Select Page

MITRE has released its annual list of the Top 25 “most dangerous software weaknesses” for the year 2023.

“These weaknesses lead to serious vulnerabilities in software,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said. “An attacker can often exploit these vulnerabilities to take control of an affected system, steal data, or prevent applications from working.”

The list is based on an analysis of public vulnerability data in the National Vulnerability Data (NVD) for root cause mappings to CWE weaknesses for the previous two years. A total of 43,996 CVE entries were examined and a score was attached to each of them based on prevalence and severity.

Coming out top is Out-of-bounds Write, followed by Cross-site Scripting, SQL Injection, Use After Free, OS Command Injection, Improper Input Validation, Out-of-bounds Read, Path Traversal, Cross-Site Request Forgery (CSRF), and Unrestricted Upload of File with Dangerous Type. Out-of-bounds Write also took the top spot in 2022.

images from Hacker News