Authentication Bypass Using an Alternate Path or Channel

Man-in-the-Middle

Missing Authentication for Critical Function

Brute Force

Cleartext Storage of Sensitive Information

Key Exchange without Entity Authentication

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Insufficient Verification of Data Authenticity

Cross-Site Request Forgery (CSRF)

Privacy Violation

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Time-of-check Time-of-use (TOCTOU) Race Condition

Denial of Service

Improper Handling of Highly Compressed Data (Data Amplification)

Unrestricted Upload of File with Dangerous Type

Download of Code Without Integrity Check

Deserialization of Untrusted Data

File and Directory Information Exposure

Open Redirect

Unverified Password Change