Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Api Bfla Api Bola Api Broken Auth Api Broken Object Prop Auth Api Dos Api Improper Inventory Management Api Misconfiguration Api Ssrf Arbitrary File Creation Arbitrary File Read Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities LLM Ldap Injection Llm Excessive Agency Llm Insecure Output Handling Llm Prompt Injection Llm Prompt Leakage Llm Sensitive Information Disclosure Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Joomla CVE-2022-23799 Vulnerability (CVE-2022-23799) CVE-2022-23799 Critical Joomla CVE-2026-35223 Vulnerability (CVE-2026-35223) CVE-2026-35223 Critical Joomla CVE-2026-48898 Vulnerability (CVE-2026-48898) CVE-2026-48898 Critical Joomla CVE-2026-48899 Vulnerability (CVE-2026-48899) CVE-2026-48899 Critical Joomla CVE-2026-48902 Vulnerability (CVE-2026-48902) CVE-2026-48902 Critical Joomla CVE-2026-48904 Vulnerability (CVE-2026-48904) CVE-2026-48904 Critical Joomla Deserialization of Untrusted Data Vulnerability (CVE-2019-7743) CVE-2019-7743 CWE-502 CWE-502 Critical Joomla Deserialization of Untrusted Data Vulnerability (CVE-2019-11831) CVE-2019-11831 CWE-502 CWE-502 Critical Joomla Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2018-11325) CVE-2018-11325 CWE-209 CWE-209 Critical Joomla Improper Access Control Vulnerability (CVE-2016-9836) CVE-2016-9836 CWE-284 CWE-284 Critical Joomla Improper Authentication Vulnerability (CVE-2017-16634) CVE-2017-16634 CWE-287 CWE-287 Critical Joomla Improper Authentication Vulnerability (CVE-2022-23795) CVE-2022-23795 CWE-287 CWE-287 Critical Joomla Improper Input Validation Vulnerability (CVE-2016-8869) CVE-2016-8869 CWE-20 CWE-20 Critical Joomla Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-10945) CVE-2019-10945 CWE-22 CWE-22 Critical Joomla Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-40383) CVE-2026-40383 CWE-22 CWE-22 Critical Joomla Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Vulnerability (CVE-2016-10033) CVE-2016-10033 CWE-707 CWE-707 Critical Joomla Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2019-12765) CVE-2019-12765 CWE-1236 CWE-1236 Critical Joomla Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2016-10045) CVE-2016-10045 CWE-138 CWE-138 Critical Joomla Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') Vulnerability (CVE-2017-14596) CVE-2017-14596 CWE-138 CWE-138 Critical Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-1151) CVE-2011-1151 CWE-138 CWE-138 Critical Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-8917) CVE-2017-8917 CWE-138 CWE-138 Critical Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-6376) CVE-2018-6376 CWE-138 CWE-138 Critical Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-19846) CVE-2019-19846 CWE-138 CWE-138 Critical Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-10243) CVE-2020-10243 CWE-138 CWE-138 Critical Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-35613) CVE-2020-35613 CWE-138 CWE-138 Critical Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-23797) CVE-2022-23797 CWE-138 CWE-138 Critical Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-25226) CVE-2025-25226 CWE-138 CWE-138 Critical Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-35221) CVE-2026-35221 CWE-138 CWE-138 Critical Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-35222) CVE-2026-35222 CWE-138 CWE-138 Critical Joomla Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2024-27185) CVE-2024-27185 Critical Joomla Incorrect Authorization Vulnerability (CVE-2010-1435) CVE-2010-1435 CWE-863 CWE-863 Critical Joomla Other Vulnerability (CVE-2005-3773) CVE-2005-3773 Critical Joomla Other Vulnerability (CVE-2006-0303) CVE-2006-0303 Critical Joomla Other Vulnerability (CVE-2006-1047) CVE-2006-1047 Critical Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3225) CVE-2008-3225 CWE-264 CWE-264 Critical Joomla Session Fixation Vulnerability (CVE-2007-4188) CVE-2007-4188 CWE-384 CWE-384 Critical Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2010-1433) CVE-2010-1433 CWE-434 CWE-434 Critical Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-15882) CVE-2018-15882 CWE-434 CWE-434 Critical Juniper Junos OS J-Web RCE (CVE-2023-36845/CVE-2023-36846) CVE-2023-36845 CVE-2023-36846 CWE-473 CWE-473 Critical Kentico Staging API Authentication Bypass CVE-2025-2747 CVE-2025-2746 CWE-287 CWE-287 Critical Kramer VIAware RCE (CVE-2021-36356/CVE-2021-35064) CVE-2021-36356 CVE-2019-17124 CVE-2021-35064 CWE-434 CWE-434 Critical Laravel Livewire RCE (CVE-2025-54068) CVE-2025-54068 CWE-502 CWE-94 CWE-502 CWE-94 Critical Liferay DXP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-3594) CVE-2025-3594 CWE-22 CWE-22 Critical Liferay DXP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-42120) CVE-2022-42120 CWE-138 CWE-138 Critical Liferay DXP Missing Authorization Vulnerability (CVE-2025-43773) CVE-2025-43773 CWE-862 CWE-862 Critical Liferay DXP Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2025-43766) CVE-2025-43766 CWE-434 CWE-434 Critical Liferay Portal Deserialization of Untrusted Data Vulnerability (CVE-2020-7961) CVE-2020-7961 CWE-502 CWE-502 Critical Liferay Portal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-3594) CVE-2025-3594 CWE-22 CWE-22 Critical Liferay Portal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-42120) CVE-2022-42120 CWE-138 CWE-138 Critical Liferay Portal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-42122) CVE-2022-42122 CWE-138 CWE-138 Critical Liferay Portal Missing Authorization Vulnerability (CVE-2025-43773) CVE-2025-43773 CWE-862 CWE-862 Critical Liferay Portal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2025-43766) CVE-2025-43766 CWE-434 CWE-434 Critical Lighttpd Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-2323) CVE-2014-2323 CWE-138 CWE-138 Critical Lighttpd Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2025-12642) CVE-2025-12642 Critical Lighttpd Integer Overflow or Wraparound Vulnerability (CVE-2019-11072) CVE-2019-11072 CWE-190 CWE-190 Critical LimeSurvey CVE-2008-2570 Vulnerability (CVE-2008-2570) CVE-2008-2570 Critical LimeSurvey Deserialization of Untrusted Data Vulnerability (CVE-2018-17057) CVE-2018-17057 CWE-502 CWE-502 Critical LimeSurvey Deserialization of Untrusted Data Vulnerability (CVE-2025-56422) CVE-2025-56422 CWE-502 CWE-502 Critical LimeSurvey Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-7556) CVE-2018-7556 CWE-200 CWE-200 Critical LimeSurvey Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-9960) CVE-2019-9960 CWE-22 CWE-22 Critical LimeSurvey Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2019-16184) CVE-2019-16184 CWE-1236 CWE-1236 Critical LimeSurvey Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-25019) CVE-2019-25019 CWE-138 CWE-138 Critical LimeSurvey Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-41375) CVE-2025-41375 CWE-138 CWE-138 Critical LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-48008) CVE-2022-48008 CWE-434 CWE-434 Critical LLM Command Injection CWE-78 CWE-78 Critical Lodash Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-4800) CVE-2026-4800 CWE-94 CWE-94 Critical Lodash Other Vulnerability (CVE-2019-10744) CVE-2019-10744 Critical Lucee CF_CLIENT_ RCE CWE-200 CWE-200 Critical Lucee Unset Admin Password CWE-200 CWE-200 Critical Magento CVE-2019-8121 Vulnerability (CVE-2019-8121) CVE-2019-8121 Critical Magento CVE-2019-8136 Vulnerability (CVE-2019-8136) CVE-2019-8136 Critical Magento CVE-2019-8144 Vulnerability (CVE-2019-8144) CVE-2019-8144 Critical Magento CVE-2020-3718 Vulnerability (CVE-2020-3718) CVE-2020-3718 Critical Magento CVE-2020-9579 Vulnerability (CVE-2020-9579) CVE-2020-9579 Critical Magento CVE-2020-9580 Vulnerability (CVE-2020-9580) CVE-2020-9580 Critical 1...6789...22 7 / 22
