Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Arbitrary File Read Arbitrary File Write Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Path Traversal Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Apache 2.x version older than 2.2.10 CVE-2008-2939 CVE-2010-2791 CWE-79 CWE-79 Low Apache Axis2 web services enumeration CWE-200 CWE-200 Low Apache HTTP Server Improper Input Validation Vulnerability (CVE-2011-4415) CVE-2011-4415 CWE-20 CWE-20 Low Apache HTTP Server Improper Input Validation Vulnerability (CVE-2012-0021) CVE-2012-0021 CWE-20 CWE-20 Low Apache HTTP Server Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2001-0131) CVE-2001-0131 CWE-59 CWE-59 Low Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2003-1581) CVE-2003-1581 CWE-707 CWE-707 Low Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-6421) CVE-2007-6421 CWE-707 CWE-707 Low Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2687) CVE-2012-2687 CWE-707 CWE-707 Low Apache HTTP Server Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2008-0456) CVE-2008-0456 CWE-138 CWE-138 Low Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2009-3094) CVE-2009-3094 CWE-476 CWE-476 Low Apache HTTP Server Other Vulnerability (CVE-2002-1233) CVE-2002-1233 Low Apache HTTP Server Other Vulnerability (CVE-2004-1387) CVE-2004-1387 Low Apache HTTP Server Other Vulnerability (CVE-2004-1834) CVE-2004-1834 Low Apache HTTP Server Other Vulnerability (CVE-2007-1742) CVE-2007-1742 Low Apache HTTP Server Session Fixation Vulnerability (CVE-2001-1534) CVE-2001-1534 CWE-384 CWE-384 Low Apache mod_negotiation filename bruteforcing CWE-538 CWE-538 Low Apache Solr endpoint CWE-200 CWE-200 Low Apache stronghold-info enabled CWE-200 CWE-200 Low Apache stronghold-status enabled CWE-200 CWE-200 Low Apache Tomcat Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2021-43980) CVE-2021-43980 CWE-362 CWE-362 Low Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2005-3164) CVE-2005-3164 CWE-200 CWE-200 Low Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-4308) CVE-2008-4308 CWE-200 CWE-200 Low Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-5519) CVE-2008-5519 CWE-200 CWE-200 Low Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1157) CVE-2010-1157 CWE-200 CWE-200 Low Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-2204) CVE-2011-2204 CWE-200 CWE-200 Low Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2071) CVE-2013-2071 CWE-200 CWE-200 Low Apache Tomcat hello.jsp XSS CVE-2007-1355 CWE-79 CWE-79 Low Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2007-5461) CVE-2007-5461 CWE-22 CWE-22 Low Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-1358) CVE-2007-1358 CWE-707 CWE-707 Low Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-2450) CVE-2007-2450 CWE-707 CWE-707 Low Apache Tomcat Other Vulnerability (CVE-2007-1858) CVE-2007-1858 Low Apache Tomcat Other Vulnerability (CVE-2010-3718) CVE-2010-3718 Low Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0346) CVE-2013-0346 CWE-264 CWE-264 Low Apache Tomcat Resource Management Errors Vulnerability (CVE-2012-4534) CVE-2012-4534 Low Apache Tomcat version older than 6.0.6 CVE-2007-1358 CWE-79 CWE-79 Low Apache version up to 1.3.33 htpasswd local overflow CVE-2006-1078 CWE-119 CWE-119 Low Arbitrary File Read on Nuxt.js Development Server CWE-200 CWE-200 Low Artifactory Incorrect Default Permissions Vulnerability (CVE-2021-46270) CVE-2021-46270 CWE-276 CWE-276 Low ASP.NET debugging enabled CWE-11 CWE-11 Low ASP.NET error message CWE-12 CWE-12 Low ASP.NET path disclosure CWE-200 CWE-200 Low ASP.NET ViewStateUserKey Is Not Set CWE-642 CWE-642 Low Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-26071) CVE-2021-26071 CWE-352 CWE-352 Low Atlassian Jira CVE-2021-26076 Vulnerability (CVE-2021-26076) CVE-2021-26076 Low Atlassian Jira Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8481) CVE-2015-8481 CWE-200 CWE-200 Low Atlassian Jira Manage Filters information disclosure CWE-200 CWE-200 Low Atlassian Jira Other Vulnerability (CVE-2006-3338) CVE-2006-3338 Low ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-0971) CVE-2010-0971 CWE-707 CWE-707 Low ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2091) CVE-2014-2091 CWE-707 CWE-707 Low Broken Link Hijacking CWE-610 CWE-610 Low Caddy Web Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19148) CVE-2018-19148 CWE-200 CWE-200 Low Chamilo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-39061) CVE-2023-39061 CWE-352 CWE-352 Low Cherokee Cryptographic Issues Vulnerability (CVE-2011-2190) CVE-2011-2190 Low Claroline Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4753) CVE-2013-4753 CWE-707 CWE-707 Low Clickjacking: CSP frame-ancestors missing CWE-1021 CWE-1021 Low ColdFusion administrator login page publicly available CWE-200 CWE-200 Low ColdFusion path disclosures CWE-200 CWE-200 Low ColdFusion RDS Service enabled CWE-200 CWE-200 Low Composer installed.json publicly accessible CWE-200 CWE-200 Low concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3111) CVE-2021-3111 CWE-707 CWE-707 Low Cookies Not Marked as HttpOnly CWE-1004 CWE-1004 Low Cookies Not Marked as Secure CWE-614 CWE-614 Low Cookies with missing, inconsistent or contradictory properties CWE-284 CWE-284 Low Coppermine Cross-site Scripting (XSS) Vulnerability (CVE-2015-3921) CVE-2015-3921 Low Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1613) CVE-2012-1613 CWE-707 CWE-707 Low Cross site scripting (requiring unencoded quote) CWE-79 CWE-79 Low Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2513) CVE-2016-2513 CWE-200 CWE-200 Low Django Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0483) CVE-2014-0483 CWE-264 CWE-264 Low Documentation files CWE-538 CWE-538 Low Dotclear Other Vulnerability (CVE-2007-3688) CVE-2007-3688 Low Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-7903) CVE-2016-7903 CWE-264 CWE-264 Low Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-3972) CVE-2016-3972 CWE-22 CWE-22 Low Drupal Core Open Redirect CWE-601 CWE-601 Low Drupal Improper Access Control Vulnerability (CVE-2015-2559) CVE-2015-2559 CWE-284 CWE-284 Low Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-5621) CVE-2007-5621 CWE-707 CWE-707 Low 12345...11 1 / 11
