| WAS.112614 | Server-Side Template Injection | Web Application | Injection | OWASP |
| WAS.113310 | Blind XPath Injection (differential analysis) | Web Application | Injection | OWASP |
| WAS.98122 | Code Injection (Timing Attack) | Web Application | Injection | OWASP |
| WAS.113162 | MySQLjs SQL Injection Authentication Bypass | Web Application | Injection | OWASP |
| WAS.113634 | Server-Side Inclusion Injection | Web Application | Injection | OWASP |
| WAS.98117 | Blind SQL Injection (differential analysis) | Web Application | Injection | OWASP |
| WAS.98118 | Blind SQL Injection (timing attack) | Web Application | Injection | OWASP |
| WAS.98127 | LDAP Injection Authentication Bypass | Web Application | Injection | OWASP |
| WAS.113337 | NoSQL Injection Authentication Bypass | Web Application | Injection | OWASP |
| WAS.98113 | XML External Entity | Web Application | Injection | OWASP |
| WAS.98119 | Blind NoSQL Injection (differential analysis) | Web Application | Injection | OWASP |
| WAS.98121 | Code Injection (Php://input Wrapper) | Web Application | Injection | OWASP |
| WAS.98124 | Operating System Command Injection (Timing Attack) | Web Application | Injection | OWASP |
| WAS.113069 | SQL Injection Authentication Bypass | Web Application | Injection | OWASP |
| WAS.113309 | XPath Injection Authentication Bypass | Web Application | Injection | OWASP |
| WAS.98114 | XPath Injection | Web Application | Injection | OWASP |
| WAS.98123 | Operating System Command Injection | Web Application | Injection | OWASP |
| WAS.113317 | Expression Language Injection | Web Application | Injection | OWASP |
| WAS.98115 | SQL Injection | Web Application | Injection | OWASP |
| WAS.98116 | NoSQL Injection | Web Application | Injection | OWASP |
| WAS.98120 | Code Injection | Web Application | Injection | OWASP |
| T1190_WAS | Exploit Public-Facing Application | Web Application | Initial Access | MITRE ATT&CK |
| WAS.113331 | LDAP Injection Authentication Bypass | Web Application | Injection | OWASP |
