Excessive trust in client-side controls

High-level logic vulnerability

Inconsistent security controls

Flawed enforcement of business rules

Low-level logic flaw

Inconsistent handling of exceptional input

Weak isolation on dual-use endpoint

Insufficient workflow validation

Authentication bypass via flawed state machine