| Use of Incorrectly-Resolved Name or Reference | |
| Cross-site Scripting (XSS) | |
| Missing Authorization | |
| Improper Neutralization | |
| Authorization Bypass Through User-Controlled Key | |
| Authorization Bypass Through User-Controlled Key | |
| Incorrect Authorization | |
| Server-Side Request Forgery (SSRF) | |
| Cross-site Scripting (XSS) | |
| Allocation of Resources Without Limits or Throttling | |
| Allocation of Resources Without Limits or Throttling | |
| Incorrect Authorization | |
| Use of Incorrectly-Resolved Name or Reference | |
| Allocation of Resources Without Limits or Throttling | |
| Missing Authorization | |
| Improper Encoding or Escaping of Output | |
| Double Free | |
| CVE-2026-42501 | |
| Link Following | |
| NULL Pointer Dereference | |
| Allocation of Resources Without Limits or Throttling | |
| Cross-site Scripting (XSS) | |
| CVE-2026-42499 | |
| Loop with Unreachable Exit Condition ('Infinite Loop') | |
| CVE-2026-39825 | |
| Out-of-bounds Write | |