account-takeover1

api-gateway-abuse1

api-versioning2

authentication-bypass2

broken-access-control18

broken-authentication8

brute-force2

business-logic-flaw10

csrf1

directory-enumeration1

file-inclusion1

graphql1

http-verb-tampering2

idor18

information-disclosure1

insecure-design3

insufficient-validation2

introduction1

introspection1

jwt3

jwt-forgery1

jwt-manipulation2

lfi1

mass-assignment3

mfa-brute-force1

missing-authentication1

missing-function-level-access-control1

none-algorithm2

oob1

parameter-tampering3

path-traversal2

privilege-escalation2

prototype-pollution1

race-condition3

rate-limit-bypass1

session-hijacking3

sql-injection2

sql-injection-second-order1

sqli7

sqlite2

ssrf2

ssti1

toctou3

type-confusion2

waf-by-pass1

web-sockets1

xss3

xxe3