| Incorrect Type Conversion or Cast | |
| Improper Validation of Specified Type of Input | |
| Improper Certificate Validation | |
| Missing Authorization | |
| Missing Release of Resource after Effective Lifetime | |
| Missing Authorization | |
| Improper Preservation of Permissions | |
| Incorrect Implementation of Authentication Algorithm | |
| Integer Overflow or Wraparound | |
| Improper Certificate Validation | |
| Allocation of Resources Without Limits or Throttling | |
| Improper Validation of Specified Quantity in Input | |
| Deserialization of Untrusted Data | |
| Improper Enforcement of Message Integrity During Transmission in a Communication Channel | |
| Loop with Unreachable Exit Condition ('Infinite Loop') | |
| Cross-site Scripting (XSS) | |
| CVE-2026-33811 | |
| Allocation of Resources Without Limits or Throttling | |
| CVE-2026-42499 | |
| Missing Authentication for Critical Function | |
| OS Command Injection | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Directory Traversal | |
| Time-of-check Time-of-use (TOCTOU) | |
| Excessive Platform Resource Consumption within a Loop | |
| Missing Required Cryptographic Step | |
| Improper Validation of Specified Index, Position, or Offset in Input | |
| Incorrect Behavior Order: Authorization Before Parsing and Canonicalization | |
