CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities
New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE Top 25 > 2024 CWE Top 10 KEV Weaknesses 
ID

2024 CWE Top 10 KEV Weaknesses

Top 25 Home
Share via:
View in table format
KEV Key Insights
KEV Methodology
2024 CWE Top 10 KEV Weaknesses
×
Rank ID NameScore CVEs in KEV Rank Change vs. 2023
1 CWE-787 Out-of-bounds Write 75.59 18 +2
2 CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') 24.91 6 +6
3 CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 24.27 6 +2
4 CWE-94 Improper Control of Generation of Code ('Code Injection') 23.64 7 +29
5 CWE-502 Deserialization of Untrusted Data 23.07 5 +1
6 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 19.52 5 +3
7 CWE-306 Missing Authentication for Critical Function 17.60 6 +3
8 CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 15.62 4 +3
9 CWE-416 Use After Free 15.43 5 -8
10 CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection') 14.90 4 +5
  1. Out-of-bounds Write
    CWE-787 CVEs in KEV: 18 Rank Last Year: 3 (up 2) upward trend
  2. Access of Resource Using Incompatible Type ('Type Confusion')
    CWE-843 CVEs in KEV: 6 Rank Last Year: 8 (up 6) upward trend
  3. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    CWE-78 CVEs in KEV: 6 Rank Last Year: 5 (up 2) upward trend
  4. Improper Control of Generation of Code ('Code Injection')
    CWE-94 CVEs in KEV: 7 Rank Last Year: 33 (up 29) upward trend
  5. Deserialization of Untrusted Data
    CWE-502 CVEs in KEV: 5 Rank Last Year: 6 (up 1) upward trend
  6. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    CWE-22 CVEs in KEV: 5 Rank Last Year: 9 (up 3) upward trend
  7. Missing Authentication for Critical Function
    CWE-306 CVEs in KEV: 6 Rank Last Year: 10 (up 3) upward trend
  8. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    CWE-89 CVEs in KEV: 4 Rank Last Year: 11 (up 3) upward trend
  9. Use After Free
    CWE-416 CVEs in KEV: 5 Rank Last Year: 1 (down 8) downward trend
  10. Improper Neutralization of Special Elements used in a Command ('Command Injection')
    CWE-77 CVEs in KEV: 4 Rank Last Year: 15 (up 5) upward trend
Back to top
Page Last Updated: February 10, 2025
 

Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.