SQL injection (all variations) - Cross-site scripting (reflected, stored, DOM-based) - Cross-site request forgery (CSRF) - Server-side request forgery (SSRF) - Authentication vulnerabilities - Access control vulnerabilities - Directory traversal - OS command injection - Business logic vulnerabilitie