Severity High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Stack Trace Disclosure (Ruby) CWE-209 CWE-209 Low Stack Trace Disclosure (Tomcat) CWE-209 CWE-209 Low Symfony debug mode enabled CWE-200 CWE-200 Low Symfony ESI (Edge-Side Includes) enabled CWE-16 CWE-16 Low TLS/SSL certificate about to expire CWE-298 CWE-298 Low Tomcat status page CWE-200 CWE-200 Low TRACE method is enabled CWE-489 CWE-489 Low TRACK method is enabled CWE-489 CWE-489 Low Typo3 debug mode enabled CWE-200 CWE-200 Low Typo3 sensitive files CWE-200 CWE-200 Low Unfiltered header injection in Apache 1.3.34/2.0.57/2.2.1 CVE-2006-3918 CWE-79 CWE-79 Low Unrestricted access to a monitoring system CWE-200 CWE-200 Low Unrestricted access to ImageResizer Diagnotics plugin CWE-200 CWE-200 Low Unrestricted access to NGINX+ Status module CWE-200 CWE-200 Low Unrestricted access to Prometheus CWE-200 CWE-200 Low Unrestricted access to Prometheus Metrics CWE-200 CWE-200 Low Vulnerable package dependencies [low] CWE-1104 CWE-1104 Low WebDAV enabled CWE-16 CWE-16 Low Web Server Cache Poisoning (CMS Made Simple) v1.x CVE-2016-2784 CWE-20 CWE-20 Low Whoops error handler component detected CWE-200 CWE-200 Low WordPress admin accessible without HTTP authentication CWE-16 CWE-16 Low WordPress default administrator account CWE-16 CWE-16 Low WordPress full path disclosure CWE-200 CWE-200 Low WordPress REST API User Enumeration CWE-200 CWE-200 Low 12 2 / 2