Here are the 25 most dangerous software vulnerabilities

Software vulnerabilities - Featured image

A system designed to identify software flaws has published an updated list of threats that need to be addressed by software developers, designers, and cybersecurity experts. 

The list was compiled by Common Weakness Enumeration with support from the US Department of Homeland Security. It ranks the 25 most dangerous software errors.

The updated list is the first of its kind in eight years.  

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer75.56
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')45.69
CWE-20Improper Input Validation43.61
CWE-200Information Exposure32.12
CWE-125Out-of-bounds Read26.53
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')24.54
CWE-416Use After Free17.94
CWE-190Integer Overflow or Wraparound17.35
CWE-352Cross-Site Request Forgery (CSRF)15.54
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')14.1
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')11.47
CWE-787Out-of-bounds Write11.08
CWE-287Improper Authentication10.78
CWE-476NULL Pointer Dereference9.74
CWE-732Incorrect Permission Assignment for Critical Resource6.33
CWE-434Unrestricted Upload of File with Dangerous Type5.5
CWE-611Improper Restriction of XML External Entity Reference5.48
CWE-94Improper Control of Generation of Code ('Code Injection')5.36
CWE-798Use of Hard-coded Credentials5.12
CWE-400Uncontrolled Resource Consumption5.04
CWE-772Missing Release of Resource after Effective Lifetime5.04
CWE-426Untrusted Search Path4.4
CWE-502Deserialization of Untrusted Data4.3
CWE-269Improper Privilege Management4.23
CWE-295Improper Certificate Validation4.06

The CWE team developed a scoring formula to determine rank. The improper restriction of operations within the bounds of a memory buffer vulnerability emerged with the highest calculated score.