| Information Exposure Through Caching | |
| Resource Exhaustion | |
| XML External Entity (XXE) Injection | |
| Improper Cross-boundary Removal of Sensitive Data | |
| Cross-site Scripting (XSS) | |
| Exposure of Private Information ('Privacy Violation') | |
| Incorrect Behavior Order: Early Validation | |
| Reliance on Cookies without Validation and Integrity Checking | |
| Allocation of Resources Without Limits or Throttling | |
| Improper Use of Validation Framework | |
| Buffer Overflow | |
| Improper Use of Validation Framework | |
| Improper Handling of Case Sensitivity | |
| Information Exposure | |
| Open Redirect | |
| Information Exposure Through Log Files | |
| Incorrect Permission Assignment for Critical Resource | |
| Loop with Unreachable Exit Condition ('Infinite Loop') | |
| Missing Release of Resource after Effective Lifetime | |
| Improper Check for Dropped Privileges | |
| Improper Handling of Length Parameter Inconsistency | |
| Out-of-Bounds | |
| Uncontrolled Recursion | |
| Deadlock | |
| Reliance on Untrusted Inputs in a Security Decision | |
| Resource Exhaustion | |
| Deserialization of Untrusted Data | |
| Resource Exhaustion | |
| Improper Input Validation | |
