Server-side request forgery (SSRF) allows an attacker to make a server-side application make unintended requests to other systems. This can lead to unauthorized access to internal resources, data exfiltration, or even remote code execution in some cases.

Remote file inclusion occurs when an application includes remote content into a web page without proper validation. This can allow attackers to include malicious files from remote servers, potentially leading to remote code execution, data theft, or other malicious activities.

Using components with known vulnerabilities exposes an application to potential attacks that exploit these known weaknesses. This can occur when outdated libraries, frameworks, or other software components are used without being updated or patched, potentially leaving the application open to various types of attacks.

Improper error handling occurs when an application fails to properly handle errors. This can lead to the disclosure of sensitive information, such as stack traces, database dumps, or error messages that reveal implementation details, which attackers can use to exploit the system.

Improper input validation occurs when an application incorrectly validates or fails to validate input data. This can lead to various security issues, including injection attacks, buffer overflows, or other unexpected application behaviors that can be exploited by attackers.

Cross-origin resource sharing (CORS) misconfiguration occurs when an application fails to properly implement or enforce the Same-Origin Policy. This can allow attackers to access sensitive data from other origins, potentially leading to unauthorized data access or other security breaches.

Directory traversal allows an attacker to access files and directories stored outside the web root folder. This can lead to unauthorized access to sensitive system files, configuration files, or other protected resources not intended to be publicly accessible.

Cross-site request forgery (CSRF) allows an attacker to trick a user into performing an unintended action on a trusted website. This can lead to unauthorized actions being performed on behalf of the authenticated user, potentially compromising the integrity of the user’s data or the application itself.

Improper certificate validation occurs when an application fails to properly validate SSL/TLS certificates. This can allow attackers to perform man-in-the-middle attacks, potentially intercepting or modifying sensitive data in transit.

Broken authentication occurs when an application fails to properly implement authentication mechanisms. This can allow attackers to compromise passwords, keys, or session tokens, or exploit other implementation flaws to assume users’ identities temporarily or permanently.

Sensitive data exposure occurs when sensitive data is transmitted or stored without proper encryption. This can lead to unauthorized access to confidential information, potentially resulting in data breaches, identity theft, or other forms of data misuse.

Insecure deserialization allows an attacker to manipulate serialized objects to perform malicious actions. This can lead to remote code execution, denial of service attacks, or authentication bypasses, depending on how the deserialized data is used within the application.

Weak cryptography occurs when an application uses weak or outdated cryptographic algorithms. This can lead to the compromise of encrypted data, as these algorithms may be susceptible to known attacks or brute-force methods.

XML external entity (XXE) injection occurs when an application processes XML input without properly validating against malicious content. This can lead to disclosure of confidential data, denial of service, server-side request forgery, or other system impacts.

Insecure direct object reference occurs when an application allows users to access or manipulate objects directly by reference. This can lead to unauthorized access to data or functionality if proper access controls are not in place.

SQL injection allows an attacker to execute arbitrary SQL commands on a database through application input. This can lead to unauthorized data access, modification, or deletion of database contents.

Unrestricted file upload vulnerability occurs when an application fails to properly validate file uploads. This can allow attackers to upload malicious files, potentially leading to remote code execution, defacement of websites, or other malicious activities on the server.

Session fixation occurs when an application uses weak or easily guessable session identifiers. This vulnerability can allow an attacker to hijack a user’s session, potentially gaining unauthorized access to the user’s account and sensitive information.

Security misconfiguration occurs when an application fails to properly implement security controls. This can include issues such as default credentials, unnecessary features enabled, incorrect permissions, or outdated software, leaving the application vulnerable to various types of attacks.

Time-of-check to time-of-use (TOCTOU) race condition occurs when an application fails to properly implement TOCTOU protections. This can allow attackers to exploit the time gap between checking a condition and using the results of that check, potentially leading to unauthorized access or other security issues.

Broken access control occurs when an application fails to properly restrict access to resources based on the user’s role or privileges. This can lead to unauthorized access to sensitive data or functionality, potentially allowing users to perform actions or access information beyond their intended permissions.

Command injection occurs when an application allows user-supplied input to be executed as part of a command or query. This can lead to unauthorized access to the system, data theft, or even complete system compromise if the commands are executed with elevated privileges.

Insufficient entropy occurs when an application uses weak or predictable pseudo-random number generators for security-critical operations. This can lead to vulnerabilities in cryptographic functions, session management, or other security features that rely on randomness.

A buffer overflow occurs when a program writes data beyond the bounds of allocated memory. This can lead to crashes, data corruption, or even arbitrary code execution if exploited by an attacker.

Insecure mobile interface occurs when an application fails to properly implement security controls for mobile devices. This can lead to various security issues such as data leakage, unauthorized access, or exploitation of device-specific vulnerabilities.