Vulnerability Name CVE Severity
AngularJS client-side template injection
Apache Tomcat JK connector security bypass CVE-2007-1860
Clickjacking: CSP frame-ancestors missing
Clickjacking: X-Frame-Options header missing
Client SidePrototype pollution
Deserialization of Untrusted Data (.NET BinaryFormatter Object Deserialization)
Deserialization of Untrusted Data (Java JSON Deserialization) Fastjson
Deserialization of Untrusted Data (Java JSON Deserialization) Genson
Deserialization of Untrusted Data (Java JSON Deserialization) Jackson
Deserialization of Untrusted Data (Java JSON Deserialization) JsonIO
Deserialization of Untrusted Data (Java Object Deserialization)
Deserialization of Untrusted Data (XStream)
DotNetNuke multiple vulnerabilities CVE-2012-1030
Email Header Injection
Email injection
File tampering
File upload XSS
File upload XSS (Java applet)
Host header attack
Host header attack AcuMonitor
HTML Attribute Injection
HTML Form found in redirect page
HTML form susceptible to spam
HTML Injection
Http redirect security bypass
Insecure Flash embed parameter
Java Debug Wire Protocol remote code execution
Java object deserialization of user-supplied data
JIRA Security Advisory 2013-02-21
JSF ViewState client side storage
JSP authentication bypass
Login page password-guessing attack
MediaWiki chunked uploads security issue CVE-2013-2114
MongoDB injection
Multiple vulnerabilities reported in Parallels Plesk Sitebuilder
Partial user controllable script source
PHP curl_exec() url is controlled by user CVE-2009-0037
PHP mail function ASCII control character header spoofing vulnerability CVE-2002-0986
PHP object deserialization of user-supplied data
PHP preg_replace used on user input
PHP super-globals-overwrite
PHP unserialize() used on user input
Possible relative path overwrite
Prototype pollution
Python object deserialization of user-supplied data
Python pickle serialization
Rails mass assignment
Reflected file download
Ruby on Rails CookieStore session cookie persistence
Same origin method execution (SOME)
Server-side JavaScript injection
TCPDF arbitrary file read
Uncontrolled format string
Unprotected phpMyAdmin interface
Unrestricted file upload
Unrestricted file upload vulnerability in ofc_upload_image.php CVE-2009-4140
URL rewrite vulnerability
User-controlled form action
User controllable charset
VirtueMart access control bypass
webadmin.php script
WordPress MailPoet Newsletters (wysija-newsletters) unauthenticated file upload
WordPress plugin All in One SEO Pack privilege escalation vulnerabilities
WordPress plugin Custom Contact Forms critical vulnerability
WordPress plugin WPtouch insecure nonce generation
WordPress XML-RPC authentication brute force
XML entity injection
XML external entity injection
XML external entity injection (variant)
XML external entity injection and XML injection
XML external entity injection via external file
XML external entity injection via File Upload
XSLT injection