CWE-920 – Improper Restriction of Power Consumption
Description The software operates in an environment in which power is a limited resource that cannot be automatically replenished, but the software does not properly...
CWE-92 – DEPRECATED: Improper Sanitization of Custom Special Characters
Description This entry has been deprecated. It originally came from PLOVER, which sometimes defined "other" and "miscellaneous" categories in order to satisfy exhaustiveness requirements for...
CWE-918 – Server-Side Request Forgery (SSRF)
Description The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not...
CWE-917 – Improper Neutralization of Special Elements used in an Expression Language Statement (‘Expression Language Injection’)
Description The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream...
CWE-916 – Use of Password Hash With Insufficient Computational Effort
Description The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that...
CWE-915 – Improperly Controlled Modification of Dynamically-Determined Object Attributes
Description The software receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an...
CWE-914 – Improper Control of Dynamically-Identified Variables
Description The software does not properly restrict reading from or writing to dynamically-identified variables. Many languages offer powerful features that allow the programmer to access...
CWE-913 – Improper Control of Dynamically-Managed Code Resources
Description The software does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions...
CWE-912 – Hidden Functionality
Description The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is...
CWE-911 – Improper Update of Reference Count
Description The software uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count. Reference counts can...