Vulnerability Name CVE Severity
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2021-20220) CVE-2021-20220
Undertow Incorrect Authorization Vulnerability (CVE-2017-12196) CVE-2017-12196
Undertow Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-3888) CVE-2019-3888
Undertow Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-10212) CVE-2019-10212
Undertow Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2017-2670) CVE-2017-2670
Undertow Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2023-1108) CVE-2023-1108
Undertow Missing Authorization Vulnerability (CVE-2019-10184) CVE-2019-10184
Undertow Unchecked Return Value Vulnerability (CVE-2022-1319) CVE-2022-1319
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2019-14888) CVE-2019-14888
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2019-19343) CVE-2019-19343
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2021-3629) CVE-2021-3629
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2021-3690) CVE-2021-3690
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2022-2053) CVE-2022-2053
Unfiltered header injection in Apache 1.3.34/2.0.57/2.2.1 CVE-2006-3918
Unicode Transformation (Best-Fit Mapping)
Unprotected Apache NiFi API interface
Unprotected JSON file leaking secrets
Unprotected Kong Gateway Admin API interface
Unprotected phpMyAdmin interface
Unrestricted access to a monitoring system
Unrestricted access to AnythingLLM API CVE-2024-6842
Unrestricted access to Apache HugeGraph
Unrestricted access to Caddy API interface
Unrestricted access to Haproxy Data Plane API
Unrestricted access to ImageResizer Diagnotics plugin
Unrestricted access to Kong Gateway API
Unrestricted access to MLflow
Unrestricted access to NGINX+ API interface (read only)
Unrestricted access to NGINX+ API interface (read write)
Unrestricted access to NGINX+ Dashboard
Unrestricted access to NGINX+ Status module
Unrestricted access to NGINX+ Upstream HTTP interface
Unrestricted access to Odoo DB manager
Unrestricted access to Prometheus
Unrestricted access to Prometheus Metrics
Unrestricted File Upload
Unrestricted file upload vulnerability in ofc_upload_image.php CVE-2009-4140
Unsafe use of Reflection
Unsafe value for session tracking in WEB-INF/web.xml
Unsupported Hash Detected in Content Security Policy (CSP)
Unvalidated JWT jku parameter
Unvalidated JWT x5u parameter
Uploadify arbitrary file upload
URL rewrite vulnerability CVE-2018-14773
User-controlled form action
User controllable charset
User controllable script source
User controllable tag parameter
uWSGI Path Traversal vulnerability CVE-2018-7490
uWSGI Unauthorized Access Vulnerability
Vanilla Forums Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2018-15833) CVE-2018-15833
Vanilla Forums Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-1000432) CVE-2017-1000432
Vanilla Forums CVE-2013-3528 Vulnerability (CVE-2013-3528) CVE-2013-3528
Vanilla Forums Deserialization of Untrusted Data Vulnerability (CVE-2018-19499) CVE-2018-19499
Vanilla Forums Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3613) CVE-2011-3613
Vanilla Forums Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3812) CVE-2011-3812
Vanilla Forums Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-10073) CVE-2016-10073
Vanilla Forums Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-18903) CVE-2018-18903
Vanilla Forums Improper Input Validation Vulnerability (CVE-2011-0908) CVE-2011-0908
Vanilla Forums Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-9889) CVE-2019-9889
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0526) CVE-2011-0526
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0909) CVE-2011-0909
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1009) CVE-2011-1009
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9685) CVE-2014-9685
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17571) CVE-2018-17571
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8279) CVE-2019-8279
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8825) CVE-2020-8825
Vanilla Forums Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-3527) CVE-2013-3527
Vanilla Forums Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-16410) CVE-2018-16410
Vanilla Forums Other Vulnerability (CVE-2011-0910) CVE-2011-0910
Vanilla Forums Other Vulnerability (CVE-2011-3614) CVE-2011-3614
Vanilla Forums Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4954) CVE-2012-4954
Varnish Cache Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-4484) CVE-2013-4484
Varnish Cache Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-8807) CVE-2017-8807
Varnish Cache Integer Overflow or Wraparound Vulnerability (CVE-2017-12425) CVE-2017-12425