CWE Top 25 Archives - Page 2 of 2

2024 CWE Top 25 Most Dangerous Software Weaknesses: Missing Authorisation (CWE-862)

14 March 2025 by Krishna

Missing Authorisation, identified by CWE-862, refers to a software weakness where an application fails to verify if a user is permitted to access specific resources or perform certain actions. While authentication establishes identity, authorisation ensures that the authenticated user has the necessary permissions. When authorisation is missing, attackers can exploit this oversight to access sensitive data, perform unauthorised transactions, or disrupt services.

2024 CWE Top 25 Most Dangerous Software Weaknesses: Use After Free (CWE-416)

13 March 2025 by Krishna

At its core, a Use After Free vulnerability occurs when a program continues to use memory after it has been freed or deallocated. This behaviour can result in undefined behaviour, ranging from crashes and data corruption to critical security breaches, including arbitrary code execution.

2024 CWE Top 25 Most Dangerous Software Weaknesses: Out-of-Bounds Read (CWE-125)

11 March 202511 March 2025 by Krishna

Out-of-Bounds Read occurs when a program reads data past the allocated boundary of a buffer. This behaviour typically arises from improper validation of input data or incorrect indexing in memory operations. By exploiting this weakness, attackers can gain unauthorised access to sensitive information, potentially leading to security violations.

Understanding CWE-79: Cross-Site Scripting (XSS) in 2024 – A Strategic Guide for Software Architects and C-Suite Executives

6 March 2025 by Krishna

At its core, XSS exploits the trust a user places in a web application. By manipulating input fields, URLs, or other interactive elements, attackers can introduce scripts that execute commands, steal sensitive information, or alter website functionality.