diff --git a/1_injection_and_broken_auth.py b/1_injection_and_broken_auth.py
new file mode 100644
index 00000000..5d39c061
--- /dev/null
+++ b/1_injection_and_broken_auth.py
@@ -0,0 +1,22 @@
+# Vulnerability 1: SQL Injection
+import sqlite3
+
+def get_user_data(username):
+    conn = sqlite3.connect('example.db')
+    cursor = conn.cursor()
+    query = f"SELECT * FROM users WHERE username = '{username}'"
+    cursor.execute(query)
+    return cursor.fetchall()
+
+# Vulnerability 2: Broken Authentication
+users = {"admin": "password123"}
+
+def login(username, password):
+    if username in users and users[username] == password:
+        return "Login successful!"
+    else:
+        return "Login failed!"
+
+# Example usage
+print(get_user_data("admin' OR '1'='1"))
+print(login("admin", "password123"))
\ No newline at end of file
diff --git a/2_sensitive_data_exposure_and_xxe.py b/2_sensitive_data_exposure_and_xxe.py
new file mode 100644
index 00000000..d32a5bbf
--- /dev/null
+++ b/2_sensitive_data_exposure_and_xxe.py
@@ -0,0 +1,24 @@
+# Vulnerability 3: Sensitive Data Exposure
+import json
+
+def save_user_data(user_data):
+    with open('user_data.json', 'w') as file:
+        json.dump(user_data, file)
+
+# Vulnerability 4: XML External Entities (XXE)
+import xml.etree.ElementTree as ET
+
+def parse_xml(xml_string):
+    root = ET.fromstring(xml_string)
+    return root
+
+# Example usage
+user_data = {"username": "admin", "password": "password123"}
+save_user_data(user_data)
+
+xml_data = """<?xml version="1.0"?>
+<!DOCTYPE root [
+<!ENTITY xxe SYSTEM "file:///etc/passwd">
+]>
+<root>&xxe;</root>"""
+print(parse_xml(xml_data))
\ No newline at end of file
diff --git a/3_broken_access_control_and_security_misconfiguration.py b/3_broken_access_control_and_security_misconfiguration.py
new file mode 100644
index 00000000..cabe68e1
--- /dev/null
+++ b/3_broken_access_control_and_security_misconfiguration.py
@@ -0,0 +1,21 @@
+# Vulnerability 5: Broken Access Control
+def get_admin_data(user_role):
+    if user_role == "admin":
+        return "Sensitive admin data"
+    else:
+        return "Access denied"
+
+# Vulnerability 6: Security Misconfiguration
+from flask import Flask
+
+app = Flask(__name__)
+
+@app.route('/')
+def home():
+    return "Welcome to the home page!"
+
+# Example usage
+print(get_admin_data("user"))
+
+if __name__ == "__main__":
+    app.run(debug=True)  # Debug mode should not be used in production
\ No newline at end of file
diff --git a/4_ xss_and_insecure_deserialization.py b/4_ xss_and_insecure_deserialization.py
new file mode 100644
index 00000000..27337404
--- /dev/null
+++ b/4_ xss_and_insecure_deserialization.py	
@@ -0,0 +1,23 @@
+# Vulnerability 7: Cross-Site Scripting (XSS)
+from flask import Flask, request
+
+app = Flask(__name__)
+
+@app.route('/greet')
+def greet():
+    name = request.args.get('name', 'Guest')
+    return f"Hello, {name}!"
+
+# Vulnerability 8: Insecure Deserialization
+import pickle
+
+def deserialize_data(data):
+    return pickle.loads(data)
+
+# Example usage
+if __name__ == "__main__":
+    app.run()
+
+# Example of insecure deserialization
+malicious_data = b"cos\nsystem\n(S'echo vulnerable'\ntR."
+print(deserialize_data(malicious_data))
\ No newline at end of file
diff --git a/5_ using_components_with_known_vulnerabilities_and_insufficient_logging.py b/5_ using_components_with_known_vulnerabilities_and_insufficient_logging.py
new file mode 100644
index 00000000..c5f8f881
--- /dev/null
+++ b/5_ using_components_with_known_vulnerabilities_and_insufficient_logging.py	
@@ -0,0 +1,19 @@
+# Vulnerability 9: Using Components with Known Vulnerabilities
+import requests
+
+def fetch_data(url):
+    response = requests.get(url)
+    return response.text
+
+# Vulnerability 10: Insufficient Logging & Monitoring
+def process_data(data):
+    try:
+        # Process data
+        pass
+    except Exception as e:
+        # Insufficient logging
+        print("An error occurred")
+
+# Example usage
+print(fetch_data("http://example.com"))
+process_data("some data")
\ No newline at end of file
diff --git a/report.txt b/report.txt
new file mode 100644
index 00000000..a36145c6
--- /dev/null
+++ b/report.txt
@@ -0,0 +1 @@
+Mon Dec 15 03:24:10 UTC 2025
diff --git a/test.py b/test.py
index 2d5eb989..1c6f6696 100644
--- a/test.py
+++ b/test.py
@@ -1,9 +1,9 @@
 import sqlite3
+import pickle
 from flask import Flask, request, render_template_string
 
 app = Flask(__name__)
 
-# SQL Injection Vulnerability
 @app.route('/login')
 def login():
     username = request.args.get('username')
@@ -12,7 +12,6 @@ def login():
     conn = sqlite3.connect('users.db')
     cursor = conn.cursor()
 
-    # Vulnerable query (susceptible to SQL Injection)
     query = "SELECT * FROM users WHERE username='" + username + "' AND password='" + password + "'"
     cursor.execute(query)
     user = cursor.fetchone()
@@ -24,13 +23,17 @@ def login():
     else:
         return "Invalid credentials."
 
-# Cross-Site Scripting (XSS) Vulnerability
 @app.route('/search')
 def search():
     query = request.args.get('query')
-
-    # Vulnerable code (XSS)
     return render_template_string('<h1>Search results for: {{ query }}</h1>', query=query)
 
+@app.route('/load')
+def load():
+    data = request.args.get('data')
+    obj = pickle.loads(data.encode())
+    return f"Loaded object: {obj}"
+
+
 if __name__ == '__main__':
     app.run(debug=True)
\ No newline at end of file