Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Api Bfla Api Bola Api Broken Auth Api Broken Object Prop Auth Api Dos Api Improper Inventory Management Api Misconfiguration Api Ssrf Arbitrary File Creation Arbitrary File Read Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities LLM Ldap Injection Llm Excessive Agency Llm Insecure Output Handling Llm Prompt Injection Llm Prompt Leakage Llm Sensitive Information Disclosure Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Kayako Fusion v4.51.1891 - multiple web vulnerabilities CWE-79 CWE-79 High Kentico CMS Deserialization RCE CVE-2019-10068 CWE-502 CWE-502 High Kentico CMS RCE CVE-2017-17736 CVE-2017-17736 CWE-425 CWE-425 High Kentico Staging API Authentication Bypass CVE-2025-2747 CVE-2025-2746 CWE-287 CWE-287 Critical Kentico Staging API publicly accessible CWE-200 CWE-200 Low Keycloak clients-registrations XSS (CVE-2021-20323) CVE-2021-20323 CWE-79 CWE-79 Medium KeyCloak Information Disclosure (CVE-2020-27838) CVE-2020-27838 CWE-287 CWE-287 Medium Keycloak request_uri SSRF (CVE-2020-10770) CVE-2020-10770 CWE-918 CWE-918 Medium Knockout.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14862) CVE-2019-14862 CWE-707 CWE-707 Medium Kong Server Incorrect Authorization Vulnerability (CVE-2021-27306) CVE-2021-27306 CWE-863 CWE-863 High Kong Server Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487) CVE-2023-44487 CWE-400 CWE-400 High Kramer VIAware RCE (CVE-2021-36356/CVE-2021-35064) CVE-2021-36356 CVE-2019-17124 CVE-2021-35064 CWE-434 CWE-434 Critical Laravel debug mode enabled CWE-200 CWE-200 Medium Laravel debug mode enabled (Invicti IAST) CWE-200 CWE-489 CWE-200 CWE-489 Medium Laravel framework weak secret key CWE-693 CWE-693 Medium Laravel Health Monitor open CWE-200 CWE-200 Medium Laravel Horizon open CWE-200 CWE-200 Medium Laravel Ignition Reflected Cross-Site Scripting CWE-80 CWE-80 Medium Laravel Livewire RCE (CVE-2025-54068) CVE-2025-54068 CWE-502 CWE-94 CWE-502 CWE-94 Critical Laravel log file publicly accessible CWE-538 CWE-538 Medium Laravel log viewer local file download (LFD) CVE-2018-8947 CWE-22 CWE-22 High Laravel LogViewer open CWE-200 CWE-200 Medium Laravel Telescope open CWE-200 CWE-200 Medium Laravel Terminal open CWE-200 CWE-200 High LDAP injection CWE-20 CWE-20 High Liferay DXP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-25143) CVE-2024-25143 CWE-770 CWE-770 Medium Liferay DXP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-26265) CVE-2024-26265 CWE-770 CWE-770 Medium Liferay DXP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-43762) CVE-2025-43762 CWE-770 CWE-770 Medium Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2022-42129) CVE-2022-42129 CWE-639 CWE-639 Medium Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43782) CVE-2025-43782 CWE-639 CWE-639 Medium Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43790) CVE-2025-43790 CWE-639 CWE-639 High Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43803) CVE-2025-43803 CWE-639 CWE-639 Medium Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43810) CVE-2025-43810 CWE-639 CWE-639 Medium Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43827) CVE-2025-43827 CWE-639 CWE-639 Medium Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-62241) CVE-2025-62241 CWE-639 CWE-639 Medium Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-62242) CVE-2025-62242 CWE-639 CWE-639 Medium Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-62244) CVE-2025-62244 CWE-639 CWE-639 Medium Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-62252) CVE-2025-62252 CWE-639 CWE-639 Medium Liferay DXP Cleartext Storage of Sensitive Information Vulnerability (CVE-2025-62261) CVE-2025-62261 CWE-312 CWE-312 Medium Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-8980) CVE-2024-8980 CWE-352 CWE-352 Medium Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-26271) CVE-2024-26271 CWE-352 CWE-352 High Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-26272) CVE-2024-26272 CWE-352 CWE-352 High Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-26273) CVE-2024-26273 CWE-352 CWE-352 High Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-43809) CVE-2025-43809 CWE-352 CWE-352 Medium Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-62245) CVE-2025-62245 CWE-352 CWE-352 Medium Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-62258) CVE-2025-62258 CWE-352 CWE-352 Medium Liferay DXP CVE-2021-29041 Vulnerability (CVE-2021-29041) CVE-2021-29041 Medium Liferay DXP CVE-2021-33330 Vulnerability (CVE-2021-33330) CVE-2021-33330 Medium Liferay DXP CVE-2021-38266 Vulnerability (CVE-2021-38266) CVE-2021-38266 High Liferay DXP CVE-2022-42126 Vulnerability (CVE-2022-42126) CVE-2022-42126 Medium Liferay DXP CVE-2022-45320 Vulnerability (CVE-2022-45320) CVE-2022-45320 Medium Liferay DXP CVE-2024-25148 Vulnerability (CVE-2024-25148) CVE-2024-25148 High Liferay DXP Deserialization of Untrusted Data Vulnerability (CVE-2020-15842) CVE-2020-15842 CWE-502 CWE-502 High Liferay DXP Excessive Iteration Vulnerability (CVE-2024-25144) CVE-2024-25144 CWE-834 CWE-834 Medium Liferay DXP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-42132) CVE-2022-42132 CWE-200 CWE-200 Medium Liferay DXP External Control of System or Configuration Setting Vulnerability (CVE-2025-43792) CVE-2025-43792 CWE-15 CWE-15 Medium Liferay DXP Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2025-43777) CVE-2025-43777 CWE-209 CWE-209 Medium Liferay DXP Improper Certificate Validation Vulnerability (CVE-2022-42131) CVE-2022-42131 CWE-295 CWE-295 Medium Liferay DXP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-42123) CVE-2022-42123 CWE-22 CWE-22 High Liferay DXP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-3594) CVE-2025-3594 CWE-22 CWE-22 Critical Liferay DXP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-43813) CVE-2025-43813 CWE-22 CWE-22 High Liferay DXP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-62254) CVE-2025-62254 CWE-22 CWE-22 High Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29049) CVE-2021-29049 CWE-707 CWE-707 Medium Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-38263) CVE-2021-38263 CWE-707 CWE-707 Medium Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-38265) CVE-2021-38265 CWE-707 CWE-707 Medium Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-38267) CVE-2021-38267 CWE-707 CWE-707 Medium Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-38269) CVE-2021-38269 CWE-707 CWE-707 Medium Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-26593) CVE-2022-26593 CWE-707 CWE-707 Medium Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-26596) CVE-2022-26596 CWE-707 CWE-707 Medium Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-26597) CVE-2022-26597 CWE-707 CWE-707 Medium Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28978) CVE-2022-28978 CWE-707 CWE-707 Medium Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28979) CVE-2022-28979 CWE-707 CWE-707 Medium Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28982) CVE-2022-28982 CWE-707 CWE-707 Medium Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-38901) CVE-2022-38901 CWE-707 CWE-707 Medium Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-38902) CVE-2022-38902 CWE-707 CWE-707 Medium 1...68697071...327 69 / 327
