating malicious code only resides on the target system or software that is attacked; it does not attempt to spread to other systems. Modes...
CWE-507 – Trojan Horse
Description The software appears to contain benign or useful functionality, but it also contains code that is hidden from normal operation that violates the intended...
CWE-506 – Embedded Malicious Code
Description The application contains code that appears to be malicious in nature. Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb....
CWE-502 – Deserialization of Untrusted Data
Description The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. Serialization and deserialization refer to the process of taking...
CWE-501 – Trust Boundary Violation
Description The product mixes trusted and untrusted data in the same data structure or structured message. A trust boundary can be thought of as line...
CWE-500 – Public Static Field Not Marked Final
Description An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways. Public static...