CWE-766 – Critical Data Element Declared Public
Description The software declares a critical variable, field, or member to be public when intended security policy requires it to be private. Modes of Introduction:...
CWE-767 – Access to Critical Private Variable via Public Method
Description The software defines a public method that reads or modifies a private variable. If an attacker modifies the variable to contain unexpected values, this...
CWE-690 – Unchecked Return Value to NULL Pointer Dereference
Description The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which...
CWE-691 – Insufficient Control Flow Management
Description The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways....
CWE-692 – Incomplete Denylist to Cross-Site Scripting
Description The product uses a denylist-based protection mechanism to defend against XSS attacks, but the denylist is incomplete, allowing XSS variants to succeed. While XSS...
CWE-693 – Protection Mechanism Failure
Description The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. This weakness covers...
CWE-694 – Use of Multiple Resources with Duplicate Identifier
Description The software uses multiple resources that can have the same identifier, in a context in which unique identifiers are required. If the software assumes...
CWE-695 – Use of Low-Level Functionality
Description The software uses low-level functionality that is explicitly prohibited by the framework or specification under which the software is supposed to operate. The use...
CWE-696 – Incorrect Behavior Order
Description The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses. Modes of...
CWE-697 – Incorrect Comparison
Description The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses. Modes of Introduction: -...