| Exposure of Sensitive System Information to an Unauthorized Control Sphere | |
| Improper Privilege Management | |
| Origin Validation Error | |
| Improper Validation of Certificate with Host Mismatch | |
| Improper Authentication | |
| Allocation of Resources Without Limits or Throttling | [23.0.0,26.0.11)[26.1.0,26.1.5) |
| Incorrect User Management | |
| Exposure of Sensitive Information Through Environmental Variables | |
| Denial of Service (DoS) | |
| External Control of File Name or Path | |
| Regular Expression Denial of Service (ReDoS) | |
| HTTP Request Smuggling | |
| Open Redirect | [,22.0.13)[24.0.0,24.0.8)[25.0.0,25.0.6) |
| URL Redirection to Untrusted Site ('Open Redirect') | [,22.0.13)[23.0.0,24.0.8)[25.0.0,25.0.6) |
| Open Redirect | |
| Improper Enforcement of a Single, Unique Action | |
| Improper Authentication | [,22.0.10)[23.0.0,24.0.3) |
| Missing Standardized Error Handling Mechanism | |
| Overly Restrictive Account Lockout Mechanism | |
| Always-Incorrect Control Flow Implementation | |
| Improper Privilege Management | |
| Insecure Storage of Sensitive Information | |
| Cleartext Storage of Sensitive Information in a Cookie | |
| Path Traversal | |
| Improper Input Validation | |
| Origin Validation Error | |
| Authentication Bypass | |
| Open Redirect | |
| Cross-site Scripting (XSS) | |
| Authorization Bypass Through User-Controlled Key | |
| Missing Critical Step in Authentication | [,22.0.10)[23.0.0,24.0.3) |
| Information Exposure | |
| Improper Authorization | |
| Open Redirect | |
| Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) | |
| Open Redirect | |
| LDAP Injection | |
| Credential Exposure | |
| Access Restriction Bypass | |
| Cross-site Scripting (XSS) | [3.4.3.Final,4.6.0.Final) |
| Improper Certificate Validation | |
| Cross-site Scripting (XSS) | |
| Authentication Bypass by Spoofing | |
| Insufficient Verification of Data Authenticity | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Directory Traversal | |
| Exposure of Data Element to Wrong Session | |
| Access Restriction Bypass | |
| Information Exposure | |
| Improper Authentication | |
| Incorrect Authorization | |
| Directory Traversal | |
| Improper Authentication | |
| Improper Authentication | |
| Insecure Permissions | |
| Insecure Temporary File | |
| Improper Access Control | |
| Information Exposure | |
| User Impersonation | |
| Improper Input Validation | |
| Cross-site Scripting (XSS) | |
| Server-Side Request Forgery (SSRF) | |
| Directory Traversal | |
| Improper Input Validation | |
| Improper Certificate Validation | |
| Information Disclosure | |
| Code Injection | |
| Information Exposure | |
| Use of Hard-coded Constants | |
| Information Exposure | |
| Cross-site Request Forgery (CSRF) | |
| Access Control Bypass | |
| Man-in-the-Middle (MitM) | |
| Replay attack | |
| Open Redirect | |
| Access Restriction Bypass | |
| Cross-site Request Forgery (CSRF) | |
| Cross-site Request Forgery (CSRF) | |
| Privilege Escalation | |
| Cross-site Request Forgery (CSRF) | |
| Open Redirect | [1.0.1.Final,1.0.3.Final) |
| Cross-site Scripting (XSS) | [1.0.1.Final,1.0.3.Final) |
| Denial of Service (DoS) | |
