"of attacks involving each cwe. the following list is a reminder of the essential aspects of each cwe in the context of cves exploited over http requests. for additional details, consult the mitre. org repository footnote links as many have robust diagrams and explanatory text to …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
89%
"write6 - an attacker sends crafted http data ( typically a field that is too long ) that causes the application to write outside the bounds of a memory buffer, corrupting memory and potentially enabling remote code execution. - cwe - 22 : path traversal7 - an attacker includes di…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
86%
"weak access control checks to access sensitive data or perform sensitive actions. - cwe - 79 : cross - site scripting11 - an attacker injects malicious scripts into http requests that are stored by the server and later executed in the victim ’ s browser, enabling session hijackin…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
72%
"owasp top ten category received over the last twelve months ( see table 4 ). we have done this by following the mapping from cve to primary cwe to owasp category, and propagated the cve traffic through to the resulting owasp category. the resulting data shows a remarkably unbalan…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
47%
"to the lens through which owasp top ten, necessarily, views security. the owasp top ten serves to educate software engineers and support their defending security teams. therefor the owasp categorization reflects the holistic security needs of developing software, which does not n…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
39%
"primary cwe attribution in this data set ( e. g. with the post - auth cve - 2020 - 8958 guangzhou onu command injection rce ). the final ranking surprise we anticipate readers may have is for the relative high ranking of cwe - 787 out - of - bounds write. there are two parts to t…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
We expand our view to include CWE and OWASP, and we also examine the latest overall trends for June 2025.