| Stack-based Buffer Overflow | |
| Off-by-one Error | |
| Time-of-check Time-of-use (TOCTOU) | |
| Heap-based Buffer Overflow | |
| CVE-2026-5946 | |
| Time-of-check Time-of-use (TOCTOU) | |
| OS Command Injection | |
| Expired Pointer Dereference | |
| Allocation of Resources Without Limits or Throttling | |
| Access of Uninitialized Pointer | |
| CVE-2026-42944 | |
| Information Exposure | |
| Use After Free | |
| Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | |
| Improper Privilege Management | |
| Improper Validation of Specified Type of Input | |
| Undefined Behavior for Input to API | |
| Improper Input Validation | |
| Improper Neutralization of Null Byte or NUL Character | |
| Uncontrolled Recursion | |
| Write-what-where Condition | |
| Uncontrolled Recursion | |
| Uncontrolled Recursion | |
| Integer Overflow or Wraparound | |
| Improper Input Validation | |
| Heap-based Buffer Overflow | |
| Out-of-bounds Read | |
| Loop with Unreachable Exit Condition ('Infinite Loop') | |
| Out-of-bounds Read | |
| Incorrect Calculation of Buffer Size | |
| Integer Overflow or Wraparound | |
| Write-what-where Condition | |
| Improper Certificate Validation | |
| Write-what-where Condition | |
| CVE-2026-42010 | |
| Buffer Overflow | |
| Improper Handling of Length Parameter Inconsistency | |
| Information Exposure | |
| Origin Validation Error | |
| Exposure of Data Element to Wrong Session | |
| Comparison Using Wrong Factors | |
| Information Exposure | |
| Incorrect Behavior Order: Early Validation | |
| Integer Underflow | |
| Improper Handling of Case Sensitivity | |
| Cleartext Transmission of Sensitive Information | |
| Improper Validation of Consistency within Input | |
| Buffer Overflow | |
| Out-of-bounds Read | |
| OS Command Injection | |
| NULL Pointer Dereference | |
| Out-of-bounds Write | |
| Deserialization of Untrusted Data | |
| Integer Underflow | |
| XML External Entity (XXE) Injection | |
| Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') | |
| Incorrect Calculation of Buffer Size | |
| Access of Resource Using Incompatible Type ('Type Confusion') | |
| Out-of-bounds Write | |
| Uncontrolled Recursion | |
| Out-of-bounds Read | |
| Buffer Overflow | |
| Use of Externally-Controlled Format String | |
| Incorrect Permission Assignment for Critical Resource | |
| Heap-based Buffer Overflow | |
| Incorrect Calculation of Buffer Size | |
| NULL Pointer Dereference | |
| Resource Exhaustion | |
| Out-of-bounds Write | |
| Buffer Access with Incorrect Length Value | |
| Buffer Access with Incorrect Length Value | |
| Uncontrolled Recursion | |
| Predictable from Observable State | |
| Improper Validation of Specified Type of Input | |
| Improper Null Termination | |
| Out-of-bounds Read | |
| Integer Overflow or Wraparound | |
| Execution with Unnecessary Privileges | |
| Integer Overflow or Wraparound | |
| Arbitrary Argument Injection | |
| Expired Pointer Dereference | |
| Time-of-check Time-of-use (TOCTOU) | |
| NULL Pointer Dereference | |
| Improper Handling of Missing Special Element | |
| CVE-2026-28387 | |
| Buffer Access with Incorrect Length Value | |
| OS Command Injection | |
| Loop with Unreachable Exit Condition ('Infinite Loop') | |
| Expired Pointer Dereference | |
| NULL Pointer Dereference | |
| Integer Underflow | |
| Access of Uninitialized Pointer | |
| Authentication Bypass by Primary Weakness | |
| Improperly Implemented Security Check for Standard | |
| Improper Certificate Validation | |
| Improper Certificate Validation | |
| Information Exposure | |
| Improper Validation of Consistency within Input | |
| Directory Traversal | |
| Time-of-check Time-of-use (TOCTOU) | |
| OS Command Injection | |
| Least Privilege Violation | |
| OS Command Injection | |
| Improper Preservation of Permissions | |
| Improper Handling of Inconsistent Special Elements | |
| Incorrect Calculation of Buffer Size | |
| Buffer Overflow | |
| Directory Traversal | |
| Missing Authentication for Critical Function | |
| Misinterpretation of Input | |
| Improper Handling of Case Sensitivity | |
| External Control of File Name or Path | |
| OS Command Injection | |
| Incorrect Check of Function Return Value | |
| Integer Overflow or Wraparound | |
| Expression Language Injection | |
| Use of Unmaintained Third Party Components | |
| Reachable Assertion | |
| Integer Overflow or Wraparound | |
| Allocation of Resources Without Limits or Throttling | |
| Buffer Underflow | |
| Misinterpretation of Input | |
| Incorrect Execution-Assigned Permissions | |
| Expired Pointer Dereference | |
| Improper Handling of Structural Elements | |
| Expired Pointer Dereference | |
| Missing Release of Resource after Effective Lifetime | |
| Allocation of Resources Without Limits or Throttling | |
| Allocation of Resources Without Limits or Throttling | |
| OS Command Injection | |
| Improper Validation of Specified Type of Input | |
| Out-of-bounds Read | |
| Inappropriate Encoding for Output Context | |
| Improper Validation of Syntactic Correctness of Input | |
| Link Following | |
| Out-of-bounds Read | |
| Incorrect Bitwise Shift of Integer | |
| Reachable Assertion | |
| Loop with Unreachable Exit Condition ('Infinite Loop') | |
| Improper Access Control | |
| Access of Uninitialized Pointer | |
| Use of Uninitialized Resource | |
| Incorrect Calculation of Buffer Size | |
| Expired Pointer Dereference | |
| Authentication Bypass by Primary Weakness | |
| Out-of-bounds Read | |
| Out-of-bounds Read | |
| Out-of-bounds Read | |
| Buffer Underflow | |
| Directory Traversal | |
| Directory Traversal | |
| Incorrect Calculation of Multi-Byte String Length | |
| Incorrect Implementation of Authentication Algorithm | |
| Improper Validation of Specified Type of Input | |
| OS Command Injection | |
| Buffer Underflow | |
| NULL Pointer Dereference | |
| Out-of-bounds Read | |
| Information Exposure | |
| Inefficient Regular Expression Complexity | |
| Buffer Overflow | |
| Buffer Overflow | |
| Integer Overflow or Wraparound | |
| Directory Traversal | |
| Out-of-bounds Read | |
| NULL Pointer Dereference | |
| Improper Validation of Specified Index, Position, or Offset in Input | |
| Loop with Unreachable Exit Condition ('Infinite Loop') | |
| Unchecked Input for Loop Condition | |
| CVE-2026-23865 | |
| Stack-based Buffer Overflow | |
| External Control of File Name or Path | |
| Loop with Unreachable Exit Condition ('Infinite Loop') | |
| Unchecked Input for Loop Condition | |
| Reachable Assertion | |
| Out-of-bounds Read | |
| Out-of-bounds Read | |
| Access of Uninitialized Pointer | |
| Deserialization of Untrusted Data | |
| Loop with Unreachable Exit Condition ('Infinite Loop') | |
| Double Free | |
| Algorithmic Complexity | |
| Incorrect Execution-Assigned Permissions | |
| Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') | |
| Buffer Overflow | |
| Memory Leak | |
| Memory Leak | |
| Buffer Overflow | |
| Link Following | |
| Uncontrolled Recursion | |
| Improper Validation of Specified Type of Input | |
| Out-of-bounds Write | |
| Access of Resource Using Incompatible Type ('Type Confusion') | |
| NULL Pointer Dereference | |
| Missing Required Cryptographic Step | |
| Buffer Overflow | |
| Improper Handling of Parameters | |
| NULL Pointer Dereference | |
| Allocation of Resources Without Limits or Throttling | |
| Access of Resource Using Incompatible Type ('Type Confusion') | |
| Incorrect Calculation of Buffer Size | |
| Improper Validation of Specified Quantity in Input | |
| Stack-based Buffer Overflow | |
| Improper Validation of Syntactic Correctness of Input | |
| Improper Handling of Highly Compressed Data (Data Amplification) | |
| Allocation of Resources Without Limits or Throttling | |
| Improper Handling of Highly Compressed Data (Data Amplification) | |
| Use of Uninitialized Resource | |
| Time-of-check Time-of-use (TOCTOU) | |
| Directory Traversal | |
| Time-of-check Time-of-use (TOCTOU) | |
| Uncontrolled Recursion | |
| Uncontrolled Recursion | |
| Resource Exhaustion | |
| Use of Uninitialized Resource | |
| Integer Overflow or Wraparound | |
| Out-of-bounds Read | |
| Buffer Overflow | |
| Reachable Assertion | |
| Reachable Assertion | |
| Reachable Assertion | |
| Out-of-bounds Read | |
| Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element | |
| Integer Underflow | |
| Buffer Overflow | |
| Resource Exhaustion | |
| Out-of-bounds Read | |
| Out-of-bounds Write | |
| Out-of-bounds Read | |
| Out-of-bounds Read | |
| NULL Pointer Dereference | |
| Stack-based Buffer Overflow | |
| Out-of-bounds Read | |
| Out-of-Bounds | |
| Out-of-bounds Write | |
| Heap-based Buffer Overflow | |
| Information Exposure | |
| Use After Free | |
| Integer Overflow or Wraparound | |
| Improper Input Validation | |
| Resource Exhaustion | |
| Out-of-bounds Read | |
| Out-of-bounds Read | |
| Out-of-bounds Read | |
| Improper Use of Validation Framework | |
| Unrestricted Externally Accessible Lock | |
| Algorithmic Complexity | |
| Out-of-bounds Read | |
| Out-of-bounds Read | |
| Out-of-bounds Write | |
| Integer Overflow or Wraparound | |
| Incorrect Calculation of Buffer Size | |
| Expired Pointer Dereference | |
| CVE-2025-61662 | |
| Expired Pointer Dereference | |
| Expired Pointer Dereference | |
| Expired Pointer Dereference | |
| NULL Pointer Dereference | |
| Key Exchange without Entity Authentication | |
| Loop with Unreachable Exit Condition ('Infinite Loop') | |
| Resource Exhaustion | |
| Stack-based Buffer Overflow | |
| Resource Exhaustion | |
| Acceptance of Extraneous Untrusted Data With Trusted Data | |
| Improper Verification of Cryptographic Signature | |
| Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | |
| Allocation of Resources Without Limits or Throttling | |
| Directory Traversal | |
| Improper Check for Unusual or Exceptional Conditions | |
| Unchecked Return Value | |
| Out-of-bounds Read | |
| Improper Validation of Specified Quantity in Input | |
| Use of Uninitialized Resource | |
| Access of Resource Using Incompatible Type ('Type Confusion') | |
| Double Free | |
| Out-of-bounds Write | |
| Out-of-bounds Read | |
| Improper Neutralization of Null Byte or NUL Character | |
| Buffer Access with Incorrect Length Value | |
| Out-of-bounds Read | |
| Out-of-bounds Read | |
| Improper Privilege Management | |
| Failure to Sanitize Special Element | |
| Use After Free | |
| Out-of-bounds Write | |
| Out-of-bounds Read | |
| Information Exposure | |
| Out-of-bounds Write | |
| Out-of-bounds Read | |
| Expired Pointer Dereference | |
| Allocation of Resources Without Limits or Throttling | |
| Out-of-bounds Read | |
| NULL Pointer Dereference | |
| Improper Authentication | |
| Memory Leak | |
| Expired Pointer Dereference | |
| Unchecked Input for Loop Condition | |
| Out-of-bounds Read | |
| Buffer Overflow | |
| Reachable Assertion | |
| Integer Overflow or Wraparound | |
| External Control of System or Configuration Setting | |
| NULL Pointer Dereference | |
| Double Free | |
| Insufficiently Protected Credentials | |
| Acceptance of Extraneous Untrusted Data With Trusted Data | |
| Directory Traversal | |
| Numeric Truncation Error | |
| Directory Traversal | |
| Directory Traversal | |
| Arbitrary Argument Injection | |
| Out-of-bounds Write | |
| Out-of-bounds Write | |
| Out-of-bounds Write | |
| Double Free | |
| NULL Pointer Dereference | |
| Improper Certificate Validation | |
| Use After Free | |
| OS Command Injection | |
| Heap-based Buffer Overflow | |
| Arbitrary Argument Injection | |
| CRLF Injection | |
| Buffer Overflow | |
| Return of Wrong Status Code | |
| Incorrect Calculation | |
| Use After Free | |
| Double Free | |
| Incorrect Authorization | |
| Out-of-bounds Read | |
| Missing Release of Resource after Effective Lifetime | |
| Uncontrolled Recursion | |
| Stack-based Buffer Overflow | |
| Directory Traversal | |
| Out-of-bounds Write | |
| Out-of-bounds Write | |
| Out-of-bounds Read | |
| Integer Overflow or Wraparound | |
| Integer Overflow or Wraparound | |
| Heap-based Buffer Overflow | |
| Out-of-bounds Read | |
| Uncontrolled Search Path Element | |
| Race Condition | |
| Stack-based Buffer Overflow | |
| Out-of-Bounds | |
| Out-of-Bounds | |
| Buffer Overflow | |
| Buffer Over-read | |
| Integer Overflow or Wraparound | |
| Untrusted Search Path | |
| Out-of-bounds Write | |
| Incorrect Privilege Assignment | |
| Missing Authentication for Critical Function | |
| Integer Overflow or Wraparound | |
| Out-of-bounds Read | |
| Reversible One-Way Hash | |
| Expected Behavior Violation | |
| Out-of-bounds Read | |
| Return of Wrong Status Code | |
| Missing Release of Resource after Effective Lifetime | |
| NULL Pointer Dereference | |
| Arbitrary Argument Injection | |
| Uncontrolled Recursion | |
| Out-of-bounds Write | |
| Use After Free | |
| Use After Free | |
| Buffer Overflow | |
| Use of Uninitialized Resource | |
| Information Exposure | |
| Unchecked Return Value | |
| NULL Pointer Dereference | |
| Directory Traversal | |
| Use After Free | |
| Out-of-bounds Write | |
| Out-of-bounds Write | |
| Improper Update of Reference Count | |
| Stack-based Buffer Overflow | |
| Unchecked Return Value | |
| Out-of-bounds Write | |
| Out-of-bounds Write | |
| Use After Free | |
| Out-of-bounds Write | |
| Out-of-bounds Write | |
| NULL Pointer Dereference | |
| Trust Boundary Violation | |
| Use After Free | |
| Out-of-bounds Write | |
| Detection of Error Condition Without Action | |
| Out-of-Bounds | |
| Missing Release of Resource after Effective Lifetime | |
| Missing Release of Resource after Effective Lifetime | |
| Out-of-Bounds | |
| Missing Release of Resource after Effective Lifetime | |
| Out-of-bounds Write | |
| Algorithmic Complexity | |
| Algorithmic Complexity | |
| Out-of-bounds Write | |
| Incorrect Calculation of Buffer Size | |
| Resource Exhaustion | |
| Resource Exhaustion | |
| Use After Free | |
| Improper Check for Unusual or Exceptional Conditions | |
| Improper Encoding or Escaping of Output | |
| Information Exposure | |
| Heap-based Buffer Overflow | |
| Directory Traversal | |
| Inappropriate Encoding for Output Context | |
| Covert Timing Channel | |
| Out-of-bounds Write | |
| Directory Traversal | |
| Symlink Following | |
| Race Condition | |
| Improper Encoding or Escaping of Output | |
| Detection of Error Condition Without Action | |
| Use of Uninitialized Resource | |
| Insecure Default Initialization of Resource | |
| NULL Pointer Dereference | |
| Out-of-Bounds | |
| Information Exposure | |
| Insecure Temporary File | |
| Symlink Following | |
| Improper Authentication | |
| Comparison Using Wrong Factors | |
| Use of Insufficiently Random Values | |
| Small Space of Random Values | |
| Improper Input Validation | |
| Unchecked Input for Loop Condition | |
| Improper Certificate Validation | |
| Use After Free | |
| Out-of-bounds Write | |
| Improper Finite State Machines (FSMs) in Hardware Logic | |
| Improper Certificate Validation | |
| Heap-based Buffer Overflow | |
| Integer Overflow or Wraparound | |
| Integer Overflow or Wraparound | |
| Integer Overflow or Wraparound | |
| Access of Resource Using Incompatible Type ('Type Confusion') | |
| Directory Traversal | |
| Double Free | |
| Heap-based Buffer Overflow | |
| Heap-based Buffer Overflow | |
| Use After Free | |
| Use After Free | |
| Heap-based Buffer Overflow | |
| NULL Pointer Dereference | |
| Double Free | |
| Use After Free | |
| Out-of-bounds Read | |
| Improper Synchronization | |
| Resource Exhaustion | |
| Resource Exhaustion | |
| CVE-2024-4076 | |
| Arbitrary Code Injection | |
| Race Condition | |
| Race Condition | |
| Information Exposure | |
| CVE-2024-26602 | |
