Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Api Bfla Api Bola Api Broken Auth Api Broken Object Prop Auth Api Dos Api Improper Inventory Management Api Misconfiguration Api Ssrf Arbitrary File Creation Arbitrary File Read Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities LLM Ldap Injection Llm Excessive Agency Llm Insecure Output Handling Llm Prompt Injection Llm Prompt Leakage Llm Sensitive Information Disclosure Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-42005) CVE-2024-42005 CWE-138 CWE-138 Critical Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-53908) CVE-2024-53908 CWE-138 CWE-138 Critical Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-59681) CVE-2025-59681 CWE-138 CWE-138 Critical Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-64459) CVE-2025-64459 CWE-138 CWE-138 Critical Django Missing Authorization Vulnerability (CVE-2026-4277) CVE-2026-4277 CWE-862 CWE-862 Critical Django Resource Management Errors Vulnerability (CVE-2014-0474) CVE-2014-0474 Critical Django SQL Injection via _connector parameter (CVE-2025-64459) CVE-2025-64459 CWE-89 CWE-89 Critical Django Use of Hard-coded Credentials Vulnerability (CVE-2016-9013) CVE-2016-9013 CWE-798 CWE-798 Critical Django Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-19844) CVE-2019-19844 CWE-640 CWE-640 Critical Dojo Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2021-23450) CVE-2021-23450 CWE-1321 CWE-1321 Critical Dolibarr Improper Authentication Vulnerability (CVE-2020-7995) CVE-2020-7995 CWE-287 CWE-287 Critical Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-25357) CVE-2018-25357 CWE-94 CWE-94 Critical Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-33816) CVE-2021-33816 CWE-94 CWE-94 Critical Dolibarr Improper Input Validation Vulnerability (CVE-2013-2093) CVE-2013-2093 CWE-20 CWE-20 Critical Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-19212) CVE-2019-19212 CWE-707 CWE-707 Critical Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-25955) CVE-2021-25955 CWE-707 CWE-707 Critical Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-38888) CVE-2023-38888 CWE-707 CWE-707 Critical Dolibarr Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2026-23500) CVE-2026-23500 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2091) CVE-2013-2091 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-7886) CVE-2017-7886 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-9435) CVE-2017-9435 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-14238) CVE-2017-14238 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-14242) CVE-2017-14242 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17897) CVE-2017-17897 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17899) CVE-2017-17899 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17900) CVE-2017-17900 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-9019) CVE-2018-9019 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-10094) CVE-2018-10094 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-13447) CVE-2018-13447 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-13448) CVE-2018-13448 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-13449) CVE-2018-13449 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-13450) CVE-2018-13450 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-16809) CVE-2018-16809 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-25710) CVE-2019-25710 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-0224) CVE-2022-0224 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-4093) CVE-2022-4093 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-5314) CVE-2024-5314 CWE-138 CWE-138 Critical Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-5315) CVE-2024-5315 CWE-138 CWE-138 Critical Dolibarr Improper Privilege Management Vulnerability (CVE-2022-43138) CVE-2022-43138 CWE-269 CWE-269 Critical Dolibarr Inadequate Encryption Strength Vulnerability (CVE-2017-7888) CVE-2017-7888 CWE-326 CWE-326 Critical Dolibarr Incorrect Default Permissions Vulnerability (CVE-2022-40871) CVE-2022-40871 CWE-276 CWE-276 Critical Dolphin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3167) CVE-2008-3167 CWE-94 CWE-94 Critical DOMPurify Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2024-48910) CVE-2024-48910 CWE-1321 CWE-1321 Critical Dotclear Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3232) CVE-2008-3232 CWE-94 CWE-94 Critical Dotclear Other Vulnerability (CVE-2005-3957) CVE-2005-3957 Critical Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-6754) CVE-2020-6754 CWE-22 CWE-22 Critical Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-2355) CVE-2016-2355 CWE-138 CWE-138 Critical Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8902) CVE-2016-8902 CWE-138 CWE-138 Critical Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-5344) CVE-2017-5344 CWE-138 CWE-138 Critical Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-11165) CVE-2025-11165 CWE-138 CWE-138 Critical Dot CMS Other Vulnerability (CVE-2022-26352) CVE-2022-26352 Critical Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-19138) CVE-2020-19138 CWE-434 CWE-434 Critical Drupal Configuration Vulnerability (CVE-2008-6171) CVE-2008-6171 Critical Drupal CVE-2009-3352 Vulnerability (CVE-2009-3352) CVE-2009-3352 Critical Drupal CVE-2017-6925 Vulnerability (CVE-2017-6925) CVE-2017-6925 Critical Drupal CVE-2018-7602 Vulnerability (CVE-2018-7602) CVE-2018-7602 Critical Drupal CVE-2020-13665 Vulnerability (CVE-2020-13665) CVE-2020-13665 Critical Drupal Data Processing Errors Vulnerability (CVE-2017-6920) CVE-2017-6920 Critical Drupal Deserialization of Untrusted Data Vulnerability (CVE-2024-55636) CVE-2024-55636 CWE-502 CWE-502 Critical Drupal Deserialization of Untrusted Data Vulnerability (CVE-2024-55637) CVE-2024-55637 CWE-502 CWE-502 Critical Drupal Deserialization of Untrusted Data Vulnerability (CVE-2024-55638) CVE-2024-55638 CWE-502 CWE-502 Critical Drupal Improper Input Validation Vulnerability (CVE-2018-7600) CVE-2018-7600 CWE-20 CWE-20 Critical Drupal Improper Input Validation Vulnerability (CVE-2019-6339) CVE-2019-6339 CWE-20 CWE-20 Critical Drupal Improper Input Validation Vulnerability (CVE-2019-6342) CVE-2019-6342 CWE-20 CWE-20 Critical Drupal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-11831) CVE-2019-11831 CWE-22 CWE-22 Critical Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-2715) CVE-2011-2715 CWE-138 CWE-138 Critical Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-10910) CVE-2019-10910 CWE-138 CWE-138 Critical Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-9082) CVE-2026-9082 CWE-138 CWE-138 Critical Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-13675) CVE-2020-13675 CWE-434 CWE-434 Critical e107 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-1989) CVE-2008-1989 CWE-94 CWE-94 Critical Elgg Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-2936) CVE-2011-2936 CWE-138 CWE-138 Critical Envoy Proxy Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-45806) CVE-2024-45806 CWE-639 CWE-639 Critical Envoy Proxy CVE-2019-18802 Vulnerability (CVE-2019-18802) CVE-2019-18802 Critical Envoy Proxy CVE-2023-27487 Vulnerability (CVE-2023-27487) CVE-2023-27487 Critical Envoy Proxy CVE-2023-27488 Vulnerability (CVE-2023-27488) CVE-2023-27488 Critical 1...3456...22 4 / 22