CSRF
IDOR
XSS
CSP: Content security policy
Template injections
BAC
XXE
SSRF
Command injection
SQLi
Business logic flaws
Insecure deserialization
JWT
Open redirects
Captcha bypasses
LFI/RFI
Parameter pollution
Password reset vulnerabilities