Common Vulnerabilities

A reference guide to common security vulnerabilities and their mitigations.

SQL Injection (SQLi)

Injection of malicious SQL queries to manipulate backend databases.

Critical

Cross-Site Scripting (XSS)

Injecting malicious scripts into web pages viewed by other users.

High

CSRF

Forcing an end user to execute unwanted actions on a web application.

High

Remote Code Execution (RCE)

Attacker can execute arbitrary code on the target server.

Critical

IDOR

Insecure Direct Object References allowing access to unauthorized data.

High

SSRF

Server-Side Request Forgery abusing server functionality to access internal resources.

High

LFI

Local File Inclusion allowing attackers to read internal files.

High

XXE

XML External Entity attack abusing XML parsers.

High

Broken Auth

Weaknesses in session management or credential handling.

Critical