•Overflow: Buffer overflow vulnerabilities occur when an application writes more data to a buffer than it can hold, leading to memory corruption and potentially allowing attackers to execute arbitrary code.
•Memory Corruption: These vulnerabilities occur when a program unintentionally modifies memory, potentially leading to unpredictable behavior, crashes, or code execution, compromising the system’s stability and security.
•SQL Injection: This type of vulnerability allows attackers to inject malicious SQL queries into a database, enabling them to access, modify, or delete data without proper authorization.
•Cross-Site Scripting (XSS): XSS vulnerabilities allow attackers to inject malicious scripts into web pages, which are then executed in the browsers of users, potentially leading to session hijacking, data theft, or defacement of the website.
•Directory Traversal: This vulnerability enables attackers to access files and directories outside of the web root folder, potentially exposing sensitive information stored on the server.
•File Inclusion: File inclusion vulnerabilities allow attackers to include files on a server through the web browser. This can lead to code execution, data theft, or the manipulation of critical server-side files.
•Cross-Site Request Forgery (CSRF): CSRF attacks trick users into performing unwanted actions on a web application where they are authenticated, potentially leading to unauthorized transactions or changes.
•XML External Entity (XXE): XXE vulnerabilities exploit weaknesses in XML parsers to execute arbitrary code, exfiltrate data, or conduct denial-of-service attacks by including external entities in XML documents.
•Server-Side Request Forgery (SSRF): SSRF vulnerabilities allow attackers to send crafted requests from the server to internal systems, potentially leading to unauthorized access to internal services or network exploitation.
•Open Redirect: This vulnerability occurs when a web application improperly redirects users to an untrusted site, potentially leading to phishing attacks or malware distribution.
•Input Validation: Flaws in input validation occur when user inputs are not properly sanitized or validated, allowing attackers to inject malicious data that can lead to a wide range of attacks, including SQL Injection, XSS, and command injection.