Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Citrix Gateway Open Redirect And XSS Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17900) CVE-2017-17900 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-9019) CVE-2018-9019 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-10094) CVE-2018-10094 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-13447) CVE-2018-13447 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-13448) CVE-2018-13448 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-13449) CVE-2018-13449 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-13450) CVE-2018-13450 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-16809) CVE-2018-16809 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-0224) CVE-2022-0224 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-4093) CVE-2022-4093 CWE-138 CWE-138 Critical Dolibarr Improper Privilege Management Vulnerability (CVE-2022-43138) CVE-2022-43138 CWE-269 CWE-269 Critical Dolibarr Inadequate Encryption Strength Vulnerability (CVE-2017-7888) CVE-2017-7888 CWE-326 CWE-326 Critical Dolibarr Incorrect Default Permissions Vulnerability (CVE-2022-40871) CVE-2022-40871 CWE-276 CWE-276 Critical Dolphin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3167) CVE-2008-3167 CWE-94 CWE-94 Critical Dotclear Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3232) CVE-2008-3232 CWE-94 CWE-94 Critical Dotclear Other Vulnerability (CVE-2005-3957) CVE-2005-3957 Critical Drupal Configuration Vulnerability (CVE-2008-6171) CVE-2008-6171 Critical Drupal CVE-2009-3352 Vulnerability (CVE-2009-3352) CVE-2009-3352 Critical Drupal CVE-2017-6925 Vulnerability (CVE-2017-6925) CVE-2017-6925 Critical Drupal CVE-2018-7602 Vulnerability (CVE-2018-7602) CVE-2018-7602 Critical Drupal CVE-2020-13665 Vulnerability (CVE-2020-13665) CVE-2020-13665 Critical Drupal Data Processing Errors Vulnerability (CVE-2017-6920) CVE-2017-6920 Critical Drupal Improper Input Validation Vulnerability (CVE-2018-7600) CVE-2018-7600 CWE-20 CWE-20 Critical Drupal Improper Input Validation Vulnerability (CVE-2019-6339) CVE-2019-6339 CWE-20 CWE-20 Critical Drupal Improper Input Validation Vulnerability (CVE-2019-6342) CVE-2019-6342 CWE-20 CWE-20 Critical Drupal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-11831) CVE-2019-11831 CWE-22 CWE-22 Critical Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-2715) CVE-2011-2715 CWE-138 CWE-138 Critical Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-10910) CVE-2019-10910 CWE-138 CWE-138 Critical Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-13675) CVE-2020-13675 CWE-434 CWE-434 Critical e107 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-1989) CVE-2008-1989 CWE-94 CWE-94 Critical Elgg Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-2936) CVE-2011-2936 CWE-138 CWE-138 Critical Envoy Proxy CVE-2019-18802 Vulnerability (CVE-2019-18802) CVE-2019-18802 Critical Envoy Proxy CVE-2023-27487 Vulnerability (CVE-2023-27487) CVE-2023-27487 Critical Envoy Proxy CVE-2023-27488 Vulnerability (CVE-2023-27488) CVE-2023-27488 Critical Envoy Proxy Improper Certificate Validation Vulnerability (CVE-2022-21654) CVE-2022-21654 CWE-295 CWE-295 Critical Envoy Proxy Improper Encoding or Escaping of Output Vulnerability (CVE-2023-35941) CVE-2023-35941 CWE-116 CWE-116 Critical Envoy Proxy Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-29492) CVE-2021-29492 CWE-22 CWE-22 Critical Envoy Proxy Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-27491) CVE-2023-27491 Critical Envoy Proxy Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-27493) CVE-2023-27493 Critical Envoy Proxy Missing Authentication for Critical Function Vulnerability (CVE-2022-29226) CVE-2022-29226 CWE-306 CWE-306 Critical Envoy Proxy Out-of-bounds Write Vulnerability (CVE-2019-18801) CVE-2019-18801 CWE-787 CWE-787 Critical Envoy Proxy Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2019-9901) CVE-2019-9901 CWE-706 CWE-706 Critical EspoCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-7985) CVE-2014-7985 CWE-22 CWE-22 Critical Family Connections Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-4338) CVE-2007-4338 CWE-264 CWE-264 Critical FluxBB CVE-2011-3621 Vulnerability (CVE-2011-3621) CVE-2011-3621 Critical FluxBB Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-9574) CVE-2014-9574 CWE-22 CWE-22 Critical Frontaccounting Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5117) CVE-2007-5117 CWE-94 CWE-94 Critical Frontaccounting Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-5720) CVE-2019-5720 CWE-138 CWE-138 Critical GhostScript RCE (Remote Code Execution) CVE-2016-3714 CWE-78 CWE-78 Critical GibbonEdu Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-34598) CVE-2023-34598 CWE-22 CWE-22 Critical GlassFish CVE-2011-0807 Vulnerability (CVE-2011-0807) CVE-2011-0807 Critical GlassFish CVE-2016-3607 Vulnerability (CVE-2016-3607) CVE-2016-3607 Critical GlassFish CVE-2016-5528 Vulnerability (CVE-2016-5528) CVE-2016-5528 Critical GlassFish Improper Authentication Vulnerability (CVE-2017-1000030) CVE-2017-1000030 CWE-287 CWE-287 Critical GlassFish Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-7182) CVE-2015-7182 CWE-119 CWE-119 Critical GlassFish Use of Hard-coded Credentials Vulnerability (CVE-2018-14324) CVE-2018-14324 CWE-798 CWE-798 Critical Grafana Authentication Bypass by Spoofing Vulnerability (CVE-2023-3128) CVE-2023-3128 CWE-290 CWE-290 Critical Grafana Cleartext Storage of Sensitive Information Vulnerability (CVE-2022-26148) CVE-2022-26148 CWE-312 CWE-312 Critical Grafana Externally Controlled Reference to a Resource in Another Sphere Vulnerability (CVE-2021-41244) CVE-2021-41244 CWE-610 CWE-610 Critical Grafana Improper Authentication Vulnerability (CVE-2018-15727) CVE-2018-15727 CWE-287 CWE-287 Critical Grafana Missing Authentication for Critical Function Vulnerability (CVE-2022-28660) CVE-2022-28660 CWE-306 CWE-306 Critical Grafana Signature Verification Vulnerability (CVE-2020-27846) CVE-2020-27846 Critical Handlebars CVE-2021-23369 Vulnerability (CVE-2021-23369) CVE-2021-23369 Critical Handlebars Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-19919) CVE-2019-19919 CWE-138 CWE-138 Critical Handlebars Other Vulnerability (CVE-2021-23383) CVE-2021-23383 Critical IBMHttpServer CVE-2012-5955 Vulnerability (CVE-2012-5955) CVE-2012-5955 Critical IBMHttpServer Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-4947) CVE-2015-4947 CWE-119 CWE-119 Critical IBMHttpServer Other Vulnerability (CVE-2004-0492) CVE-2004-0492 Critical IBM WebSEAL CVE-2018-1722 Vulnerability (CVE-2018-1722) CVE-2018-1722 Critical IBM WebSEAL Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2016-3028) CVE-2016-3028 CWE-138 CWE-138 Critical IBM WebSEAL Missing Authorization Vulnerability (CVE-2020-4499) CVE-2020-4499 CWE-862 CWE-862 Critical Improper Authorization in Confluence Server and Data Center (CVE-2023-22518) CVE-2023-22518 CWE-284 CWE-284 Critical Internet Information Services Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2009-3023) CVE-2009-3023 CWE-120 CWE-120 Critical Internet Information Services Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-0075) CVE-2008-0075 CWE-94 CWE-94 Critical Internet Information Services Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-1999-0874) CVE-1999-0874 CWE-119 CWE-119 Critical 12345...17 3 / 17
