Improper Handling of Highly Compressed Data (Data Amplification)

Unrestricted Upload of File with Dangerous Type

Download of Code Without Integrity Check

Deserialization of Untrusted Data

File and Directory Information Exposure

Open Redirect

Unverified Password Change

Insecure Direct Object Reference (IDOR)

Weak Password Recovery Mechanism for Forgotten Password

Improper Restriction of Names for Files and Other Resources

Security Through Obscurity

Violation of Secure Design Principles

Improper Neutralization

Incorrect Permission Assignment for Critical Resource

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

Command Injection - Generic

OS Command Injection

Cross-site Scripting (XSS) - Stored

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Business Logic Errors