Vulnerability Name CVE Severity
Atlassian OAuth Plugin IconUriServlet SSRF CVE-2017-9506
ATutor Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-1583) CVE-2015-1583
ATutor Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-2539) CVE-2016-2539
ATutor Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-10400) CVE-2016-10400
ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-11446) CVE-2019-11446
ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-12169) CVE-2019-12169
ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-12170) CVE-2019-12170
ATutor Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2021-43498) CVE-2021-43498
Authentication bypass via MongoDB operator injection
Auxiliary systems SSRF
axios Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-1214) CVE-2022-1214
axios Improper Input Validation Vulnerability (CVE-2019-10742) CVE-2019-10742
axios Uncontrolled Resource Consumption Vulnerability (CVE-2021-3749) CVE-2021-3749
b2evolution Credentials Management Errors Vulnerability (CVE-2016-9479) CVE-2016-9479
b2evolution Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-5480) CVE-2017-5480
b2evolution Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2021-28242) CVE-2021-28242
b2evolution Other Vulnerability (CVE-2006-6417) CVE-2006-6417
b2evolution Other Vulnerability (CVE-2007-2358) CVE-2007-2358
b2evolution Other Vulnerability (CVE-2007-2681) CVE-2007-2681
Barracuda networks products multiple directory traversal vulnerabilities
Bazaar repository found
Beego Framework Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2021-27116) CVE-2021-27116
Beego Framework Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2021-27117) CVE-2021-27117
BigIP iRule Tcl code injection
BillQuick Web Suite SQL injection (CVE-2021-42258) CVE-2021-42258
Blind XSS
Bonita Authorization Bypass (CVE-2022-25237) CVE-2022-25237
BottlePy weak secret key
BuddyPress REST API Privilege Escalation CVE-2021-21389
Caddy Web Server Out-of-bounds Read Vulnerability (CVE-2022-34037) CVE-2022-34037
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability CVE-2010-4335
CakePHP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-8379) CVE-2015-8379
CakePHP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-35239) CVE-2020-35239
CakePHP Deserialization of Untrusted Data Vulnerability (CVE-2019-11458) CVE-2019-11458
CakePHP Improper Input Validation Vulnerability (CVE-2010-4335) CVE-2010-4335
CakePHP Improper Input Validation Vulnerability (CVE-2016-4793) CVE-2016-4793
Case-Insensitive Routing Bypass in Express.js Application
Certificate is Signed Using a Weak Signature Algorithm
Chamilo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-23127) CVE-2020-23127
Chamilo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-40662) CVE-2021-40662
Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-27427) CVE-2022-27427
Chamilo Improper Input Validation Vulnerability (CVE-2012-4030) CVE-2012-4030
Chamilo Improper Input Validation Vulnerability (CVE-2021-31933) CVE-2021-31933
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35413) CVE-2021-35413
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-20329) CVE-2018-20329
Chamilo Improper Privilege Management Vulnerability (CVE-2022-27421) CVE-2022-27421
Chamilo Other Vulnerability (CVE-2023-34962) CVE-2023-34962
Chamilo Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-27426) CVE-2022-27426
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-40407) CVE-2022-40407
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-42029) CVE-2022-42029
Chart.js Improper Input Validation Vulnerability (CVE-2020-7746) CVE-2020-7746
Check for apache versions up to 1.3.25, 2.0.38 CVE-2002-0392
Cherokee Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-20798) CVE-2019-20798
Cherokee Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-20799) CVE-2019-20799
Cherokee NULL Pointer Dereference Vulnerability (CVE-2020-12845) CVE-2020-12845
CherryPy Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-0252) CVE-2008-0252
Cisco Adaptive Security Appliance (ASA) Path Traversal (CVE-2018-0296) CVE-2018-0296
Cisco Adaptive Security Appliance (ASA) Path Traversal CVE-2020-3452
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability CVE-2018-15440
Citrix ADC/Gateway Unauthenticated Remote Code Execution CVE-2019-19781
Citrix Gateway Open Redirect and XSS
Citrix XenMobile Server Path Traversal CVE-2020-8209
CKEditor 4.0.1 cross-site scripting vulnerability
CKEditor Other Vulnerability (CVE-2022-24729) CVE-2022-24729
Claroline Other Vulnerability (CVE-2005-1375) CVE-2005-1375
Claroline Other Vulnerability (CVE-2005-1376) CVE-2005-1376
Claroline Other Vulnerability (CVE-2005-1377) CVE-2005-1377
Claroline Other Vulnerability (CVE-2006-1594) CVE-2006-1594
Claroline Other Vulnerability (CVE-2006-1596) CVE-2006-1596
Claroline Other Vulnerability (CVE-2006-5256) CVE-2006-5256
Claroline Other Vulnerability (CVE-2006-7048) CVE-2006-7048
Client-Side Prototype Pollution
Client Side Template Injection
ClipBucket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-5849) CVE-2012-5849
ClipBucket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-6643) CVE-2012-6643