The classic injection bug classes that still pay in 2026. SQLi and XXE cheatsheets as the foundation, then two real-world cases: Code Injection in ingress-nginx and Argument Injection in Weblate.
