Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Api Bfla Api Bola Api Broken Auth Api Broken Object Prop Auth Api Dos Api Improper Inventory Management Api Misconfiguration Api Ssrf Arbitrary File Creation Arbitrary File Read Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities LLM Ldap Injection Llm Excessive Agency Llm Insecure Output Handling Llm Prompt Injection Llm Prompt Leakage Llm Sensitive Information Disclosure Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Atlassian Jira Other Vulnerability (CVE-2019-14997) CVE-2019-14997 Medium Atlassian Jira Other Vulnerability (CVE-2019-20101) CVE-2019-20101 Medium Atlassian Jira Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-6619) CVE-2007-6619 CWE-264 CWE-264 High Atlassian Jira Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2928) CVE-2012-2928 CWE-264 CWE-264 Medium Atlassian Jira Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-16865) CVE-2017-16865 CWE-918 CWE-918 Medium Atlassian Jira Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-13404) CVE-2018-13404 CWE-918 CWE-918 Medium Atlassian Jira Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-8451) CVE-2019-8451 CWE-918 CWE-918 Medium Atlassian Jira Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-20408) CVE-2019-20408 CWE-918 CWE-918 Medium Atlassian JIRA Servicedesk misconfiguration CWE-287 CWE-287 Medium Atlassian Jira Uncontrolled Search Path Element Vulnerability (CVE-2019-20400) CVE-2019-20400 CWE-427 CWE-427 High Atlassian Jira Uncontrolled Search Path Element Vulnerability (CVE-2019-20419) CVE-2019-20419 CWE-427 CWE-427 High Atlassian Jira Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-20897) CVE-2019-20897 CWE-434 CWE-434 Medium Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-13401) CVE-2018-13401 CWE-601 CWE-601 Medium Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-13402) CVE-2018-13402 CWE-601 CWE-601 Medium Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-11585) CVE-2019-11585 CWE-601 CWE-601 Medium Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-11589) CVE-2019-11589 CWE-601 CWE-601 Medium Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-20417) CVE-2019-20417 CWE-601 CWE-601 Medium Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-20901) CVE-2019-20901 CWE-601 CWE-601 Medium Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-39112) CVE-2021-39112 CWE-601 CWE-601 Medium Atlassian OAuth Plugin IconUriServlet SSRF CVE-2017-9506 CWE-918 CWE-918 High ATutor Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-1583) CVE-2015-1583 CWE-352 CWE-352 High ATutor Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-2539) CVE-2016-2539 CWE-352 CWE-352 High ATutor Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3706) CVE-2011-3706 CWE-200 CWE-200 Medium ATutor Improper Authentication Vulnerability (CVE-2014-9753) CVE-2014-9753 CWE-287 CWE-287 Critical ATutor Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3368) CVE-2008-3368 CWE-94 CWE-94 Medium ATutor Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-10400) CVE-2016-10400 CWE-22 CWE-22 High ATutor Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-1000002) CVE-2017-1000002 CWE-22 CWE-22 Critical ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0828) CVE-2008-0828 CWE-707 CWE-707 Medium ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-0971) CVE-2010-0971 CWE-707 CWE-707 Low ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6528) CVE-2012-6528 CWE-707 CWE-707 Medium ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2091) CVE-2014-2091 CWE-707 CWE-707 Low ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-6521) CVE-2015-6521 CWE-707 CWE-707 Medium ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-7711) CVE-2015-7711 CWE-707 CWE-707 Medium ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6483) CVE-2017-6483 CWE-707 CWE-707 Medium ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14981) CVE-2017-14981 CWE-707 CWE-707 Medium ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7172) CVE-2019-7172 CWE-707 CWE-707 Medium ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-23341) CVE-2020-23341 CWE-707 CWE-707 Medium ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-27008) CVE-2023-27008 CWE-707 CWE-707 Medium ATutor Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-2555) CVE-2016-2555 CWE-138 CWE-138 Critical ATutor Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-1000004) CVE-2017-1000004 CWE-138 CWE-138 Critical ATutor Improper Privilege Management Vulnerability (CVE-2017-1000003) CVE-2017-1000003 CWE-269 CWE-269 Critical ATutor Incorrect Authorization Vulnerability (CVE-2019-16114) CVE-2019-16114 CWE-863 CWE-863 Critical ATutor Other Vulnerability (CVE-2014-9752) CVE-2014-9752 Medium ATutor Other Vulnerability (CVE-2015-7712) CVE-2015-7712 Medium ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-11446) CVE-2019-11446 CWE-434 CWE-434 High ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-12169) CVE-2019-12169 CWE-434 CWE-434 High ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-12170) CVE-2019-12170 CWE-434 CWE-434 High ATutor Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2021-43498) CVE-2021-43498 CWE-640 CWE-640 High Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805) CVE-2023-46805 CWE-287 CWE-287 High Authentication bypass via MongoDB operator injection CWE-943 CWE-943 High Auxiliary systems SSRF CWE-918 CWE-918 High axios Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-58754) CVE-2025-58754 CWE-770 CWE-770 High axios Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-42034) CVE-2026-42034 CWE-770 CWE-770 Medium axios Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-42036) CVE-2026-42036 CWE-770 CWE-770 Medium axios Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-44488) CVE-2026-44488 CWE-770 CWE-770 High axios Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-45857) CVE-2023-45857 CWE-352 CWE-352 Medium axios Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-44486) CVE-2026-44486 CWE-200 CWE-200 High axios Improper Authentication Vulnerability (CVE-2026-42041) CVE-2026-42041 CWE-287 CWE-287 Medium axios Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2026-25639) CVE-2026-25639 CWE-754 CWE-754 High axios Improper Encoding or Escaping of Output Vulnerability (CVE-2026-42040) CVE-2026-42040 CWE-116 CWE-116 Low axios Improper Input Validation Vulnerability (CVE-2019-10742) CVE-2019-10742 CWE-20 CWE-20 High axios Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2026-42044) CVE-2026-42044 CWE-915 CWE-915 Critical axios Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2026-42033) CVE-2026-42033 CWE-1321 CWE-1321 High axios Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2026-42264) CVE-2026-42264 CWE-1321 CWE-1321 Critical axios Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2026-44490) CVE-2026-44490 CWE-1321 CWE-1321 High axios Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2026-42037) CVE-2026-42037 CWE-707 CWE-707 Medium axios Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') Vulnerability (CVE-2026-40175) CVE-2026-40175 CWE-707 CWE-707 Medium axios Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') Vulnerability (CVE-2026-42035) CVE-2026-42035 CWE-707 CWE-707 High axios Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') Vulnerability (CVE-2026-44489) CVE-2026-44489 CWE-707 CWE-707 Medium axios Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2026-44487) CVE-2026-44487 CWE-201 CWE-201 High axios Origin Validation Error Vulnerability (CVE-2024-57965) CVE-2024-57965 CWE-346 CWE-346 Critical axios Permissive List of Allowed Inputs Vulnerability (CVE-2026-42042) CVE-2026-42042 CWE-183 CWE-183 Medium axios Permissive List of Allowed Inputs Vulnerability (CVE-2026-42043) CVE-2026-42043 CWE-183 CWE-183 Critical axios Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-28168) CVE-2020-28168 CWE-918 CWE-918 Medium axios Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-39338) CVE-2024-39338 CWE-918 CWE-918 High 1...15161718...329 16 / 329