Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Api Bfla Api Bola Api Broken Auth Api Broken Object Prop Auth Api Dos Api Improper Inventory Management Api Misconfiguration Api Ssrf Arbitrary File Creation Arbitrary File Read Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities LLM Ldap Injection Llm Excessive Agency Llm Insecure Output Handling Llm Prompt Injection Llm Prompt Leakage Llm Sensitive Information Disclosure Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Drupal Improper Access Control Vulnerability (CVE-2015-2559) CVE-2015-2559 CWE-284 CWE-284 Low Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-5621) CVE-2007-5621 CWE-707 CWE-707 Low Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0274) CVE-2008-0274 CWE-707 CWE-707 Low Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-1131) CVE-2008-1131 CWE-707 CWE-707 Low Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-3741) CVE-2008-3741 CWE-707 CWE-707 Low Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6170) CVE-2008-6170 CWE-707 CWE-707 Low Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-1844) CVE-2009-1844 CWE-707 CWE-707 Low Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-3156) CVE-2009-3156 CWE-707 CWE-707 Low Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-4369) CVE-2009-4369 CWE-707 CWE-707 Low Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-4370) CVE-2009-4370 CWE-707 CWE-707 Low Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-4371) CVE-2009-4371 CWE-707 CWE-707 Low Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-3094) CVE-2010-3094 CWE-707 CWE-707 Low Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0244) CVE-2013-0244 CWE-707 CWE-707 Low Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-6387) CVE-2013-6387 CWE-707 CWE-707 Low Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5021) CVE-2014-5021 CWE-707 CWE-707 Low Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-24728) CVE-2022-24728 CWE-707 CWE-707 Low Drupal Other Vulnerability (CVE-2006-2832) CVE-2006-2832 Low Drupal Other Vulnerability (CVE-2006-2833) CVE-2006-2833 Low Drupal Other Vulnerability (CVE-2006-5477) CVE-2006-5477 Low Drupal Other Vulnerability (CVE-2007-0124) CVE-2007-0124 Low Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3093) CVE-2010-3093 CWE-264 CWE-264 Low Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-0827) CVE-2012-0827 CWE-264 CWE-264 Low Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0245) CVE-2013-0245 CWE-264 CWE-264 Low Drupal Resource Management Errors Vulnerability (CVE-2012-1588) CVE-2012-1588 Low Drupal Use of Web Browser Cache Containing Sensitive Information Vulnerability (CVE-2025-13083) CVE-2025-13083 CWE-525 CWE-525 Low e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-0997) CVE-2010-0997 CWE-707 CWE-707 Low Ember.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-0046) CVE-2014-0046 CWE-707 CWE-707 Low Envoy Metadata disclosure CWE-200 CWE-200 Low Envoy Proxy Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-11767) CVE-2020-11767 CWE-200 CWE-200 Low Error page path disclosure CWE-200 CWE-200 Low EspoCRM Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-32789) CVE-2025-32789 CWE-200 CWE-200 Low EspoCRM Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2026-33659) CVE-2026-33659 CWE-367 CWE-367 Low F5 BIG-IP Cookie Information Disclosure CWE-200 CWE-200 Low FrontPage Identified CWE-200 CWE-200 Low GibbonEdu Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-51337) CVE-2024-51337 CWE-707 CWE-707 Low Gitlab user disclosure CWE-200 CWE-200 Low GlassFish CVE-2010-2397 Vulnerability (CVE-2010-2397) CVE-2010-2397 Low GlassFish CVE-2012-0081 Vulnerability (CVE-2012-0081) CVE-2012-0081 Low GlassFish CVE-2017-3626 Vulnerability (CVE-2017-3626) CVE-2017-3626 Low GlassFish Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3239) CVE-2017-3239 CWE-200 CWE-200 Low Grafana Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-10452) CVE-2024-10452 CWE-639 CWE-639 Low Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-39324) CVE-2022-39324 CWE-707 CWE-707 Low Grafana Improper Preservation of Permissions Vulnerability (CVE-2022-36062) CVE-2022-36062 CWE-281 CWE-281 Low Grafana Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2026-21727) CVE-2026-21727 CWE-732 CWE-732 Low Grafana Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2026-21725) CVE-2026-21725 CWE-367 CWE-367 Low H2 console publicly accessible CWE-287 CWE-287 Low Hiawatha CVE-2025-57784 Vulnerability (CVE-2025-57784) CVE-2025-57784 Low HTML Attribute Injection CWE-80 CWE-80 Low HTML Form found in redirect page CWE-287 CWE-287 Low IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3050) CVE-2014-3050 CWE-200 CWE-200 Low IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-4962) CVE-2015-4962 CWE-200 CWE-200 Low IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-7449) CVE-2015-7449 CWE-200 CWE-200 Low IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0372) CVE-2016-0372 CWE-200 CWE-200 Low IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2947) CVE-2016-2947 CWE-200 CWE-200 Low IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1029) CVE-2011-1029 CWE-707 CWE-707 Low IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-5404) CVE-2013-5404 CWE-707 CWE-707 Low IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-0122) CVE-2015-0122 CWE-707 CWE-707 Low IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-0123) CVE-2015-0123 CWE-707 CWE-707 Low IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-0130) CVE-2015-0130 CWE-707 CWE-707 Low IBM RTC Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-4946) CVE-2015-4946 CWE-264 CWE-264 Low IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3045) CVE-2016-3045 CWE-200 CWE-200 Low IBM WebSEAL Improper Certificate Validation Vulnerability (CVE-2019-4150) CVE-2019-4150 CWE-295 CWE-295 Low IBM WebSEAL Session Fixation Vulnerability (CVE-2018-1804) CVE-2018-1804 CWE-384 CWE-384 Low IIS Path disclosure CWE-200 CWE-200 Low Insecure Frame (External) CWE-829 CWE-829 Low Insecure transition from HTTPS to HTTP in form post CWE-200 CWE-200 Low Insecure Transportation Security Protocol Supported (TLS 1.1) CWE-326 CWE-326 Low Internet Information Server returns IP address in HTTP header (Content-Location) CWE-200 CWE-200 Low Internet Information Services Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-1999-0861) CVE-1999-0861 CWE-362 CWE-362 Low Internet Information Services Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2000-0649) CVE-2000-0649 CWE-200 CWE-200 Low Internet Information Services Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2002-0422) CVE-2002-0422 CWE-200 CWE-200 Low Internet Information Services Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2003-1582) CVE-2003-1582 CWE-707 CWE-707 Low Internet Information Services Other Vulnerability (CVE-1999-1538) CVE-1999-1538 Low Internet Information Services Other Vulnerability (CVE-2000-0167) CVE-2000-0167 Low Internet Information Services Other Vulnerability (CVE-2001-0544) CVE-2001-0544 Low 12345...12 2 / 12
