A race condition occurs when multiple processes access and manipulate the same data concurrently, and the outcome of the execution depends on the particular order in which the access takes place.
A race condition is of interest to a hacker when the race condition can be utilized to gain privileged system access.

Computers are deterministic and are therefore predictable. Computers cannot, in and of themselves, generate truly random numbers. In the absence of outside input, computers can only create pseudo-random numbers.

A SQL injection vulnerability can occur when a poorly-written program uses user-provided data in a database query without first validating the input. This is most-often found within web pages with dynamic content.

To understand what a format string vulnerability is, you first need to know what a format string is. A format string is a way of telling the C compiler how it should format numbers when it prints them.
Format Strings in C
In the C programming language there are a number of functions which accept a format string as an argument.

An integer overflow, or integer wrapping, is a potential problem in a program based upon the fact that the value that can be held in a numeric datatype is limited by the data type’s size in bytes.

The original, and still the best, method for finding security vulnerabilities in source code is to read and understand the source code.
Source code security vulnerabilities will vary between languages and platforms.