Insecure Direct Object Reference (IDOR)

Weak Password Recovery Mechanism for Forgotten Password

Improper Restriction of Names for Files and Other Resources

Security Through Obscurity

Violation of Secure Design Principles

Improper Neutralization

Incorrect Permission Assignment for Critical Resource

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

Command Injection - Generic

OS Command Injection

Cross-site Scripting (XSS) - Stored

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Business Logic Errors

Missing Authorization

Server-Side Request Forgery (SSRF)

Insecure Storage of Sensitive Information

Code Injection

Resource Injection

Issues where features are either not enabled by default, or require configuration by the user before it can be used.

Epics, Issues and MRs related to the API Vision working group