A02:2025 Security Misconfiguration
Defaults are weak, hardening is incomplete, cloud / framework / server settings leave attack surface exposed.
Member CWEs (16)
- CWE-5 J2EE Misconfiguration: Data Transmission Without Encryption
- CWE-11 ASP.NET Misconfiguration: Creating Debug Binary
- CWE-13 ASP.NET Misconfiguration: Password in Configuration File
- CWE-15 External Control of System or Configuration Setting
- CWE-16
- CWE-260 Password in Configuration File
- CWE-315 Cleartext Storage of Sensitive Information in a Cookie
- CWE-489 Active Debug Code
- CWE-526 Cleartext Storage of Sensitive Information in an Environment Variable
- CWE-547 Use of Hard-coded, Security-relevant Constants
- CWE-611 Improper Restriction of XML External Entity Reference
- CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
- CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
- CWE-942 Permissive Cross-domain Security Policy with Untrusted Domains
- CWE-1004 Sensitive Cookie Without 'HttpOnly' Flag
- CWE-1174 ASP.NET Misconfiguration: Improper Model Validation
Tagged CVEs (showing 50 most recent of 2,003)
- CVE-2026-9133
- CVE-2026-8948
- CVE-2026-8576
- CVE-2026-8537
- CVE-2026-7643
- CVE-2026-7581
- CVE-2026-6807
- CVE-2026-6662
- CVE-2026-6501
- CVE-2026-6143
- CVE-2026-5321
- CVE-2026-5302
- CVE-2026-4980
- CVE-2026-4820
- CVE-2026-46722
- CVE-2026-45370
- CVE-2026-44445
- CVE-2026-4433
- CVE-2026-44184
- CVE-2026-4374
- CVE-2026-43531
- CVE-2026-42239
- CVE-2026-42212
- CVE-2026-41936
- CVE-2026-41895
- CVE-2026-41489
- CVE-2026-41384
- CVE-2026-41294
- CVE-2026-41066
- CVE-2026-41056
- CVE-2026-40882
- CVE-2026-40682
- CVE-2026-40260
- CVE-2026-40153
- CVE-2026-40035
- CVE-2026-39338
- CVE-2026-39053
- CVE-2026-38429
- CVE-2026-36765
- CVE-2026-35650
- CVE-2026-35575
- CVE-2026-3511
- CVE-2026-34839
- CVE-2026-34449
- CVE-2026-34401
- CVE-2026-34237
- CVE-2026-34227
- CVE-2026-34200
- CVE-2026-3404
- CVE-2026-33913
Data: OWASP Top 10:2025 (CC BY-SA 4.0) · CWE memberships from cwe-api.mitre.org (meta-category CWE-1437).