CWE-1045 – Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor
Description A parent class has a virtual destructor method, but the parent has a child class that does not have a virtual destructor. Modes of...
CWE-1046 – Creation of Immutable Text Using String Concatenation
Description The software creates an immutable text string using string concatenation operations. Modes of Introduction: Related Weaknesses CWE-1176 Consequences Other: Reduce Performance...
CWE-1047 – Modules with Circular Dependencies
Description The software contains modules in which one module has references that cycle back to itself, i.e., there are circular dependencies. Modes of Introduction: ...
CWE-94 – Improper Control of Generation of Code (‘Code Injection’)
Description The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly...
CWE-940 – Improper Verification of Source of a Communication Channel
Description The software establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify...
CWE-941 – Incorrectly Specified Destination in a Communication Channel
Description The software creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for...
CWE-942 – Permissive Cross-domain Policy with Untrusted Domains
Description The software uses a cross-domain policy file that includes domains that should not be trusted. Modes of Introduction: - Implementation Likelihood of Exploit: ...
CWE-943 – Improper Neutralization of Special Elements in Data Query Logic
Description The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize...
CWE-95 – Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a...
CWE-96 – Improper Neutralization of Directives in Statically Saved Code (‘Static Code Injection’)
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an...