Software weaknesses can make attackers exploit your systems and they can steal sensitive data for malicious activities. Software weaknesses refers to all the bugs, errors or flaws in your system that can make it vulnerable. MITRE disclosed top 25 software weaknesses that many companies encountered between June 2023 to June 2024.
To rank the top 25 software weaknesses, MITRE analyzed 31,770 CVE records that compromised different systems. MITRE said that organizations should look closely at their lists to review their software security strategies. The top software weakness reported by MITRE is cross-site scripting, followed by Out-of-bounds Write. SQL Injection is the third biggest software weakness. Software weaknesses named CSRF, Path Traversal, Use After Free and Missing Authorization were also some top software vulnerabilities.
CISA also regularly releases documents about software vulnerabilities called Secure by Design. In May and March, it published two more documents to notify tech executives to look out for some vulnerabilities reported in recent attacks. The NSA, FBI and Five Eyes cyber security teams also released a list of top 15 security vulnerabilities. If you need to know more about the list of top 25 software weaknesses, check the whole report by MITRE.
Read next:
• How to Start Your Journey As a Graphic Designer
• A New Research Shows Many People Get their News Updates from Influencers on Social Media
• ChatGPT Leads, Google Gemini, Microsoft CoPilot, and Meta AI Gain Ground in AI Tool Usage
To rank the top 25 software weaknesses, MITRE analyzed 31,770 CVE records that compromised different systems. MITRE said that organizations should look closely at their lists to review their software security strategies. The top software weakness reported by MITRE is cross-site scripting, followed by Out-of-bounds Write. SQL Injection is the third biggest software weakness. Software weaknesses named CSRF, Path Traversal, Use After Free and Missing Authorization were also some top software vulnerabilities.
CISA also regularly releases documents about software vulnerabilities called Secure by Design. In May and March, it published two more documents to notify tech executives to look out for some vulnerabilities reported in recent attacks. The NSA, FBI and Five Eyes cyber security teams also released a list of top 15 security vulnerabilities. If you need to know more about the list of top 25 software weaknesses, check the whole report by MITRE.
| Rank | Vulnerability Type | Risk Score | CVEs (Security Issues) | Change in Rank |
|---|---|---|---|---|
| 1 | Cross-site Scripting (XSS) | 56.92 | 3 | +1 |
| 2 | Out-of-bounds Write | 45.20 | 18 | -1 |
| 3 | SQL Injection | 35.88 | 4 | No Change |
| 4 | Cross-Site Request Forgery (CSRF) | 19.57 | 0 | +5 |
| 5 | Path Traversal | 12.74 | 4 | +3 |
| 6 | Out-of-bounds Read | 11.42 | 3 | +1 |
| 7 | OS Command Injection | 11.30 | 5 | -2 |
| 8 | Use After Free | 10.19 | 5 | -4 |
| 9 | Missing Authorization | 10.11 | 0 | +2 |
| 10 | Unrestricted Upload of Dangerous File | 10.03 | 0 | No Change |
| 11 | Code Injection | 7.13 | 7 | +12 |
| 12 | Improper Input Validation | 6.78 | 1 | -6 |
| 13 | Command Injection | 6.74 | 4 | +3 |
| 14 | Improper Authentication | 5.94 | 4 | -1 |
| 15 | Improper Privilege Management | 5.22 | 0 | +7 |
| 16 | Deserialization of Untrusted Data | 5.07 | 5 | -1 |
| 17 | Exposure of Sensitive Information | 5.07 | 0 | +13 |
| 18 | Incorrect Authorization | 4.05 | 2 | +6 |
| 19 | Server-Side Request Forgery (SSRF) | 4.05 | 2 | No Change |
| 20 | Improper Memory Buffer Operations | 3.69 | 2 | -3 |
| 21 | NULL Pointer Dereference | 3.58 | 0 | -9 |
| 22 | Use of Hard-coded Credentials | 3.46 | 2 | -4 |
| 23 | Integer Overflow or Wraparound | 3.37 | 3 | -9 |
| 24 | Uncontrolled Resource Consumption | 3.23 | 0 | +13 |
| 25 | Missing Authentication for Critical Function | 2.73 | 5 | -5 |
Read next:
• How to Start Your Journey As a Graphic Designer
• A New Research Shows Many People Get their News Updates from Influencers on Social Media
• ChatGPT Leads, Google Gemini, Microsoft CoPilot, and Meta AI Gain Ground in AI Tool Usage
