| Improper Output Neutralization for Logs | |
| Improper Authorization | |
| Incorrect Privilege Assignment | |
| Improperly Implemented Security Check for Standard | |
| Improper Verification of Cryptographic Signature | |
| Missing XML Validation | |
| Incorrect Privilege Assignment | |
| Time-of-check Time-of-use (TOCTOU) | |
| Business Logic Errors | |
| Improper Access Control | |
| HTTP Request Smuggling | |
| Allocation of Resources Without Limits or Throttling | |
| Improper Input Validation | |
| CRLF Injection | |
| Improper Access Control | |
| Cross-site Scripting (XSS) | |
| Deserialization of Untrusted Data | |
| Binding to an Unrestricted IP Address | |
| Uncontrolled Search Path Element | |
| Session Fixation | |
| Files or Directories Accessible to External Parties | |
| Improper Input Validation | |
| Cross-site Scripting (XSS) | |
| Insufficient Session Expiration | |
| Insufficient Session Expiration | |
| Cross-site Scripting (XSS) | |
| Improper Authentication | |
| Origin Validation Error | |
| Uncontrolled Recursion | |
| Information Exposure Through Environmental Variables | |
| HTTP Request Smuggling | |
| Improper Handling of Highly Compressed Data (Data Amplification) | |
| Improper Privilege Management | |
| Allocation of Resources Without Limits or Throttling | |
| Exposure of Resource to Wrong Sphere | |
| Improper Neutralization | |
| CRLF Injection | |
