CWE (Common Weakness Enumeration)

A community developed list of software and hardware weaknesses maintained by MITRE Corporation. Each unique weakness is assigned by a specific CWE number (for example :- CWE-42). CWE entries are formed as a tree of different abstraction layers. The top and first layer is called Class and the second and middle layer is called Base and the last and final layer is called Variant; where Class is a parent layer, Base is a child layer and Variant is a grand child layer.

Most dangerous CWE of 2021

1. CWE-787 : Out-of-bounds write
2. CWE-79 : Cross-site scripting
3. CWE-125 : Out-of-bounds read
4. CWE-20 : Improper input validation
5. CWE-78 : OS command injection
6. CWE-89 : SQL injection
7. CWE-352 : Client Side Request Forgery (CSRF)