Local File InclusionLocal file inclusion is a vulnerability where publicly inaccessible files on a server are leaked
CSRFCross Site Request Forgery is a common client side vulnerability that appears in a good number of CTF challenges.
DeserializationThe decoding and transformation of user supplied data into language objects can result in remote code execution.
Markdown XSSParsing and rendering Markdown into HTML can cause XSS vulnerabilities if the output is not sanitized.
Prototype pollutionPrototype pollution is a vulnerability where an attacker is able to inject properties into the top level JavaScript prototype.
SSTIFlask is a popular python based framework. However, flask developers may make some mistakes that result in vulnerabilities.
SQL InjectionSQL Injection is a vulnerability where a user can inject SQL commands into a database and execute them