Injection

Broken Authentication and Session Management

Sensitive Data Exposure

Cross-Site Scripting (XSS)

Unvalidated Redirects and Forwards

Insecure Deserialization

Security Misconfiguration

Missing Function Level Access Control

Unprotected APIs

Insufficient Logging and Monitoring