| Incorrect Default Permissions | |
| Improper Handling of Case Sensitivity | |
| Integer Overflow or Wraparound | |
| Improper Handling of Unicode Encoding | |
| DNS Rebinding | |
| Exposure of Private Personal Information to an Unauthorized Actor | |
| Improper Certificate Validation | |
| Allocation of Resources Without Limits or Throttling | |
| Access Control Bypass | |
| Time-of-check Time-of-use (TOCTOU) Race Condition | |
| Missing Authorization | |
| Missing Authorization | |
| Inefficient Algorithmic Complexity | |
| Missing Release of Memory after Effective Lifetime | |
| Observable Timing Discrepancy | |
| Uncaught Exception | |
| Uncaught Exception | |
| Uncaught Exception | |
| Incorrect Authorization | |
| Reliance on Undefined, Unspecified, or Implementation-Defined Behavior | |
| Uncaught Exception | |
| UNIX Symbolic Link (Symlink) Following | |
| Race Condition | |
| HTTP Request Smuggling | |
| Directory Traversal | |
| Allocation of Resources Without Limits or Throttling | |
| Uncaught Exception | |
| Improper Handling of Values | |
| Authorization Bypass | |
| Authorization Bypass | |
| Access Restriction Bypass | |
| Improper Control of Generation of Code ('Code Injection') | |
| Improper Control of Generation of Code ('Code Injection') | |
| Uncontrolled Resource Consumption ('Resource Exhaustion') | |
| Denial of Service (DoS) | |
