A01 - Broken Access Control 14 categories , 38 posts

• Access Control Bypass 1 post
• Authentication Bypass 2 posts
• Authorization Bypass 2 posts
• BOLA 1 post
• Broken Access Control 1 post
• GraphQL Authorization 1 post
• IDOR 13 posts
• Information Disclosure 8 posts
• Local File Inclusion 9 posts
• Mass Assignment 2 posts
• Missing Authorization 3 posts
• Path Traversal 1 post
• Privilege Escalation 7 posts
• SSRF 2 posts

A02 - Security Misconfiguration 6 categories , 26 posts

• GraphQL Information Disclosure 1 post
• Information Disclosure 8 posts
• Local File Inclusion 9 posts
• Source Code Disclosure 1 post
• Unrestricted File Upload 8 posts
• XXE 2 posts

A04 - Cryptographic Failures 1 category , 1 post

• Sensitive Information Disclosure 1 post

A05 - Injection 10 categories , 33 posts

• Command Injection 3 posts
• Cross-Site Scripting (XSS) 5 posts
• LDAP Injection 1 post
• NoSQL Injection 4 posts
• OS Command Injection 3 posts
• SQL Injection 10 posts
• SSTI 4 posts
• Stored Cross-Site Scripting 1 post
• URI injection 1 post
• XML External Entity 1 post

A06 - Insecure Design 2 categories , 3 posts

• Business Logic Abuse 2 posts
• Race Condition 1 post

A07 - Authentication Failures 8 categories , 12 posts

• Authentication Bypass 2 posts
• Broken Authentication 1 post
• JWT 4 posts
• OTP Authentication 1 post
• Password Brute Force 1 post
• Weak Authentication 1 post
• Weak Credentials 2 posts
• Weak Session Management 1 post

Penetration Testing 10 categories , 15 posts

• CVE-2017-0144 (EternalBlue RCE) 1 post
• CVE-2017-11610 (Supervisor XML-RPC RCE) 1 post
• CVE-2018-16763 (Fuel CMS RCE) 1 post
• CVE-2019-16278 (Nostromo RCE) 1 post
• CVE-2019-9053 (CMS Made Simple SQL Injection) 1 post
• CVE-2021-22204 (Arbitrary Code Execution via Exiftool) 1 post
• CVE-2025-29927 (Next.js Middleware Authorization Bypass) 1 post
• Linux Privilege Escalation 2 posts
• Linux priviledge escalation 2 posts
• Web Application Exploitation 4 posts