CWE-1046 – Creation of Immutable Text Using String Concatenation
Description The software creates an immutable text string using string concatenation operations. Modes of Introduction: Related Weaknesses CWE-1176 Consequences Other: Reduce Performance...
CWE-1047 – Modules with Circular Dependencies
Description The software contains modules in which one module has references that cycle back to itself, i.e., there are circular dependencies. Modes of Introduction: ...
CWE-94 – Improper Control of Generation of Code (‘Code Injection’)
Description The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly...
CWE-940 – Improper Verification of Source of a Communication Channel
Description The software establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify...
CWE-941 – Incorrectly Specified Destination in a Communication Channel
Description The software creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for...
CWE-942 – Permissive Cross-domain Policy with Untrusted Domains
Description The software uses a cross-domain policy file that includes domains that should not be trusted. Modes of Introduction: - Implementation Likelihood of Exploit: ...
CWE-943 – Improper Neutralization of Special Elements in Data Query Logic
Description The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize...
CWE-95 – Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a...
CWE-96 – Improper Neutralization of Directives in Statically Saved Code (‘Static Code Injection’)
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an...
CWE-97 – Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
Description The software generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI)...