| Vulnerability Name |
CVE
CWE
|
CWE |
Severity |
|
silverstripeCMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5078)
|
CVE-2010-5078
CWE-264
|
CWE-264
|
Medium
|
|
silverstripeCMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5087)
|
CVE-2010-5087
CWE-264
|
CWE-264
|
Medium
|
|
silverstripeCMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5089)
|
CVE-2010-5089
CWE-264
|
CWE-264
|
Medium
|
|
silverstripeCMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5090)
|
CVE-2010-5090
CWE-264
|
CWE-264
|
Medium
|
|
silverstripeCMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5093)
|
CVE-2010-5093
CWE-264
|
CWE-264
|
Medium
|
|
silverstripeCMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5094)
|
CVE-2010-5094
CWE-264
|
CWE-264
|
Medium
|
|
silverstripeCMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4961)
|
CVE-2011-4961
CWE-264
|
CWE-264
|
Medium
|
|
silverstripeCMS Session Fixation Vulnerability (CVE-2019-12203)
|
CVE-2019-12203
CWE-384
|
CWE-384
|
Medium
|
|
silverstripeCMS Session Fixation Vulnerability (CVE-2022-24444)
|
CVE-2022-24444
CWE-384
|
CWE-384
|
Medium
|
|
silverstripeCMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-9280)
|
CVE-2020-9280
CWE-434
|
CWE-434
|
High
|
|
SimpleHelp Path Traversal (CVE-2024-57727)
|
CVE-2024-57727
CVE-2024-57726
CVE-2024-57728
CWE-22
|
CWE-22
|
High
|
|
Sitecore Arbitrary File Read (CVE-2024-46938)
|
CVE-2024-46938
CWE-200
|
CWE-200
|
High
|
|
Sitecore XM/XP Insecure Deserialization (CVE-2025-27218)
|
CVE-2025-27218
CWE-502
|
CWE-502
|
Critical
|
|
Sitecore XP Deserialization RCE (CVE-2021-42237)
|
CVE-2021-42237
CWE-502
|
CWE-502
|
High
|
|
Sitecore XP TemplateParser RCE (CVE-2023-35813)
|
CVE-2023-35813
CWE-94
|
CWE-94
|
Critical
|
|
Skipper Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-23742)
|
CVE-2026-23742
CWE-94
|
CWE-94
|
High
|
|
Skipper Incorrect Authorization Vulnerability (CVE-2022-34296)
|
CVE-2022-34296
CWE-863
|
CWE-863
|
High
|
|
Skipper Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-38580)
|
CVE-2022-38580
CWE-918
|
CWE-918
|
Critical
|
|
Skipper Unintended Proxy or Intermediary ('Confused Deputy') Vulnerability (CVE-2026-24470)
|
CVE-2026-24470
CWE-441
|
CWE-441
|
High
|
|
Skype for Business SSRF (CVE-2023-41763)
|
CVE-2023-41763
CWE-918
|
CWE-918
|
High
|
|
SmarterTools SmarterMail Admin Password Reset (CVE-2026-23760)
|
CVE-2026-23760
CWE-288
|
CWE-288
|
Critical
|
|
Snoop Servlet information disclosure
|
CWE-200
|
CWE-200
|
Low
|
|
SOAP WS-Addressing SSRF
|
CWE-918
|
CWE-918
|
Medium
|
|
SolarWinds Orion API Auth bypass (CVE-2020-10148)
|
CVE-2020-10148
CWE-287
|
CWE-287
|
High
|
|
SolarWinds Serv-U Directory Traversal (CVE-2024-28995)
|
CVE-2024-28995
CWE-22
|
CWE-22
|
High
|
|
SolarWinds Web Help Desk Hardcoded Credential (CVE-2024-28987)
|
CVE-2024-28987
CWE-798
|
CWE-798
|
Critical
|
|
SolarWinds Web Help Desk RCE (CVE-2024-28986)
|
CVE-2024-28986
CWE-502
|
CWE-502
|
Critical
|
|
SonarQube default credentials
|
CWE-798
|
CWE-798
|
High
|
|
Sonicwall SMA 100 Unintended proxy (CVE-2021-20042)
|
CVE-2021-20042
CWE-441
|
CWE-441
|
Medium
|
|
SonicWall SSL-VPN 8.0.0.0 RCE via ShellShock exploit
|
CWE-78
|
CWE-78
|
High
|
|
Source Code Disclosure
|
CWE-538
|
CWE-538
|
Medium
|
|
Source Code Disclosure (Node.js)
|
CWE-540
|
CWE-540
|
Medium
|
|
Source Code Disclosure (Python)
|
CWE-540
|
CWE-540
|
Medium
|
|
spring-boot-actuator-logview Path Traversal
|
CVE-2021-21234
CWE-22
|
CWE-22
|
High
|
|
Spring Boot Actuator
|
CWE-489
|
CWE-489
|
Medium
|
|
Spring Boot Actuator v2
|
CWE-489
|
CWE-489
|
Medium
|
|
Spring Boot Misconfiguration: Actuator endpoint security disabled
|
CWE-749
|
CWE-749
|
Medium
|
|
Spring Boot Misconfiguration: Admin MBean enabled
|
CWE-749
|
CWE-749
|
Medium
|
|
Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed
|
CWE-200
|
CWE-200
|
Medium
|
|
Spring Boot Misconfiguration: Datasource credentials stored in the properties file
|
CWE-312
|
CWE-312
|
Medium
|
|
Spring Boot Misconfiguration: Developer tools enabled on production
|
CWE-200
CWE-489
|
CWE-200
CWE-489
|
Medium
|
|
Spring Boot Misconfiguration: H2 console enabled
|
CWE-200
|
CWE-200
|
Medium
|
|
Spring Boot Misconfiguration: MongoDB credentials stored in the properties file
|
CWE-312
|
CWE-312
|
Medium
|
|
Spring Boot Misconfiguration: Overly long session timeout
|
CWE-613
|
CWE-613
|
Medium
|
|
Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed
|
CWE-749
|
CWE-749
|
Low
|
|
Spring Boot Misconfiguration: Unsafe value for session tracking
|
CWE-200
CWE-598
|
CWE-200
CWE-598
|
Medium
|
|
Spring Boot Whitelabel Error Page SpEL
|
CWE-94
|
CWE-94
|
High
|
|
Spring Cloud Gateway Improper Certificate Validation Vulnerability (CVE-2022-22946)
|
CVE-2022-22946
CWE-295
|
CWE-295
|
Medium
|
|
Spring Cloud Gateway Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression La Vulnerability (CVE-2022-22947)
|
CVE-2022-22947
CWE-138
|
CWE-138
|
Critical
|
|
Spring Cloud Gateway Incorrect Authorization Vulnerability (CVE-2021-22051)
|
CVE-2021-22051
CWE-863
|
CWE-863
|
Medium
|
|
Spring Data REST RCE via PATCH requests
|
CVE-2017-8046
CWE-94
|
CWE-94
|
High
|
|
Spring Misconfiguration: HTML Escaping disabled
|
CWE-116
|
CWE-116
|
Medium
|
|
Spring Security Authentication Bypass
|
CVE-2016-5007
CWE-287
|
CWE-287
|
High
|
|
SQL Injection
|
CWE-89
|
CWE-89
|
Critical
|
|
SQL Injection (stylesheet.php) (CMS Made Simple)
|
CVE-2007-2473
CWE-89
|
CWE-89
|
High
|
|
SQL Injection in Symphony
|
CVE-2013-2559
CWE-89
|
CWE-89
|
High
|
|
SQL injection in the authentication header
|
CWE-89
|
CWE-89
|
Critical
|
|
Sqlite Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2015-3717)
|
CVE-2015-3717
CWE-120
|
CWE-120
|
High
|
|
Sqlite CVE-2015-5895 Vulnerability (CVE-2015-5895)
|
CVE-2015-5895
|
|
Critical
|
|
Sqlite CVE-2019-19244 Vulnerability (CVE-2019-19244)
|
CVE-2019-19244
|
|
High
|
|
Sqlite CVE-2019-19603 Vulnerability (CVE-2019-19603)
|
CVE-2019-19603
|
|
High
|
|
Sqlite CVE-2020-13631 Vulnerability (CVE-2020-13631)
|
CVE-2020-13631
|
|
Medium
|
|
Sqlite CVE-2021-20223 Vulnerability (CVE-2021-20223)
|
CVE-2021-20223
|
|
Critical
|
|
Sqlite CVE-2021-36690 Vulnerability (CVE-2021-36690)
|
CVE-2021-36690
|
|
High
|
|
Sqlite CVE-2023-36191 Vulnerability (CVE-2023-36191)
|
CVE-2023-36191
|
|
Medium
|
|
SQLite Database File Found
|
CWE-538
|
CWE-538
|
Medium
|
|
Sqlite Divide By Zero Vulnerability (CVE-2019-16168)
|
CVE-2019-16168
CWE-369
|
CWE-369
|
Medium
|
|
Sqlite Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2019-19646)
|
CVE-2019-19646
CWE-754
|
CWE-754
|
Critical
|
|
Sqlite Improper Clearing of Heap Memory Before Release ('Heap Inspection') Vulnerability (CVE-2025-70873)
|
CVE-2025-70873
CWE-244
|
CWE-244
|
High
|
|
Sqlite Improper Handling of Exceptional Conditions Vulnerability (CVE-2019-19924)
|
CVE-2019-19924
CWE-755
|
CWE-755
|
Medium
|
|
Sqlite Improper Initialization Vulnerability (CVE-2020-11655)
|
CVE-2020-11655
CWE-665
|
CWE-665
|
High
|
|
Sqlite Improper Input Validation Vulnerability (CVE-2016-6153)
|
CVE-2016-6153
CWE-20
|
CWE-20
|
Medium
|
|
Sqlite Improper Input Validation Vulnerability (CVE-2017-13685)
|
CVE-2017-13685
CWE-20
|
CWE-20
|
Medium
|
|
Sqlite Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-6590)
|
CVE-2008-6590
CWE-22
|
CWE-22
|
Medium
|
|
Sqlite Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-6592)
|
CVE-2008-6592
CWE-22
|
CWE-22
|
High
|
