[1] CWE-79: Failure to Preserve Web Page Structure ('Cross-site Scripting')
[2] CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')
[3] CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
[4] CWE-352: Cross-Site Request Forgery (CSRF)
[5] CWE-285: Improper Access Control (Authorization)
[6] CWE-807: Reliance on Untrusted Inputs in a Security Decision
[7] CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
[8] CWE-434: Unrestricted Upload of File with Dangerous Type
[9] CWE-78: Failure to Preserve OS Command Structure (aka 'OS Command Injection')
[10] CWE-311: Missing Encryption of Sensitive Data
[11] CWE-798: Use of Hard-coded Credentials
[12] CWE-805: Buffer Access with Incorrect Length Value
[13] CWE-754: Improper Check for Unusual or Exceptional Conditions
[14] CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
[15] CWE-129: Improper Validation of Array Index
[16] CWE-190: Integer Overflow or Wraparound
[17] CWE-209: Information Exposure Through an Error Message
[18] CWE-131: Incorrect Calculation of Buffer Size
[19] CWE-306: Missing Authentication for Critical Function
[20] CWE-494: Download of Code Without Integrity Check
[21] CWE-770: Allocation of Resources Without Limits or Throttling
[22] CWE-732: Incorrect Permission Assignment for Critical Resource
[23] CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
[24] CWE-327: Use of a Broken or Risky Cryptographic Algorithm
[25] CWE-362: Race Condition