Brute Force (CWE-307)
Forced Browsing (CWE-425)
Improper Access Control - Generic (CWE-284)
Improper Authentication - Generic (CWE-287)
Information Disclosure (CWE-200)
Information Exposure Through Debug Information (CWE-215)
Information Exposure Through Directory Listing (CWE-548)
Information Exposure Through an Error Message (CWE-209)
Insecure Direct Object Reference (IDOR) (CWE-639)
Insufficient Session Expiration (CWE-613)
Key Exchange without Entity Authentication (CWE-322)
Path Traversal (CWE-22)
Privacy Violation (CWE-359)
Privilege Escalation (CAPEC-233)