Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Api Bfla Api Bola Api Broken Auth Api Broken Object Prop Auth Api Dos Api Improper Inventory Management Api Misconfiguration Api Ssrf Arbitrary File Creation Arbitrary File Read Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities LLM Ldap Injection Llm Excessive Agency Llm Insecure Output Handling Llm Prompt Injection Llm Prompt Leakage Llm Sensitive Information Disclosure Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Apache OFBiz SSRF (CVE-2023-50968) CVE-2023-50968 CWE-918 CWE-918 High Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070) CVE-2020-9496 CVE-2023-49070 CWE-502 CWE-502 High Apache REST RCE CVE-2018-11770 CVE-2018-11770 CWE-94 CWE-94 High Apache Roller OGNL injection CVE-2013-4212 CWE-20 CWE-20 High Apache Shiro authentication bypass CVE-2020-17523 CWE-287 CWE-287 High Apache Shiro Deserialization RCE CVE-2016-4437 CWE-78 CWE-78 High Apache Solr Deserialization of untrusted data via jmx.serviceUrl CVE-2019-0192 High Apache Solr Log4Shell RCE CVE-2021-44228 CWE-78 CWE-78 High Apache solr service exposed CWE-200 CWE-200 High Apache Spark Master Unauthorized Access Vulnerability CWE-200 CWE-200 High Apache Struts 2 ClassLoader manipulation and denial of service CVE-2014-0112 CVE-2014-0113 CVE-2014-0114 CWE-701 CWE-701 High Apache Struts 2 ClassLoader manipulation and denial of service (S2-020) CVE-2014-0094 CVE-2014-0050 CWE-701 CWE-701 High Apache Struts2 Remote Command Execution (S2-048) CVE-2017-9791 CWE-94 CWE-94 High Apache Struts2 Remote Command Execution (S2-052) CVE-2017-9805 CWE-94 CWE-94 High Apache Struts Remote Code Execution (S2-057) CVE-2018-11776 CWE-917 CWE-917 High Apache Tapestry Unauthenticated RCE (CVE-2019-0195, CVE-2021-27850) CVE-2021-27850 CWE-200 CWE-200 High Apache Tapestry weak secret key CWE-693 CWE-693 High Apache Tomcat 7PK - Errors Vulnerability (CVE-2016-8745) CVE-2016-8745 High Apache Tomcat 7PK - Security Features Vulnerability (CVE-2002-0493) CVE-2002-0493 High Apache Tomcat Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-38286) CVE-2024-38286 CWE-770 CWE-770 High Apache Tomcat Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-48988) CVE-2025-48988 CWE-770 CWE-770 High Apache Tomcat Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-41284) CVE-2026-41284 CWE-770 CWE-770 High Apache Tomcat Authentication Bypass Using an Alternate Path or Channel Vulnerability (CVE-2025-49125) CVE-2025-49125 CWE-288 CWE-288 High Apache Tomcat Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2025-52434) CVE-2025-52434 CWE-362 CWE-362 High Apache Tomcat Credentials Management Errors Vulnerability (CVE-2009-3548) CVE-2009-3548 High Apache Tomcat Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5351) CVE-2015-5351 CWE-352 CWE-352 High Apache Tomcat CVE-2020-0822 Vulnerability (CVE-2020-0822) CVE-2020-0822 High Apache Tomcat CVE-2022-29885 Vulnerability (CVE-2022-29885) CVE-2022-29885 High Apache Tomcat CVE-2023-34981 Vulnerability (CVE-2023-34981) CVE-2023-34981 High Apache Tomcat CVE-2023-44487 Vulnerability (CVE-2023-44487) CVE-2023-44487 High Apache Tomcat CVE-2024-24549 Vulnerability (CVE-2024-24549) CVE-2024-24549 High Apache Tomcat CVE-2026-24734 Vulnerability (CVE-2026-24734) CVE-2026-24734 High Apache Tomcat Deserialization of Untrusted Data Vulnerability (CVE-2020-9484) CVE-2020-9484 CWE-502 CWE-502 High Apache Tomcat Deserialization of Untrusted Data Vulnerability (CVE-2021-25329) CVE-2021-25329 CWE-502 CWE-502 High Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2005-4836) CVE-2005-4836 CWE-200 CWE-200 High Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-8747) CVE-2016-8747 CWE-200 CWE-200 High Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5647) CVE-2017-5647 CWE-200 CWE-200 High Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-12616) CVE-2017-12616 CWE-200 CWE-200 High Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-17527) CVE-2020-17527 CWE-200 CWE-200 High Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-25122) CVE-2021-25122 CWE-200 CWE-200 High Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-42498) CVE-2026-42498 CWE-200 CWE-200 High Apache Tomcat Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2026-29146) CVE-2026-29146 CWE-209 CWE-209 High Apache Tomcat Improper Access Control Vulnerability (CVE-2016-5388) CVE-2016-5388 CWE-284 CWE-284 High Apache Tomcat Improper Certificate Validation Vulnerability (CVE-2018-8034) CVE-2018-8034 CWE-295 CWE-295 High Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2022-45143) CVE-2022-45143 CWE-116 CWE-116 High Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2026-34483) CVE-2026-34483 CWE-116 CWE-116 High Apache Tomcat Improper Handling of Case Sensitivity Vulnerability (CVE-2025-46701) CVE-2025-46701 CWE-178 CWE-178 High Apache Tomcat Improper Handling of Case Sensitivity Vulnerability (CVE-2026-43513) CVE-2026-43513 CWE-178 CWE-178 High Apache Tomcat Improper Handling of Exceptional Conditions Vulnerability (CVE-2017-5664) CVE-2017-5664 CWE-755 CWE-755 High Apache Tomcat Improper Handling of Exceptional Conditions Vulnerability (CVE-2021-30639) CVE-2021-30639 CWE-755 CWE-755 High Apache Tomcat Improper Input Validation Vulnerability (CVE-2013-2185) CVE-2013-2185 CWE-20 CWE-20 High Apache Tomcat Improper Input Validation Vulnerability (CVE-2016-1240) CVE-2016-1240 CWE-20 CWE-20 High Apache Tomcat Improper Input Validation Vulnerability (CVE-2016-3092) CVE-2016-3092 CWE-20 CWE-20 High Apache Tomcat Improper Input Validation Vulnerability (CVE-2016-6816) CVE-2016-6816 CWE-20 CWE-20 High Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-7675) CVE-2017-7675 CWE-22 CWE-22 High Apache Tomcat Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-9774) CVE-2016-9774 CWE-59 CWE-59 High Apache Tomcat Improper Locking Vulnerability (CVE-2019-10072) CVE-2019-10072 CWE-667 CWE-667 High Apache Tomcat Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2019-0232) CVE-2019-0232 CWE-138 CWE-138 High Apache Tomcat Improper Resource Shutdown or Release Vulnerability (CVE-2017-5650) CVE-2017-5650 CWE-404 CWE-404 High Apache Tomcat Improper Resource Shutdown or Release Vulnerability (CVE-2022-25762) CVE-2022-25762 CWE-404 CWE-404 High Apache Tomcat Improper Resource Shutdown or Release Vulnerability (CVE-2025-48989) CVE-2025-48989 CWE-404 CWE-404 High Apache Tomcat Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2002-2272) CVE-2002-2272 CWE-119 CWE-119 High Apache Tomcat Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-6817) CVE-2016-6817 CWE-119 CWE-119 High Apache Tomcat Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2020-13934) CVE-2020-13934 CWE-119 CWE-119 High Apache Tomcat Incomplete Cleanup Vulnerability (CVE-2025-31650) CVE-2025-31650 CWE-459 CWE-459 High Apache Tomcat Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2022-42252) CVE-2022-42252 High Apache Tomcat Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-46589) CVE-2023-46589 High Apache Tomcat Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2026-24880) CVE-2026-24880 High Apache Tomcat Incorrect Authorization Vulnerability (CVE-2016-6797) CVE-2016-6797 CWE-863 CWE-863 High Apache Tomcat Incorrect Default Permissions Vulnerability (CVE-2020-8022) CVE-2020-8022 CWE-276 CWE-276 High Apache Tomcat Information Disclosure CVE-2017-7674 CVE-2017-12616 CWE-200 CWE-200 High Apache Tomcat insecure default administrative password CVE-2009-3548 CWE-798 CWE-798 High Apache Tomcat Insertion of Sensitive Information into Log File Vulnerability (CVE-2026-34487) CVE-2026-34487 CWE-532 CWE-532 High Apache Tomcat Insufficiently Protected Credentials Vulnerability (CVE-2019-12418) CVE-2019-12418 CWE-522 CWE-522 High Apache Tomcat Integer Overflow or Wraparound Vulnerability (CVE-2015-8751) CVE-2015-8751 CWE-190 CWE-190 High 12345...176 3 / 176
