CAPEC by Category – Attack Pattern Types

Vendors and Products

CPE, which stands for Common Platform Enumeration, is a standardized scheme for naming hardware, software, and operating systems. CPE provides a structured naming scheme to uniquely identify and classify information technology systems, platforms, and packages based on certain attributes such as vendor, product name, version, update, edition, and language.

List of attack patterns sorted by Categories

Below is a comprehensive list of CAPEC (Common Attack Pattern Enumeration and Classification) attack patterns, grouped by category. Each category brings together similar techniques used to exploit software weaknesses (CWEs) or known vulnerabilities (CVEs) - such as injection, privilege escalation, or social engineering. This thematic classification helps clarify how attackers operate, supports exploration of the vulnerability database, maps attack surfaces, and enhances cyber threat intelligence and data protection strategies.

CAPEC notifications

Stay informed of any changes or new CAPECs.

Notifications manage


Category ID	Published Modified	Name Summary	Status

The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.

CAPEC Categories List

List of attack patterns sorted by Categories