Injection flaws, such as SQL, NoSQL, OS, or LDAP injection, occur when untrusted data is inserted into a command or query, allowing an attacker to execute unauthorized commands.
This vulnerability involves flaws in authentication mechanisms, session management, and credentials handling, which can allow attackers to compromise user accounts, bypass authentication, or hijack sessions.
XSS vulnerabilities occur when untrusted data is included in a web page without proper validation, allowing attackers to execute malicious scripts in the victim's browser.
Insecure direct object references occur when an application exposes internal object references, such as database keys or filenames, to users without proper authorization checks, allowing attackers to access unauthorized data.
Security misconfigurations arise when security settings, server configurations, or application configurations are not properly implemented, leading to potential vulnerabilities.
This vulnerability refers to the inadequate protection of sensitive data, such as passwords, credit card information, or personal data, which can be stolen or accessed by unauthorized individuals.
Missing function level access control occurs when an application fails to enforce appropriate access controls, allowing attackers to perform unauthorized actions or access restricted functionality.
CSRF vulnerabilities allow attackers to trick authenticated users into unknowingly executing unwanted actions on a web application in which they are authenticated.
This vulnerability arises when web applications incorporate components (e.g., libraries, frameworks, or modules) with known security vulnerabilities, making the application susceptible to attacks.
Unvalidated redirects and forwards occur when an application forwards or redirects users to another page without proper validation, potentially leading to phishing attacks or other malicious activities.