Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Arbitrary File Read Arbitrary File Write Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Owasp Api Bfla Owasp Api Bola Owasp Api Broken Auth Owasp Api Broken Object Prop Auth Owasp Api Dos Owasp Api Improper Inventory Management Owasp Api Misconfiguration Owasp Api Ssrf Path Traversal Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Unauthenticated OGNL injection in Confluence Server and Data Center CVE-2021-26084 CWE-917 CWE-917 High Unauthenticated OGNL injection in Confluence Server and Data Center (CVE-2023-22527) CVE-2023-22527 CWE-917 CWE-917 Critical Unauthenticated Remote Code Execution via JSONWS in Liferay 6.1 (LPS-88051) CWE-78 CWE-78 High Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1 CVE-2020-0618 CVE-2020-7961 CWE-78 CWE-78 High Unauthenticated remote code execution vulnerability in Confluence Server and Data Center CVE-2022-26134 CWE-917 CWE-917 High Unauthorized Access to a web app installer CWE-200 CWE-200 Medium Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability CWE-400 CWE-400 Medium Uncontrolled format string CWE-134 CWE-134 High Underscore.js Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-23358) CVE-2021-23358 CWE-94 CWE-94 High Undertow Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2021-3597) CVE-2021-3597 CWE-362 CWE-362 Medium Undertow CVE-2022-1259 Vulnerability (CVE-2022-1259) CVE-2022-1259 High Undertow CVE-2022-2764 Vulnerability (CVE-2022-2764) CVE-2022-2764 Medium Undertow CVE-2022-4492 Vulnerability (CVE-2022-4492) CVE-2022-4492 Critical Undertow CVE-2023-3223 Vulnerability (CVE-2023-3223) CVE-2023-3223 High Undertow Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-3859) CVE-2021-3859 CWE-668 CWE-668 High Undertow Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-1745) CVE-2020-1745 CWE-200 CWE-200 Critical Undertow Improper Input Validation Vulnerability (CVE-2020-1757) CVE-2020-1757 CWE-20 CWE-20 High Undertow Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-7816) CVE-2014-7816 CWE-22 CWE-22 Medium Undertow Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Vulnerability (CVE-2018-1067) CVE-2018-1067 CWE-113 CWE-113 Medium Undertow Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2020-10705) CVE-2020-10705 CWE-119 CWE-119 High Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-7559) CVE-2017-7559 CWE-444 CWE-444 Medium Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-12165) CVE-2017-12165 CWE-444 CWE-444 High Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10687) CVE-2020-10687 CWE-444 CWE-444 Medium Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10719) CVE-2020-10719 CWE-444 CWE-444 Medium Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2021-20220) CVE-2021-20220 CWE-444 CWE-444 Medium Undertow Incorrect Authorization Vulnerability (CVE-2017-12196) CVE-2017-12196 CWE-863 CWE-863 Medium Undertow Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-3888) CVE-2019-3888 CWE-532 CWE-532 Critical Undertow Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-10212) CVE-2019-10212 CWE-532 CWE-532 Critical Undertow Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2017-2670) CVE-2017-2670 CWE-835 CWE-835 High Undertow Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2023-1108) CVE-2023-1108 CWE-835 CWE-835 High Undertow Missing Authorization Vulnerability (CVE-2019-10184) CVE-2019-10184 CWE-862 CWE-862 High Undertow Unchecked Return Value Vulnerability (CVE-2022-1319) CVE-2022-1319 CWE-252 CWE-252 High Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2019-14888) CVE-2019-14888 CWE-400 CWE-400 High Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2019-19343) CVE-2019-19343 CWE-400 CWE-400 High Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2021-3629) CVE-2021-3629 CWE-400 CWE-400 High Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2021-3690) CVE-2021-3690 CWE-400 CWE-400 High Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2022-2053) CVE-2022-2053 CWE-400 CWE-400 High Unfiltered header injection in Apache 1.3.34/2.0.57/2.2.1 CVE-2006-3918 CWE-79 CWE-79 Low Unicode Transformation (Best-Fit Mapping) CWE-176 CWE-176 Medium Unprotected Apache NiFi API interface CWE-287 CWE-287 Medium Unprotected JSON file leaking secrets CWE-200 CWE-200 Medium Unprotected Kong Gateway Admin API interface CWE-287 CWE-287 Medium Unprotected phpMyAdmin interface CWE-205 CWE-205 High Unrestricted access to a monitoring system CWE-200 CWE-200 Low Unrestricted access to AnythingLLM API CVE-2024-6842 CWE-200 CWE-200 Medium Unrestricted access to Apache HugeGraph CWE-200 CWE-200 Critical Unrestricted access to Caddy API interface CWE-200 CWE-200 High Unrestricted access to Haproxy Data Plane API CWE-200 CWE-200 High Unrestricted access to ImageResizer Diagnotics plugin CWE-200 CWE-200 Low Unrestricted access to Kong Gateway API CWE-200 CWE-200 High Unrestricted access to MLflow CWE-200 CWE-200 Medium Unrestricted access to NGINX+ API interface (read only) CWE-200 CWE-200 Medium Unrestricted access to NGINX+ API interface (read write) CWE-200 CWE-200 High Unrestricted access to NGINX+ Dashboard CWE-200 CWE-200 Medium Unrestricted access to NGINX+ Status module CWE-200 CWE-200 Low Unrestricted access to NGINX+ Upstream HTTP interface CWE-200 CWE-200 Medium Unrestricted access to Odoo DB manager CWE-200 CWE-200 High Unrestricted access to Prometheus CWE-200 CWE-200 Low Unrestricted access to Prometheus Metrics CWE-200 CWE-200 Low Unrestricted File Upload CWE-434 CWE-434 High Unrestricted file upload vulnerability in ofc_upload_image.php CVE-2009-4140 CWE-434 CWE-434 High Unsafe use of Reflection CWE-470 CWE-470 High Unsafe value for session tracking in WEB-INF/web.xml CWE-16 CWE-16 Medium Unsupported Hash Detected in Content Security Policy (CSP) CWE-16 CWE-16 Informational Unvalidated JWT jku parameter CWE-287 CWE-287 High Unvalidated JWT x5u parameter CWE-287 CWE-287 High Uploadify arbitrary file upload CWE-434 CWE-434 High URL rewrite vulnerability CVE-2018-14773 CWE-436 CWE-436 Medium User-controlled form action CWE-20 CWE-20 Medium User controllable charset CWE-20 CWE-20 Medium User controllable script source CWE-79 CWE-79 High User controllable tag parameter CWE-79 CWE-79 Medium uWSGI Path Traversal vulnerability CVE-2018-7490 CWE-22 CWE-22 High uWSGI Unauthorized Access Vulnerability CWE-78 CWE-78 High Vanilla Forums Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2018-15833) CVE-2018-15833 CWE-639 CWE-639 Medium 1...177178179180...307 178 / 307
