CWE-186 – Overly Restrictive Regular Expression
Description A regular expression is overly restrictive, which prevents dangerous values from being detected. This weakness is not about regular expression complexity. Rather, it is...
CWE-185 – Incorrect Regular Expression
Description The software specifies a regular expression in a way that causes data to be improperly matched or compared. When the regular expression is used...
CWE-184 – Incomplete List of Disallowed Inputs
Description The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or...
CWE-183 – Permissive List of Allowed Inputs
Description The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because...
CWE-182 – Collapse of Data into Unsafe Value
Description The software filters data in a way that causes it to be reduced or "collapsed" into an unsafe value that violates an expected security...
CWE-181 – Incorrect Behavior Order: Validate Before Filter
Description The software validates data before it has been filtered, which prevents the software from detecting data that becomes invalid after the filtering step. This...
CWE-180 – Incorrect Behavior Order: Validate Before Canonicalize
Description The software validates input before it is canonicalized, which prevents the software from detecting data that becomes invalid after the canonicalization step. This can...
CWE-179 – Incorrect Behavior Order: Early Validation
Description The software validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs...
CWE-178 – Improper Handling of Case Sensitivity
Description The software does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results....
CWE-177 – Improper Handling of URL Encoding (Hex Encoding)
Description The software does not properly handle when all or part of an input has been URL encoded. Modes of Introduction: - Implementation ...