Vulnerability Name CVE Severity
Spring Boot Misconfiguration: MongoDB credentials stored in the properties file
Spring Boot Misconfiguration: Overly long session timeout
Spring Boot Misconfiguration: Unsafe value for session tracking
Spring Misconfiguration: HTML Escaping disabled
SQLite database found
Struts 2 Config Browser plugin enabled
Symfony debug mode enabled (AcuSensor)
Symfony Profiler open
Symfony running in dev mode
Symfony web debug toolbar
Test CGI script leaking environment variables
The FREAK attack CVE-2015-0204
The POODLE attack (SSLv3 with CBC cipher suites) CVE-2014-3566
TLS/SSL certificate key size too small
TLS/SSL LOGJAM attack CVE-2015-4000
TLS/SSL Sweet32 attack CVE-2016-2183 CVE-2016-6329
TLS/SSL Weak Cipher Suites
TLS 1.1 enabled
Tornado debug mode
Tornado weak secret key
Tracy debugging tool enabled
Typo3 Install Tool publicly accessible
Unauthorized Access to a web app installer
Unencrypted connection
Unencrypted __VIEWSTATE parameter
Unicode transformation issues
Unprotected Apache NiFi API interface
Unprotected JSON file leaking secrets
Unprotected Kong Gateway Admin API interface
Unrestricted access to NGINX+ API interface (read only)
Unrestricted access to NGINX+ Dashboard
Unrestricted access to NGINX+ Upstream HTTP interface
Unsafe value for session tracking in in servlet configuration
URL redirection
URL redirection (Web Server)
URL rewrite vulnerability
User-controlled form action
User controllable charset
User controllable tag parameter
User credentials are sent in clear text
Verb tampering via misconfigured security constraint
Virtual host directory listing
Vulnerable JavaScript libraries
Vulnerable package dependencies [medium]
W3 total cache debug mode
Web2py weak secret key
Webalizer script
Web Cache Poisoning DoS
Web Cache Poisoning DoS (for javascript)
Web Cache Poisoning DoS through HTTP/2 headers
WebDAV directory listing
WebPageTest Unauthorized Access Vulnerability
WordPress allows editing theme/plugin files
WordPress configuration file weak file permissions
WordPress database credentials disclosure
WordPress pingback scanner CVE-2013-0235
WordPress username enumeration
WordPress XML-RPC authentication brute force
WS_FTP log file found
XSS on Apache HTTP Server 413 error pages via malformed HTTP method CVE-2007-6203
Yii2 debug toolkit
Yii2 Gii extension
Yii2 weak secret key
Yii debug mode enabled
Yii running in dev mode
Zabbix Guest Access