CWE™ is a community-developed list of software and hardware weakness types. It serves as a common language, a measuring stick for security tools, and as a baseline for weakness identification, mitigation, and prevention efforts.
This list identifies the top ten CWEs in the Cybersecurity and Infrastructure Security Agency’s (CISA) “Known Exploited Vulnerabilities (KEV) Catalog,” a database of security flaws in software applications that have been exposed and leveraged by attackers. Our analysis/key insights about the list are available here, and our methodology for creating the list is here.