Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Api Bfla Api Bola Api Broken Auth Api Broken Object Prop Auth Api Dos Api Improper Inventory Management Api Misconfiguration Api Ssrf Arbitrary File Creation Arbitrary File Read Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities LLM Ldap Injection Llm Excessive Agency Llm Insecure Output Handling Llm Prompt Injection Llm Prompt Leakage Llm Sensitive Information Disclosure Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity osCommerce Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-25497) CVE-2019-25497 CWE-138 CWE-138 High osCommerce Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-6579) CVE-2023-6579 CWE-138 CWE-138 Critical osCommerce Incorrect Comparison Vulnerability (CVE-2020-23360) CVE-2020-23360 CWE-697 CWE-697 Critical osCommerce Other Vulnerability (CVE-2003-1219) CVE-2003-1219 Medium osCommerce Other Vulnerability (CVE-2004-2021) CVE-2004-2021 Medium osCommerce Other Vulnerability (CVE-2004-2638) CVE-2004-2638 High osCommerce Other Vulnerability (CVE-2005-1951) CVE-2005-1951 Medium osCommerce Other Vulnerability (CVE-2006-5190) CVE-2006-5190 Medium osCommerce Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-18572) CVE-2018-18572 CWE-434 CWE-434 High OSGi Management Console Default Credentials CWE-521 CWE-521 High osTicket CVE-2018-7195 Vulnerability (CVE-2018-7195) CVE-2018-7195 High osTicket Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2010-4634) CVE-2010-4634 CWE-22 CWE-22 Medium osTicket Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2019-14749) CVE-2019-14749 CWE-1236 CWE-1236 High osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-0606) CVE-2010-0606 CWE-707 CWE-707 Low osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-4744) CVE-2014-4744 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-1176) CVE-2015-1176 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-1347) CVE-2015-1347 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-15362) CVE-2017-15362 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-7192) CVE-2018-7192 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-7193) CVE-2018-7193 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-7196) CVE-2018-7196 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11537) CVE-2019-11537 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13397) CVE-2019-13397 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14748) CVE-2019-14748 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14750) CVE-2019-14750 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12629) CVE-2020-12629 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-14012) CVE-2020-14012 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-16193) CVE-2020-16193 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-22608) CVE-2020-22608 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-22609) CVE-2020-22609 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-24917) CVE-2020-24917 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-4271) CVE-2022-4271 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-32074) CVE-2022-32074 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1315) CVE-2023-1315 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1316) CVE-2023-1316 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1317) CVE-2023-1317 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1318) CVE-2023-1318 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1319) CVE-2023-1319 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1320) CVE-2023-1320 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-27148) CVE-2023-27148 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-27149) CVE-2023-27149 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-46967) CVE-2023-46967 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-45387) CVE-2025-45387 CWE-707 CWE-707 Medium osTicket Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2026-22200) CVE-2026-22200 CWE-138 CWE-138 High osTicket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-0605) CVE-2010-0605 CWE-138 CWE-138 High osTicket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-14396) CVE-2017-14396 CWE-138 CWE-138 Critical osTicket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-42235) CVE-2021-42235 CWE-138 CWE-138 Critical osTicket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-45811) CVE-2021-45811 CWE-138 CWE-138 Medium osTicket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-26241) CVE-2025-26241 CWE-138 CWE-138 Medium osTicket Improper Validation of Specified Quantity in Input Vulnerability (CVE-2023-30082) CVE-2023-30082 CWE-1284 CWE-1284 High osTicket Integer Overflow or Wraparound Vulnerability (CVE-2018-7194) CVE-2018-7194 CWE-190 CWE-190 Medium osTicket Observable Discrepancy Vulnerability (CVE-2026-26895) CVE-2026-26895 CWE-203 CWE-203 Medium osTicket Other Vulnerability (CVE-2005-1436) CVE-2005-1436 Medium osTicket Other Vulnerability (CVE-2005-1438) CVE-2005-1438 High osTicket Other Vulnerability (CVE-2005-1439) CVE-2005-1439 High osTicket Other Vulnerability (CVE-2006-5407) CVE-2006-5407 High osTicket Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-24881) CVE-2020-24881 CWE-918 CWE-918 Critical osTicket Session Fixation Vulnerability (CVE-2022-31888) CVE-2022-31888 CWE-384 CWE-384 High osTicket Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-15580) CVE-2017-15580 CWE-434 CWE-434 Critical Outdated JavaScript libraries CWE-1395 CWE-1395 Informational Overly long session timeout in servlet configuration CWE-613 CWE-613 Medium ownCloud Credentials Management Errors Vulnerability (CVE-2012-5607) CVE-2012-5607 Medium ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-2397) CVE-2012-2397 CWE-352 CWE-352 Medium ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4391) CVE-2012-4391 CWE-352 CWE-352 Medium ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4393) CVE-2012-4393 CWE-352 CWE-352 Medium ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4753) CVE-2012-4753 CWE-352 CWE-352 Medium ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-0299) CVE-2013-0299 CWE-352 CWE-352 Medium ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-0300) CVE-2013-0300 CWE-352 CWE-352 Medium ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-0301) CVE-2013-0301 CWE-352 CWE-352 Medium ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-2050) CVE-2014-2050 CWE-352 CWE-352 Medium ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-3836) CVE-2014-3836 CWE-352 CWE-352 Medium ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9041) CVE-2014-9041 CWE-352 CWE-352 Medium ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-28644) CVE-2020-28644 CWE-352 CWE-352 Medium Owncloud Cross-site Scripting (XSS) Vulnerability (CVE-2020-16255) CVE-2020-16255 Medium ownCloud Cryptographic Issues Vulnerability (CVE-2013-1941) CVE-2013-1941 Medium 1...142143144145...327 143 / 327
