Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Api Bfla Api Bola Api Broken Auth Api Broken Object Prop Auth Api Dos Api Improper Inventory Management Api Misconfiguration Api Ssrf Arbitrary File Creation Arbitrary File Read Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities LLM Ldap Injection Llm Excessive Agency Llm Insecure Output Handling Llm Prompt Injection Llm Prompt Leakage Llm Sensitive Information Disclosure Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360) CVE-2023-26359 CVE-2023-26360 CWE-502 CWE-502 High ColdFusion directory traversal CVE-2010-2861 CWE-22 CWE-22 High ColdFusion FlashGateway Deserialization RCE CVE-2019-7091 CVE-2019-7091 CWE-502 CWE-502 High ColdFusion JNDI injection RCE CVE-2018-15957 CWE-502 CWE-502 High ColdFusion PMS Arbitrary File Read (CVE-2024-20767) CVE-2024-20767 CWE-284 CWE-284 High ColdFusion User-Agent cross-site scripting CVE-2007-0817 CWE-79 CWE-79 High Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4269) CVE-2010-4269 CWE-138 CWE-138 High Collabtive Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2015-0258) CVE-2015-0258 CWE-434 CWE-434 High concrete5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-4724) CVE-2015-4724 CWE-138 CWE-138 High concrete5 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-13790) CVE-2018-13790 CWE-918 CWE-918 High concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11476) CVE-2020-11476 CWE-434 CWE-434 High concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-24986) CVE-2020-24986 CWE-434 CWE-434 High Configuration file disclosure CWE-538 CWE-538 High Configuration file source code disclosure CWE-538 CWE-538 High Confluence Widget Connector SSTI CVE-2019-3396 CWE-22 CWE-22 High Consul API publicly exposed CWE-200 CWE-200 High Contao Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10642) CVE-2019-10642 CWE-352 CWE-352 High Contao Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-37626) CVE-2021-37626 CWE-94 CWE-94 High Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-10993) CVE-2017-10993 CWE-22 CWE-22 High Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-4383) CVE-2012-4383 CWE-138 CWE-138 High Contao Improper Privilege Management Vulnerability (CVE-2021-37627) CVE-2021-37627 CWE-269 CWE-269 High Contao Insufficient Session Expiration Vulnerability (CVE-2024-30262) CVE-2024-30262 CWE-613 CWE-613 High Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19745) CVE-2019-19745 CWE-434 CWE-434 High Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-45398) CVE-2024-45398 CWE-434 CWE-434 High Coppermine Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3481) CVE-2008-3481 CWE-94 CWE-94 High Coppermine Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-3486) CVE-2008-3486 CWE-22 CWE-22 High Coppermine Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-53868) CVE-2023-53868 CWE-434 CWE-434 High Core dump file CWE-200 CWE-200 High CouchDB REST API publicly accessible CWE-285 CWE-285 High Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-25497) CVE-2026-25497 CWE-639 CWE-639 High Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-28696) CVE-2026-28696 CWE-639 CWE-639 High Craft CMS CVE-2024-21622 Vulnerability (CVE-2024-21622) CVE-2024-21622 High Craft CMS Improper Authentication Vulnerability (CVE-2024-41800) CVE-2024-41800 CWE-287 CWE-287 High Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-30130) CVE-2023-30130 CWE-94 CWE-94 High Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-30179) CVE-2023-30179 CWE-94 CWE-94 High Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-23209) CVE-2025-23209 CWE-94 CWE-94 High Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-54417) CVE-2025-54417 CWE-94 CWE-94 High Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-31857) CVE-2026-31857 CWE-94 CWE-94 High Craft CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-52291) CVE-2024-52291 CWE-22 CWE-22 High Craft CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-52293) CVE-2024-52293 CWE-22 CWE-22 High Craft CMS Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-41824) CVE-2021-41824 CWE-1236 CWE-1236 High Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-9757) CVE-2020-9757 CWE-138 CWE-138 High Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-32679) CVE-2023-32679 CWE-138 CWE-138 High Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-36260) CVE-2023-36260 CWE-138 CWE-138 High Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-40035) CVE-2023-40035 CWE-138 CWE-138 High Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-25495) CVE-2026-25495 CWE-138 CWE-138 High Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-31858) CVE-2026-31858 CWE-138 CWE-138 High Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2025-46731) CVE-2025-46731 CWE-138 CWE-138 High Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2025-57811) CVE-2025-57811 CWE-138 CWE-138 High Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2025-68454) CVE-2025-68454 CWE-138 CWE-138 High Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28695) CVE-2026-28695 CWE-138 CWE-138 High Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28784) CVE-2026-28784 CWE-138 CWE-138 High Craft CMS Missing Encryption of Sensitive Data Vulnerability (CVE-2018-20465) CVE-2018-20465 CWE-311 CWE-311 High Craft CMS Missing Encryption of Sensitive Data Vulnerability (CVE-2022-37783) CVE-2022-37783 CWE-311 CWE-311 High Craft CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-3814) CVE-2018-3814 CWE-434 CWE-434 High Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2025-68455) CVE-2025-68455 CWE-470 CWE-470 High Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2026-25498) CVE-2026-25498 CWE-470 CWE-470 High Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2026-32263) CVE-2026-32263 CWE-470 CWE-470 High Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2026-32264) CVE-2026-32264 CWE-470 CWE-470 High Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2026-33157) CVE-2026-33157 CWE-470 CWE-470 High Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2022-29933) CVE-2022-29933 CWE-640 CWE-640 High CRMEB SQL Injection (CVE-2024-36837) CVE-2024-36837 CWE-89 CWE-89 High Cross-site Scripting CWE-79 CWE-79 High Cross-site Scripting (DOM based) CWE-79 CWE-79 High Cross-site Scripting via File Upload CWE-79 CWE-79 High Cross-site Scripting via Remote File Inclusion CWE-79 CWE-79 High Cross-site scripting vulnerability in Google Web Toolkit CVE-2012-4563 CWE-80 CWE-80 High Cross-site scripting vulnerability in Google Web Toolkit (CVE-2012-5920) CVE-2012-5920 CWE-80 CWE-80 High Cross site scripting (XSS) in ASP.NET via ResolveUrl CWE-79 CWE-79 High Cross site scripting in HTTP-01 ACME challenge implementation CWE-79 CWE-79 High Cross site scripting via Bootstrap CWE-79 CWE-79 High CubeCart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-38130) CVE-2023-38130 CWE-352 CWE-352 High CubeCart Improper Input Validation Vulnerability (CVE-2013-1465) CVE-2013-1465 CWE-20 CWE-20 High CubeCart Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2023-47675) CVE-2023-47675 CWE-138 CWE-138 High CubeCart Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2026-21719) CVE-2026-21719 CWE-138 CWE-138 High 1...78910...176 8 / 176
