XML External Entity Injection (XXE)
Token Leakage via Referer
Missing DKIM/DMARC
Sensitive Client Information Disclosed
Open Redirect
Access/Privacy Control Violation
EXIF Geolocation Data Not Stripped From Uploaded Images
Unsecure Design
Business Logic Errors
Insecure Direct Object Reference (IDOR)