Brute Force (CWE-307)
Cleartext Transmission of Sensitive Information (CWE-319)
Client-Side Enforcement of Server-Side Security (CWE-602)
Command Injection - Generic (CWE-77)
Cross-Site Request Forgery (CSRF) (CWE-352)
Cross-site Scripting (XSS) - DOM (CWE-79)
Cross-site Scripting (XSS) - Generic (CWE-79)
Cross-site Scripting (XSS) - Reflected (CWE-79)
Cross-site Scripting (XSS) - Stored (CWE-79)
Cryptographic Issues - Generic (CWE-310)
Forced Browsing (CWE-425)
Improper Access Control - Generic (CWE-284)
Improper Authentication - Generic (CWE-287)
Improper Certificate Validation (CWE-295)
Improper Following of a Certificate's Chain of Trust (CWE-296)
Inadequate Encryption Strength (CWE-326)
Information Disclosure (CWE-200)
Information Exposure Through Debug Information (CWE-215)
Information Exposure Through Directory Listing (CWE-548)
Information Exposure Through an Error Message (CWE-209)
Insecure Direct Object Reference (IDOR) (CWE-639)
Insecure Storage of Sensitive Information (CWE-922)
Insufficient Session Expiration (CWE-613)
Insufficiently Protected Credentials (CWE-522)
Key Exchange without Entity Authentication (CWE-322)
LDAP Injection (CWE-90)
Leftover Debug Code (Backdoor) (CWE-489)
Man-in-the-Middle (CWE-300)
Missing Encryption of Sensitive Data (CWE-311)
Missing Required Cryptographic Step (CWE-325)
OS Command Injection (CWE-78)
Open Redirect (CWE-601)
Path Traversal (CWE-22)
Plaintext Storage of a Password (CWE-256)
Privacy Violation (CWE-359)
Privilege Escalation (CAPEC-233)
Resource Injection (CWE-99)
Reusing a Nonce, Key Pair in Encryption (CWE-323)
Reversible One-Way Hash (CWE-328)
SQL Injection (CWE-89)
Security Through Obscurity (CWE-656)
Session Fixation (CWE-384)
Storing Passwords in a Recoverable Format (CWE-257)
Unprotected Transport of Credentials (CWE-523)
Unverified Password Change (CWE-620)
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)
Use of Hard-coded Cryptographic Key (CWE-321)
Use of Inherently Dangerous Function (CWE-242)
Use of Insufficiently Random Values (CWE-330)
Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
Use of a Key Past its Expiration Date (CWE-324)
Violation of Secure Design Principles (CWE-657)
Weak Cryptography for Passwords (CWE-261)
Weak Password Recovery Mechanism for Forgotten Password (CWE-640)
XML Injection (CWE-91)