Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Api Bfla Api Bola Api Broken Auth Api Broken Object Prop Auth Api Dos Api Improper Inventory Management Api Misconfiguration Api Ssrf Arbitrary File Creation Arbitrary File Read Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities LLM Ldap Injection Llm Excessive Agency Llm Insecure Output Handling Llm Prompt Injection Llm Prompt Leakage Llm Sensitive Information Disclosure Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-50190) CVE-2025-50190 CWE-138 CWE-138 Critical Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-50192) CVE-2025-50192 CWE-138 CWE-138 Critical Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-28430) CVE-2026-28430 CWE-138 CWE-138 Critical Chamilo Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-50199) CVE-2025-50199 CWE-918 CWE-918 Critical Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-13082) CVE-2019-13082 CWE-434 CWE-434 Critical Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-34944) CVE-2023-34944 CWE-434 CWE-434 Critical Chamilo Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2026-33707) CVE-2026-33707 CWE-640 CWE-640 Critical ChatGPT-Next-Web SSRF (CVE-2023-49785) CVE-2023-49785 CWE-918 CWE-918 Critical Check Point Gateway Path Traversal (CVE-2024-24919) CVE-2024-24919 CWE-22 CWE-22 Critical Cherokee Out-of-bounds Write Vulnerability (CVE-2019-20800) CVE-2019-20800 CWE-787 CWE-787 Critical Cisco IOS XE Web UI Authentication Bypass (CVE-2023-20198) CVE-2023-20198 CWE-287 CWE-287 Critical Cisco IOS XE Web UI Implant (CVE-2023-20198) CVE-2023-20198 CWE-912 CWE-912 Critical Citrix NetScaler Memory Disclosure 'Citrix Bleed' (CVE-2023-4966) CVE-2023-4966 CWE-119 CWE-119 Critical Citrix NetScaler Memory Disclosure 'Citrix Bleed 2' (CVE-2025-5777) CVE-2025-5777 CVE-2025-5349 CWE-457 CWE-457 Critical Citrix NetScaler Memory Overread (CVE-2026-3055) CVE-2026-3055 CWE-125 CWE-125 Critical CKEditor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-31541) CVE-2023-31541 CWE-434 CWE-434 Critical Claroline Other Vulnerability (CVE-2006-0411) CVE-2006-0411 Critical Claroline Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-37159) CVE-2022-37159 CWE-434 CWE-434 Critical Cleo Harmony/VLTrader/LexiCom RCE (CVE-2024-50623, CVE-2024-55956) CVE-2024-50623 CVE-2024-55956 CWE-434 CWE-434 Critical ClipBucket Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2018-7664) CVE-2018-7664 CWE-138 CWE-138 Critical ClipBucket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-7666) CVE-2018-7666 CWE-138 CWE-138 Critical ClipBucket Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2013-10040) CVE-2013-10040 CWE-434 CWE-434 Critical ClipBucket Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-7665) CVE-2018-7665 CWE-434 CWE-434 Critical CloudPanel file-manager Auth bypass (CVE-2023-35885) CVE-2023-35885 CWE-565 CWE-565 Critical Code Evaluation (Apache Struts) S2-016 CVE-2013-2251 CWE-20 CWE-20 Critical Code Evaluation (Apache Struts) S2-045 CVE-2017-5638 CWE-94 CWE-94 Critical Code Evaluation (ASP) CWE-95 CWE-95 Critical Code Evaluation (Perl) CWE-94 CWE-94 Critical Code Evaluation (PHP) CWE-94 CWE-94 Critical Code Evaluation (Python) CWE-95 CWE-95 Critical Code Evaluation (Ruby) CWE-94 CWE-94 Critical ColdFusion WDDX Deserialization RCE (CVE-2023-29300/CVE-2023-38203/CVE-2023-38204) CVE-2023-29300 CVE-2023-38203 CVE-2023-38204 CWE-502 CWE-502 Critical ColdFusion WDDX Deserialization RCE (CVE-2023-44353) CVE-2023-44353 CWE-502 CWE-502 Critical Collabtive Improper Privilege Management Vulnerability (CVE-2013-5027) CVE-2013-5027 CWE-269 CWE-269 Critical Command Injection CWE-94 CWE-94 Critical concrete5 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-22958) CVE-2021-22958 CWE-918 CWE-918 Critical Contao Deserialization of Untrusted Data Vulnerability (CVE-2014-1860) CVE-2014-1860 CWE-502 CWE-502 Critical Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-16558) CVE-2017-16558 CWE-138 CWE-138 Critical Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-11512) CVE-2019-11512 CWE-138 CWE-138 Critical Contao Key Management Errors Vulnerability (CVE-2019-10643) CVE-2019-10643 Critical Contao Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10641) CVE-2019-10641 CWE-640 CWE-640 Critical Craft CMS Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-68456) CVE-2025-68456 CWE-770 CWE-770 Critical Craft CMS CVE-2025-32432 Vulnerability (CVE-2025-32432) CVE-2025-32432 Critical Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-27903) CVE-2021-27903 CWE-94 CWE-94 Critical Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-41892) CVE-2023-41892 CWE-94 CWE-94 Critical Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-56145) CVE-2024-56145 CWE-94 CWE-94 Critical Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-28783) CVE-2026-28783 CWE-94 CWE-94 Critical Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-37843) CVE-2024-37843 CWE-138 CWE-138 Critical Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28697) CVE-2026-28697 CWE-138 CWE-138 Critical Craft CMS Incorrect Authorization Vulnerability (CVE-2026-32267) CVE-2026-32267 CWE-863 CWE-863 Critical Craft CMS RCE (CVE-2023-41892) CVE-2023-41892 CWE-94 CWE-94 Critical Craft CMS RCE (CVE-2025-32432) CVE-2025-32432 CWE-470 CWE-470 Critical Craft CMS register_argc_argv RCE (CVE-2024-56145) CVE-2024-56145 CWE-94 CWE-94 Critical Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-15929) CVE-2019-15929 CWE-640 CWE-640 Critical CrushFTP Authentication Bypass (CVE-2025-2825) CVE-2025-2825 CWE-287 CWE-287 Critical CrushFTP Server Deserialization of Untrusted Data Vulnerability (CVE-2017-14035) CVE-2017-14035 CWE-502 CWE-502 Critical CrushFTP Server Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2023-43177) CVE-2023-43177 CWE-913 CWE-913 Critical CrushFTP Server Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-4040) CVE-2024-4040 CWE-94 CWE-94 Critical CrushFTP Server Other Vulnerability (CVE-2025-31161) CVE-2025-31161 Critical CrushFTP Server Unprotected Alternate Channel Vulnerability (CVE-2025-54309) CVE-2025-54309 CWE-420 CWE-420 Critical CrushFTP Server Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2024-53552) CVE-2024-53552 CWE-640 CWE-640 Critical CrushFTP SSTI (CVE-2024-4040) CVE-2024-4040 CWE-94 CWE-94 Critical CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-34832) CVE-2024-34832 CWE-22 CWE-22 Critical CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-20716) CVE-2018-20716 CWE-138 CWE-138 Critical CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-34018) CVE-2026-34018 CWE-138 CWE-138 Critical CWP (Control Web Panel) < 0.9.8.1205 - Remote Code Execution (CVE-2025-48703) CVE-2025-48703 CWE-78 CWE-78 Critical CyberPanel RCE (CVE-2024-51567/CVE-2024-51568/CVE-2024-51378) CVE-2024-51567 CVE-2024-51568 CVE-2024-51378 CWE-306 CWE-306 Critical D-Link NAS Backdoor Account RCE (CVE-2024-3273, CVE-2024-3272) CVE-2024-3273 CVE-2024-3272 CWE-77 CWE-77 Critical Django Improper Input Validation Vulnerability (CVE-2023-31047) CVE-2023-31047 CWE-20 CWE-20 Critical Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-14234) CVE-2019-14234 CWE-138 CWE-138 Critical Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-7471) CVE-2020-7471 CWE-138 CWE-138 Critical Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-35042) CVE-2021-35042 CWE-138 CWE-138 Critical Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-28346) CVE-2022-28346 CWE-138 CWE-138 Critical Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-28347) CVE-2022-28347 CWE-138 CWE-138 Critical Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-34265) CVE-2022-34265 CWE-138 CWE-138 Critical 12345...22 3 / 22