SQL Injection
Cross Site Scripting
ClickJacking
Access control vulnerabilities
Path traversal
XML external entity (XXE) injection
JWT
Server-side request forgery (SSRF)
OS command injection
Authentication
HTTP request smuggling
Server-side template injection
DOM-based vulnerabilities
WebSockets
Prototype pollution
GraphQL
Web cache poisoning
CORS