Server-side Request Forgery (SSRF) | |
Missing Input Length Validation | |
Allocation of Resources Without Limits or Throttling | |
Weak Password Requirements | |
Cross-site Request Forgery (CSRF) | |
Relative Path Traversal | |
Time-of-check Time-of-use (TOCTOU) Race Condition | |
Arbitrary Code Injection | |
Undefined Behavior | |
Improper Access Control | |
Remote Code Execution (RCE) | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Improper Control of Generation of Code ('Code Injection') | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Deserialization of Untrusted Data | |
Path Traversal | |
Improper Access Control | |
Path Traversal | |
Path Traversal | |
Path Traversal | |
Path Traversal | |
Path Traversal | |
Path Traversal | |
Cross-site Scripting (XSS) | |
Arbitrary Code Injection | |
Improper Access Control | |
Directory Traversal | |
Arbitrary File Read | |
Server-Side Request Forgery (SSRF) | |
Command Injection | |
Directory Traversal | |
Directory Traversal | |
Path Traversal | |
Improper Neutralization of Special Elements Used in a Template Engine | |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |
Information Exposure | |
OS Command Injection | |
Use of GET Request Method With Sensitive Query Strings | |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | |
Command Injection | |
Directory Traversal | |
Directory Traversal | |
Arbitrary File Read | |
Directory Traversal | |
Relative Path Traversal | |
Access Restriction Bypass | |
Relative Path Traversal | |
Access Restriction Bypass | |
Improper Access Control | |
Insecure Temporary File | |