CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities
New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE Top 25 > 2023 CWE Top 10 KEV Weaknesses  
ID

2023 CWE Top 10 KEV Weaknesses


NOTICE: This is a previous version of the Top 25. For the most recent version go here.


Top 25 Home
Share via:
View in table format
KEV Key Insights
KEV Methodology

2023 CWE Top 10 KEV Weaknesses
×
KEV Weaknesses Rank CWE-ID Weakness Name Analysis Score Number of Mappings in the KEV Dataset Average CVSS
1 CWE-416 Use After Free 73.99 44 8.54
2 CWE-122 Heap-based Buffer Overflow 56.56 32 8.79
3 CWE-787 Out-of-bounds Write 51.96 34 8.19
4 CWE-20 Improper Input Validation 51.38 33 8.27
5 CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 49.44 25 9.36
6 CWE-502 Deserialization of Untrusted Data 29.00 16 9.06
7 CWE-918 Server-Side Request Forgery (SSRF) 27.33 16 8.72
8 CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') 26.24 16 8.61
9 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 19.90 14 8.09
10 CWE-306 Missing Authentication for Critical Function 12.98 8 8.86
  1. Use After Free
    CWE-416 Analysis score: 73.99 # CVE Mappings in KEV: 44 Avg. CVSS: 8.54
  2. Heap-based Buffer Overflow
    CWE-122 Analysis score: 56.56 # CVE Mappings in KEV: 32 Avg. CVSS: 8.79
  3. Out-of-bounds Write
    CWE-787 Analysis score: 51.96 # CVE Mappings in KEV: 34 Avg. CVSS: 8.19
  4. Improper Input Validation
    CWE-20 Analysis score: 51.38 # CVE Mappings in KEV: 33 Avg. CVSS: 8.27
  5. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    CWE-78 Analysis score: 49.44 # CVE Mappings in KEV: 25 Avg. CVSS: 9.36
  6. Deserialization of Untrusted Data
    CWE-502 Analysis score: 29.00 # CVE Mappings in KEV: 16 Avg. CVSS: 9.06
  7. Server-Side Request Forgery (SSRF)
    CWE-918 Analysis score: 27.33 # CVE Mappings in KEV: 16 Avg. CVSS: 8.72
  8. Access of Resource Using Incompatible Type ('Type Confusion')
    CWE-843 Analysis score: 26.24 # CVE Mappings in KEV: 16 Avg. CVSS: 8.61
  9. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    CWE-22 Analysis score: 19.90 # CVE Mappings in KEV: 14 Avg. CVSS: 8.09
  10. Missing Authentication for Critical Function
    CWE-306 Analysis score: 12.98 # CVE Mappings in KEV: 8 Avg. CVSS: 8.86
Back to top
Page Last Updated: November 11, 2024
 

Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2024, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.