account-takeover2

api-gateway-abuse1

api-versioning2

authentication-bypass3

broken-access-control28

broken-authentication11

brute-force4

business-logic-flaw14

csrf2

directory-enumeration1

file-inclusion2

graphql2

http-verb-tampering3

idor26

information-disclosure1

insecure-design3

insufficient-validation4

introduction1

introspection2

jwt4

jwt-forgery1

jwt-manipulation2

lfi1

mass-assignment4

mfa-brute-force1

missing-authentication1

missing-function-level-access-control1

none-algorithm3

oob2

otp-bypass1

parameter-tampering3

path-traversal3

privilege-escalation2

prototype-pollution1

python1

race-condition5

rate-limit-bypass1

session-hijacking3

sql-injection2

sql-injection-second-order1

sqli11

sqlite2

ssrf3

ssti1

toctou5

type-confusion3

waf-by-pass1

waf-bypass1

web-sockets2

xss5

xxe5