Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Api Bfla Api Bola Api Broken Auth Api Broken Object Prop Auth Api Dos Api Improper Inventory Management Api Misconfiguration Api Ssrf Arbitrary File Creation Arbitrary File Read Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities LLM Ldap Injection Llm Excessive Agency Llm Insecure Output Handling Llm Prompt Injection Llm Prompt Leakage Llm Sensitive Information Disclosure Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity AbanteCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-50972) CVE-2025-50972 CWE-138 CWE-138 Critical ActiveMQ OpenWire RCE (CVE-2023-46604) CVE-2023-46604 CWE-502 CWE-502 Critical Adobe Commerce/Magento "CosmicSting" XXE (CVE-2024-34102) CVE-2024-34102 CWE-611 CWE-611 Critical Adobe Commerce/Magento "SessionReaper" RCE (CVE-2025-54236) CVE-2025-54236 CWE-20 CWE-20 Critical Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-51490) CVE-2024-51490 CWE-707 CWE-707 Critical Ampache Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-15153) CVE-2020-15153 CWE-138 CWE-138 Critical Apache HTTP Server Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2020-11984) CVE-2020-11984 CWE-120 CWE-120 Critical Apache HTTP Server CVE-2003-0789 Vulnerability (CVE-2003-0789) CVE-2003-0789 Critical Apache HTTP Server CVE-2005-2700 Vulnerability (CVE-2005-2700) CVE-2005-2700 Critical Apache HTTP Server CVE-2010-0425 Vulnerability (CVE-2010-0425) CVE-2010-0425 Critical Apache HTTP Server CVE-2024-38476 Vulnerability (CVE-2024-38476) CVE-2024-38476 Critical Apache HTTP Server Exposure of Resource to Wrong Sphere Vulnerability (CVE-2026-42535) CVE-2026-42535 CWE-668 CWE-668 Critical Apache HTTP Server Heap-based Buffer Overflow Vulnerability (CVE-2026-28780) CVE-2026-28780 CWE-122 CWE-122 Critical Apache HTTP Server Improper Access Control Vulnerability (CVE-2025-23048) CVE-2025-23048 CWE-284 CWE-284 Critical Apache HTTP Server Improper Authentication Vulnerability (CVE-2017-3167) CVE-2017-3167 CWE-287 CWE-287 Critical Apache HTTP Server Improper Authentication Vulnerability (CVE-2018-1312) CVE-2018-1312 CWE-287 CWE-287 Critical Apache HTTP Server Improper Encoding or Escaping of Output Vulnerability (CVE-2024-38474) CVE-2024-38474 CWE-116 CWE-116 Critical Apache HTTP Server Improper Encoding or Escaping of Output Vulnerability (CVE-2024-38475) CVE-2024-38475 CWE-116 CWE-116 Critical Apache HTTP Server Improper Handling of Case Sensitivity Vulnerability (CVE-2001-0766) CVE-2001-0766 CWE-178 CWE-178 Critical Apache HTTP Server Improper Input Validation Vulnerability (CVE-2017-9788) CVE-2017-9788 CWE-20 CWE-20 Critical Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-7679) CVE-2017-7679 CWE-119 CWE-119 Critical Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2022-36760) CVE-2022-36760 Critical Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-25690) CVE-2023-25690 Critical Apache HTTP Server Insufficient Verification of Data Authenticity Vulnerability (CVE-2022-31813) CVE-2022-31813 CWE-345 CWE-345 Critical Apache HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-22721) CVE-2022-22721 CWE-190 CWE-190 Critical Apache HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-28615) CVE-2022-28615 CWE-190 CWE-190 Critical Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2017-3169) CVE-2017-3169 CWE-476 CWE-476 Critical Apache HTTP Server Other Vulnerability (CVE-1999-0067) CVE-1999-0067 Critical Apache HTTP Server Other Vulnerability (CVE-1999-0926) CVE-1999-0926 Critical Apache HTTP Server Other Vulnerability (CVE-1999-1199) CVE-1999-1199 Critical Apache HTTP Server Other Vulnerability (CVE-1999-1293) CVE-1999-1293 Critical Apache HTTP Server Other Vulnerability (CVE-2004-0492) CVE-2004-0492 Critical Apache HTTP Server Other Vulnerability (CVE-2021-42013) CVE-2021-42013 Critical Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-26691) CVE-2021-26691 CWE-787 CWE-787 Critical Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-39275) CVE-2021-39275 CWE-787 CWE-787 Critical Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2022-23943) CVE-2022-23943 CWE-787 CWE-787 Critical Apache HTTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438) CVE-2021-40438 CWE-918 CWE-918 Critical Apache HTTP Server Use After Free Vulnerability (CVE-2019-10082) CVE-2019-10082 CWE-416 CWE-416 Critical Apache HTTP Server Use After Free Vulnerability (CVE-2026-29167) CVE-2026-29167 CWE-416 CWE-416 Critical Apache Log4j2 JNDI Remote Code Execution CVE-2021-44228 CWE-78 CWE-78 Critical Apache Log4j2 JNDI Remote Code Execution (404 page handler) CVE-2021-44228 CWE-78 CWE-78 Critical Apache Log4j2 JNDI Remote Code Execution (delayed) CVE-2021-44228 CWE-78 CWE-78 Critical Apache Log4j2 JNDI Remote Code Execution (per folder) CVE-2021-44228 CWE-78 CWE-78 Critical Apache Log4j socket receiver deserialization vulnerability CVE-2017-5645 CWE-502 CWE-502 Critical Apache OFBiz Authentication Bypass (CVE-2023-51467) CVE-2023-51467 CWE-287 CWE-287 Critical Apache OFBiz RCE (CVE-2024-32113/CVE-2024-36104/CVE-2024-38856) CVE-2024-32113 CVE-2024-36104 CVE-2024-38856 CWE-22 CWE-22 Critical Apache OFBiz RCE (CVE-2024-45195) CVE-2024-45195 CWE-425 CWE-425 Critical Apache OFBiz SSRF (CVE-2024-45507) CVE-2024-45507 CWE-918 CWE-918 Critical Apache Struts2 remote code execution vulnerability CVE-2016-0785 CWE-78 CWE-78 Critical Apache Struts2 Remote Command Execution (S2-053) CVE-2017-12611 CWE-94 CWE-94 Critical Apache Struts Path traversal (S2-067/CVE-2024-53677, S2-066/CVE-2023-50164) CVE-2024-53677 CVE-2023-50164 CWE-434 CWE-434 Critical Apache Tika XXE via PDF XFA Content (CVE-2025-66516) CVE-2025-66516 CWE-611 CWE-611 Critical Apache Tomcat CVE-2016-8735 Vulnerability (CVE-2016-8735) CVE-2016-8735 Critical Apache Tomcat CVE-2017-5651 Vulnerability (CVE-2017-5651) CVE-2017-5651 Critical Apache Tomcat DEPRECATED: Authentication Bypass Issues Vulnerability (CVE-2026-43512) CVE-2026-43512 CWE-592 CWE-592 Critical Apache Tomcat Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-5648) CVE-2017-5648 CWE-668 CWE-668 Critical Apache Tomcat Improper Authentication Vulnerability (CVE-2026-29145) CVE-2026-29145 CWE-287 CWE-287 Critical Apache Tomcat Improper Authorization Vulnerability (CVE-2026-43515) CVE-2026-43515 CWE-285 CWE-285 Critical Apache Tomcat Improper Certificate Validation Vulnerability (CVE-2025-66614) CVE-2025-66614 CWE-295 CWE-295 Critical Apache Tomcat Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2024-52316) CVE-2024-52316 CWE-754 CWE-754 Critical Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2025-31651) CVE-2025-31651 CWE-116 CWE-116 Critical Apache Tomcat Improper Input Validation Vulnerability (CVE-2026-41293) CVE-2026-41293 CWE-20 CWE-20 Critical Apache Tomcat Improper Neutralization of Escape, Meta, or Control Sequences Vulnerability (CVE-2025-55754) CVE-2025-55754 CWE-150 CWE-150 Critical Apache Tomcat Insecure Default Initialization of Resource Vulnerability (CVE-2018-8014) CVE-2018-8014 CWE-1188 CWE-1188 Critical Apache Tomcat Other Vulnerability (CVE-2020-1938) CVE-2020-1938 Critical Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2024-50379) CVE-2024-50379 CWE-367 CWE-367 Critical Apache Tomcat Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2025-24813) CVE-2025-24813 CWE-706 CWE-706 Critical Apache Traffic Server Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2021-43082) CVE-2021-43082 CWE-120 CWE-120 Critical Apache Traffic Server CVE-2014-3525 Vulnerability (CVE-2014-3525) CVE-2014-3525 Critical Apache Traffic Server CVE-2015-5168 Vulnerability (CVE-2015-5168) CVE-2015-5168 Critical Apache Traffic Server CVE-2015-5206 Vulnerability (CVE-2015-5206) CVE-2015-5206 Critical Apache Traffic Server Improper Access Control Vulnerability (CVE-2014-3624) CVE-2014-3624 CWE-284 CWE-284 Critical Apache Traffic Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-3249) CVE-2015-3249 CWE-119 CWE-119 Critical Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-33934) CVE-2023-33934 Critical Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-17559) CVE-2019-17559 CWE-444 CWE-444 Critical 12345...22 1 / 22
