Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Api Bfla Api Bola Api Broken Auth Api Broken Object Prop Auth Api Dos Api Improper Inventory Management Api Misconfiguration Api Ssrf Arbitrary File Creation Arbitrary File Read Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities LLM Ldap Injection Llm Excessive Agency Llm Insecure Output Handling Llm Prompt Injection Llm Prompt Leakage Llm Sensitive Information Disclosure Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14329) CVE-2019-14329 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14330) CVE-2019-14330 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14331) CVE-2019-14331 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14349) CVE-2019-14349 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14350) CVE-2019-14350 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14546) CVE-2019-14546 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14547) CVE-2019-14547 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14548) CVE-2019-14548 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14549) CVE-2019-14549 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14550) CVE-2019-14550 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3539) CVE-2021-3539 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-59428) CVE-2025-59428 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability (CVE-2026-33657) CVE-2026-33657 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2025-32390) CVE-2025-32390 CWE-138 CWE-138 High EspoCRM Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') Vulnerability (CVE-2025-52575) CVE-2025-52575 CWE-138 CWE-138 Medium EspoCRM Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2019-14351) CVE-2019-14351 CWE-307 CWE-307 High EspoCRM Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2025-32385) CVE-2025-32385 CWE-1021 CWE-1021 Medium EspoCRM Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2025-52892) CVE-2025-52892 Medium EspoCRM Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7986) CVE-2014-7986 CWE-264 CWE-264 Medium EspoCRM Relative Path Traversal Vulnerability (CVE-2026-33733) CVE-2026-33733 CWE-23 CWE-23 High EspoCRM Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-46736) CVE-2023-46736 CWE-918 CWE-918 Medium EspoCRM Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-33534) CVE-2026-33534 CWE-918 CWE-918 Medium EspoCRM Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2026-33659) CVE-2026-33659 CWE-367 CWE-367 Low EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-38843) CVE-2022-38843 CWE-434 CWE-434 High EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-5965) CVE-2023-5965 CWE-434 CWE-434 High EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-5966) CVE-2023-5966 CWE-434 CWE-434 High EspoCRM URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-24818) CVE-2024-24818 CWE-601 CWE-601 Medium Express cookie-session weak secret key CWE-693 CWE-693 Medium Express Development Mode enabled CWE-200 CWE-200 Medium Express express-session weak secret key CWE-693 CWE-693 Informational Expression language injection CWE-917 CWE-917 High ExpressJs Local File Read via the layout parameter CWE-22 CWE-22 High Ext JS arbitrary file read CWE-22 CWE-22 High Ext JS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-8046) CVE-2018-8046 CWE-707 CWE-707 Medium Ext JS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2007-6758) CVE-2007-6758 CWE-918 CWE-918 High F5 BIG-IP Cookie Information Disclosure CWE-200 CWE-200 Low F5 BIG-IP Request Smuggling (CVE-2023-46747) CVE-2023-46747 CWE-288 CWE-288 Critical F5 BIG-IP Traffic Management User Interface (TMUI) RCE CVE-2020-5902 CWE-78 CWE-78 High F5 iControl REST unauthenticated remote command execution vulnerability CVE-2021-22986 CWE-78 CWE-78 High Family Connections Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-0699) CVE-2012-0699 CWE-352 CWE-352 High Family Connections Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-3419) CVE-2010-3419 CWE-94 CWE-94 High Family Connections Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-5130) CVE-2011-5130 CWE-94 CWE-94 Medium Family Connections Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-2901) CVE-2008-2901 CWE-138 CWE-138 Medium Family Connections Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-2010) CVE-2009-2010 CWE-138 CWE-138 Medium Family Connections Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-4338) CVE-2007-4338 CWE-264 CWE-264 Critical fancybox Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-1494) CVE-2015-1494 CWE-707 CWE-707 Medium FastAdmin Path Traversal (CVE-2024-7928) CVE-2024-7928 CWE-22 CWE-22 High FastCGI Unauthorized Access Vulnerability CWE-78 CWE-78 High FCKeditor arbitrary file upload CVE-2009-2265 CWE-22 CWE-22 Medium FCKeditor spellchecker.php cross site scripting vulnerability CVE-2012-4000 CWE-79 CWE-79 High File Content Disclosure in Action View CVE-2019-5418 CWE-200 CWE-200 High File creation via HTTP method PUT CWE-669 CWE-669 High File tampering CWE-20 CWE-20 Medium File Upload Functionality Detected Informational File upload XSS (Java applet) CWE-79 CWE-79 High Firebase database accessible without authentication CWE-200 CWE-200 Medium Flask debug mode CWE-489 CWE-489 High Flask weak secret key CWE-693 CWE-693 Medium Flex BlazeDS AMF Deserialization RCE CVE-2017-5641 CWE-502 CWE-502 High Flowise Authentication Bypass (CVE-2024-31621) CVE-2024-31621 CWE-287 CWE-287 Critical FluxBB CVE-2011-3621 Vulnerability (CVE-2011-3621) CVE-2011-3621 Critical FluxBB Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-9574) CVE-2014-9574 CWE-22 CWE-22 Critical FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-35240) CVE-2020-35240 CWE-707 CWE-707 Medium FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43677) CVE-2021-43677 CWE-707 CWE-707 Medium FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-44110) CVE-2025-44110 CWE-707 CWE-707 Medium FluxBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-10029) CVE-2014-10029 CWE-138 CWE-138 High FluxBB Other Vulnerability (CVE-2014-10030) CVE-2014-10030 Medium FluxBB Use of Password Hash With Insufficient Computational Effort Vulnerability (CVE-2020-28873) CVE-2020-28873 CWE-916 CWE-916 High ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464) CVE-2021-35464 CWE-502 CWE-502 High ForgeRock OpenAM Deserialization RCE (CVE-2021-29156) CVE-2021-29156 CWE-74 CWE-502 CWE-74 CWE-502 High Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379) CVE-2018-13379 CWE-22 CWE-22 High Fortinet Authentication bypass on administrative interface CVE-2022-40684 CWE-288 CWE-288 High Fortinet FortiNAC RCE via arbitrary file upload CVE-2022-39952 CWE-73 CWE-73 High Fortinet Out-Of-Bound Memory Write RCE (CVE-2024-21762) CVE-2024-21762 CWE-787 CWE-787 Critical FortiWeb Authentication Bypass (CVE-2025-64446) CVE-2025-64446 CVE-2025-58034 CWE-23 CWE-23 Critical 1...41424344...327 42 / 327
