Web

SQL injection (SQLi)Cross site scripting (XSS)File inclusions (LFI, RFI)Directory traversalCross site request forgery (CSRF)XML external entity (XXE)Cross origin resource sharing (CORS)Server-side request forgery (SSRF)Server-side template injection (SSTI)Access control vulnerabilitiesAuthentication vulnerabilitiesJWT attacksFile uploadsHost header attacksClickjackingLogic flawsOS command injectionHTTP Request smugglingInsecure deserializationDOM-basedWebSocketsWeb cache poisoning
PreviousPasswords & credentialsNextSQL injection (SQLi)