| Improper Validation of Unsafe Equivalence in Input | |
| Reliance on Untrusted Inputs in a Security Decision | |
| Allocation of Resources Without Limits or Throttling | |
| Link Following | |
| OS Command Injection | |
| Cross-site Scripting (XSS) | |
| Excessive Platform Resource Consumption within a Loop | |
| Cross-site Scripting (XSS) | |
| Improper Validation of Unsafe Equivalence in Input | |
| Cross-site Scripting (XSS) | |
| Improper Restriction of Rendered UI Layers or Frames | |
| NULL Pointer Dereference | |
| Improper Validation of Specified Type of Input | |
| Integer Overflow or Wraparound | |
| Improper Enforcement of Message Integrity During Transmission in a Communication Channel | |
| Improper Preservation of Permissions | |
| Incorrect Type Conversion or Cast | |
| Improper Preservation of Permissions | |
| Improper Certificate Validation | |
| Missing Authorization | |
| Incorrect Implementation of Authentication Algorithm | |
| Improperly Implemented Security Check for Standard | |
| Missing Release of Resource after Effective Lifetime | |
| Improper Validation of Specified Quantity in Input | |
| CVE-2026-33811 | |
| Improper Validation of Unsafe Equivalence in Input | |
| Creation of Immutable Text Using String Concatenation | |
| Unchecked Input for Loop Condition | |
| Cross-site Scripting (XSS) | |
| Unchecked Input for Loop Condition | |
| External Control of Assumed-Immutable Web Parameter | |
| Uncontrolled Memory Allocation | |
| Expected Behavior Violation | |
| Allocation of Resources Without Limits or Throttling | |
| Allocation of Resources Without Limits or Throttling | |
| Excessive Platform Resource Consumption within a Loop | |
| Multiple Locks of a Critical Resource | |
| Time-of-check Time-of-use (TOCTOU) | |
| Incorrect Calculation of Buffer Size | |
| Compiler Optimization Removal or Modification of Security-critical Code | |
| Cross-site Scripting (XSS) | |
| Directory Traversal | |
| Incorrect Behavior Order: Authorization Before Parsing and Canonicalization | |
| Improper Validation of Syntactic Correctness of Input | |
| Cross-site Scripting (XSS) | |
| Missing Required Cryptographic Step | |
| Allocation of Resources Without Limits or Throttling | |
| Allocation of Resources Without Limits or Throttling | |
| CVE-2025-68121 | |
| Improper Certificate Validation | |
| Excessive Platform Resource Consumption within a Loop | |
| Incorrect Execution-Assigned Permissions | |
| Missing Reference to Active Allocated Resource | |
| Allocation of Resources Without Limits or Throttling | |
| Allocation of Resources Without Limits or Throttling | |
| Reachable Assertion | |
| Improper Output Neutralization for Logs | |
| CVE-2025-58186 | |
| Allocation of Resources Without Limits or Throttling | |
| Allocation of Resources Without Limits or Throttling | |
| Creation of Immutable Text Using String Concatenation | |
| Allocation of Resources Without Limits or Throttling | |
| Improper Validation of Syntactic Correctness of Input | |
| CVE-2025-4673 | |
| Improper Certificate Validation | |
| HTTP Request Smuggling | |
| Allocation of Resources Without Limits or Throttling | |
| Integer Overflow or Wraparound | |
| Improper Authorization | |
| Misinterpretation of Input | |
| Loop with Unreachable Exit Condition ('Infinite Loop') | |
| Resource Exhaustion | |
| Allocation of Resources Without Limits or Throttling | |
| Resource Exhaustion | |
| Resource Exhaustion | |
| Placement of User into Incorrect Group | |
| HTTP Response Splitting | |
| Resource Exhaustion | |
| Exposure of Resource to Wrong Sphere | |
| Placement of User into Incorrect Group | |
| Memory Leak | |
| Resource Exhaustion | |
| CVE-2022-36109 | |
| Resource Exhaustion | |
| Files or Directories Accessible to External Parties | |
| Incorrect Default Permissions | |