CWE-704 – Incorrect Type Conversion or Cast
Description The software does not correctly convert an object, resource, or structure from one type to a different type. Modes of Introduction: - Architecture and...
CWE-703 – Improper Check or Handling of Exceptional Conditions
Description The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software. Modes of Introduction: - Architecture...
CWE-7 – J2EE Misconfiguration: Missing Custom Error Page
Description The default error page of a web application should not display sensitive information about the software system. Modes of Introduction: - Architecture and Design...
CWE-698 – Execution After Redirect (EAR)
Description The web application sends a redirect to another location, but instead of exiting, it executes additional code. Modes of Introduction: - Implementation Likelihood of...
CWE-697 – Incorrect Comparison
Description The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses. Modes of Introduction: -...
CWE-696 – Incorrect Behavior Order
Description The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses. Modes of...
CWE-695 – Use of Low-Level Functionality
Description The software uses low-level functionality that is explicitly prohibited by the framework or specification under which the software is supposed to operate. The use...
CWE-694 – Use of Multiple Resources with Duplicate Identifier
Description The software uses multiple resources that can have the same identifier, in a context in which unique identifiers are required. If the software assumes...
CWE-693 – Protection Mechanism Failure
Description The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. This weakness covers...
CWE-692 – Incomplete Denylist to Cross-Site Scripting
Description The product uses a denylist-based protection mechanism to defend against XSS attacks, but the denylist is incomplete, allowing XSS variants to succeed. While XSS...
