IDORSSRFAUTH BYPASSJWT FORGERYRACE CONDITIONXXEBROKEN OBJECT-LEVEL AUTHPRIVILEGE ESCALATIONMASS ASSIGNMENTGRAPHQL INTROSPECTION ABUSEIDORSSRFAUTH BYPASSJWT FORGERYRACE CONDITIONXXEBROKEN OBJECT-LEVEL AUTHPRIVILEGE ESCALATIONMASS ASSIGNMENTGRAPHQL INTROSPECTION ABUSE
Impactr Logoimpactr
FeaturesHow it worksEvidencePricingLearnCompare
  1. Home
  2. Glossary
  3. CWE

Frameworks & standards

CWE

Common Weakness Enumeration

Common Weakness Enumeration (CWE) is a community-developed, categorized list of software and hardware weakness types - such as CWE-89 (SQL Injection) or CWE-918 (SSRF). Where a CVE names a specific vulnerability, a CWE names the class of weakness behind it, making CWE the backbone of vulnerability taxonomy.

Key points

  • Taxonomy of weakness types, not specific instances.
  • Referenced throughout this knowledge graph.
  • Maps to CVEs (instances) and CAPEC (attack patterns).

Related

CVECAPECOWASP

References

  • CWE (MITRE)

Impactr is an autonomous AI penetration testing platform - it investigates, chains, and proves web and API vulnerabilities with reproducible evidence.

Join the waitlist
← All terms
Impactr Logoimpactr

Built by hackers, for the code you ship. Autonomous AI penetration testing for modern web apps and APIs.

© 2026 Impactr

Product

FeaturesCoverageUse casesEvidencePricingWaitlist

Resources

VulnerabilitiesGuidesComparisonsGlossaryCWE databaseBy industryBy languageHTTP status codesSecurity headers

Company

ContactTwitterLinkedInGitHub