Common Weakness Enumeration
969 software weaknesses with code examples, prevention checklists, and Plexicus auto-fix patterns. Built for engineers who need answers, not theory.
The CWEs developers hit most
Start here — these are the weaknesses our SAST flags 80% of the time on real codebases.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
This vulnerability occurs when a web application fails to properly sanitize or encode user-supplied input before…
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL Injection occurs when an application builds a database query using untrusted user input without properly…
CWE-20Improper Input Validation
This vulnerability occurs when an application accepts data from an external source but fails to properly verify that…
CWE-125Out-of-bounds Read
An out-of-bounds read occurs when software accesses memory outside the boundaries of a buffer, array, or similar data…
CWE-787Out-of-bounds Write
This vulnerability occurs when software incorrectly writes data outside the boundaries of its allocated memory buffer,…
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
OS Command Injection occurs when an application builds a system command using untrusted, external input without…
CWE-352Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) happens when a web application cannot reliably tell if a user actually intended to…
CWE-434Unrestricted Upload of File with Dangerous Type
This vulnerability occurs when an application accepts file uploads without properly restricting the file types,…
Don't Let Security
Weigh You Down.
Stop choosing between AI velocity and security debt. Plexicus is the only platform that runs Vibe Coding Security and ASPM in parallel — one workflow, every codebase.