Information Exposure Through Debug Information

Path Traversal

Plaintext Storage of a Password

Improper Preservation of Permissions

Improper Access Control - Generic

Improper Authorization

Improper Authentication - Generic

Authentication Bypass Using an Alternate Path or Channel

Man-in-the-Middle

Missing Authentication for Critical Function

Brute Force

Cleartext Storage of Sensitive Information

Key Exchange without Entity Authentication

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Insufficient Verification of Data Authenticity

Cross-Site Request Forgery (CSRF)

Privacy Violation

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Time-of-check Time-of-use (TOCTOU) Race Condition

Denial of Service