Assetlinks Exposure
GH Actions Secrets
Permissive CORS Misconfiguration
CAPTCHA Bypass
GraphQL Info Leak
Session Fixation
WP User Enum