Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Api Bfla Api Bola Api Broken Auth Api Broken Object Prop Auth Api Dos Api Improper Inventory Management Api Misconfiguration Api Ssrf Arbitrary File Creation Arbitrary File Read Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities LLM Ldap Injection Llm Excessive Agency Llm Insecure Output Handling Llm Prompt Injection Llm Prompt Leakage Llm Sensitive Information Disclosure Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Telerik Web UI Unrestricted File Upload (CVE-2017-11317) CVE-2017-11317 CWE-78 CWE-78 High Test CGI script leaking environment variables Medium TestRail Information Disclosure (CVE-2021-40875) CVE-2021-40875 CWE-425 CWE-425 Medium Text4shell: Apache Commons Text RCE via insecure interpolation CVE-2022-42889 CWE-94 CWE-94 Critical The DROWN attack (SSLv2 supported) CVE-2016-0800 CWE-327 CWE-327 High The FREAK attack CVE-2015-0204 CWE-326 CWE-327 CWE-326 CWE-327 Medium The GHOST Vulnerability CVE-2015-0235 CWE-119 CWE-119 High The Heartbleed Bug CVE-2014-0160 CWE-200 CWE-200 High The POODLE attack (SSLv3 with CBC cipher suites) CVE-2014-3566 CWE-326 CWE-326 Medium ThinkPHP v5.0.22/5.1.29 Remote Code Execution Vulnerability CWE-94 CWE-94 High Three.js Uncontrolled Resource Consumption Vulnerability (CVE-2020-28496) CVE-2020-28496 CWE-400 CWE-400 High Tiki Wiki CMS: Arbitrary Code Execution High Tiki Wiki CMS: Arbitrary File Download High Tiki Wiki CMS: Remote Code Execution via Calendar Module High timthumb.php remote code execution CVE-2011-4106 CWE-20 CWE-20 High TimThumb WebShot remote code execution CWE-94 CWE-94 High TinyMCE ajax_create_folder remote code execution vulnerability CWE-94 CWE-94 High TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-1010091) CVE-2019-1010091 CWE-707 CWE-707 Medium TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12648) CVE-2020-12648 CWE-707 CWE-707 Medium TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-17480) CVE-2020-17480 CWE-707 CWE-707 Medium TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-23066) CVE-2020-23066 CWE-707 CWE-707 Medium TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23494) CVE-2022-23494 CWE-707 CWE-707 Medium TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-45818) CVE-2023-45818 CWE-707 CWE-707 Medium TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-45819) CVE-2023-45819 CWE-707 CWE-707 Medium TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-48219) CVE-2023-48219 CWE-707 CWE-707 Medium TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21908) CVE-2024-21908 CWE-707 CWE-707 Medium TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21910) CVE-2024-21910 CWE-707 CWE-707 Medium TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21911) CVE-2024-21911 CWE-707 CWE-707 Medium TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-29203) CVE-2024-29203 CWE-707 CWE-707 Medium TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-29881) CVE-2024-29881 CWE-707 CWE-707 Medium TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-47759) CVE-2026-47759 CWE-707 CWE-707 Medium TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-47760) CVE-2026-47760 CWE-707 CWE-707 Medium TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-47761) CVE-2026-47761 CWE-707 CWE-707 Medium TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-47762) CVE-2026-47762 CWE-707 CWE-707 Medium TLS/SSL (EC)DHE Key Reuse CWE-327 CWE-327 Informational TLS/SSL certificate key size too small CWE-326 CWE-326 Medium TLS/SSL LOGJAM attack CVE-2015-4000 CWE-326 CWE-326 Medium TLS/SSL Sweet32 attack CVE-2016-2183 CVE-2016-6329 CWE-327 CWE-327 Medium TLS/SSL Weak Cipher Suites CWE-327 CWE-327 Medium Tomcat path traversal via reverse proxy mapping CWE-22 CWE-22 High Tomcat status page CWE-200 CWE-200 Low ToolsPack malware plugin CWE-95 CWE-95 High TorchServe Management API publicly exposed CVE-2023-43654 CWE-200 CWE-200 High TorchServe Management API SSRF (CVE-2023-43654) CVE-2023-43654 CWE-918 CWE-918 Critical Tornado Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-52804) CVE-2024-52804 CWE-770 CWE-770 High Tornado Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-47287) CVE-2025-47287 CWE-770 CWE-770 High Tornado debug mode CWE-489 CWE-489 Medium Tornado Improper Handling of Invalid Use of Special Elements Vulnerability (CVE-2026-35536) CVE-2026-35536 CWE-159 CWE-159 Medium Tornado Improper Input Validation Vulnerability (CVE-2012-2374) CVE-2012-2374 CWE-20 CWE-20 Medium Tornado Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67724) CVE-2025-67724 CWE-707 CWE-707 Medium Tornado Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-28476) CVE-2020-28476 CWE-444 CWE-444 High Tornado Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2014-9720) CVE-2014-9720 Medium Tornado Uncontrolled Resource Consumption Vulnerability (CVE-2025-67725) CVE-2025-67725 CWE-400 CWE-400 High Tornado Uncontrolled Resource Consumption Vulnerability (CVE-2025-67726) CVE-2025-67726 CWE-400 CWE-400 High Tornado Uncontrolled Resource Consumption Vulnerability (CVE-2026-31958) CVE-2026-31958 CWE-400 CWE-400 High Tornado URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-28370) CVE-2023-28370 CWE-601 CWE-601 Medium Tornado weak secret key CWE-693 CWE-693 Medium Total.js Directory Traversal (CVE-2019-8903) CVE-2019-8903 CWE-22 CWE-22 High Trac CVE-2009-4405 Vulnerability (CVE-2009-4405) CVE-2009-4405 High Trace.axd Detected CWE-215 CWE-215 High TRACE Method enabled CWE-489 CWE-489 Low Trac Incorrect Default Permissions Vulnerability (CVE-2010-5108) CVE-2010-5108 CWE-276 CWE-276 High TRACK Method enabled CWE-489 CWE-489 Low Trac URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2008-2951) CVE-2008-2951 CWE-601 CWE-601 Medium Tracy debugging tool enabled CWE-200 CWE-200 Medium Trojan shell script CWE-507 CWE-507 High TwistedHTTP Request Splitting Vulnerability (CVE-2020-10108) CVE-2020-10108 Critical TwistedHTTP Request Splitting Vulnerability (CVE-2020-10109) CVE-2020-10109 Critical Twisted Web HTTP Server Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2022-21716) CVE-2022-21716 CWE-120 CWE-120 High Twisted Web HTTP Server Direct Request ('Forced Browsing') Vulnerability (CVE-2016-1000111) CVE-2016-1000111 CWE-425 CWE-425 Medium Twisted Web HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-21712) CVE-2022-21712 CWE-200 CWE-200 High Twisted Web HTTP Server Improper Certificate Validation Vulnerability (CVE-2014-7143) CVE-2014-7143 CWE-295 CWE-295 High Twisted Web HTTP Server Improper Certificate Validation Vulnerability (CVE-2019-12855) CVE-2019-12855 CWE-295 CWE-295 High Twisted Web HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-39348) CVE-2022-39348 CWE-707 CWE-707 Medium Twisted Web HTTP Server Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-12387) CVE-2019-12387 CWE-138 CWE-138 Medium 1...192193194195...327 193 / 327
