Vulnerability Name CVE Severity
AngularJS client-side template injection
Apache Tomcat JK connector security bypass CVE-2007-1860
Authentication bypass via MongoDB operator injection
Clickjacking: CSP frame-ancestors missing
Clickjacking: X-Frame-Options header
Client-Side Prototype Pollution
Deserialization of Untrusted Data (.NET BinaryFormatter Object Deserialization)
Deserialization of Untrusted Data (Java JSON Deserialization) Fastjson
Deserialization of Untrusted Data (Java JSON Deserialization) Genson
Deserialization of Untrusted Data (Java JSON Deserialization) Jackson
Deserialization of Untrusted Data (Java JSON Deserialization) JsonIO
Deserialization of Untrusted Data (Java Object Deserialization)
Deserialization of Untrusted Data (XStream)
DotNetNuke multiple vulnerabilities CVE-2012-1030
Email Header Injection
Email Header Injection (AcuSensor)
Email injection
File tampering
File upload XSS
File upload XSS (Java applet)
Host header attack
HTML Attribute Injection
HTML Form found in redirect page
HTML form susceptible to spam
HTML Injection
Http redirect security bypass
Insecure usage of Version 1 UUID/GUID
Java Debug Wire Protocol remote code execution
Java object deserialization of user-supplied data
JIRA Security Advisory 2013-02-21
JSF ViewState client side storage
JSP authentication bypass
MediaWiki chunked uploads security issue CVE-2013-2114
MongoDB $where operator JavaScript injection
MongoDB injection
Multiple vulnerabilities reported in Parallels Plesk Sitebuilder
node-serialize Insecure Deserialization CVE-2017-5941
PHP curl_exec() url is controlled by user CVE-2009-0037
PHP mail function ASCII control character header spoofing vulnerability CVE-2002-0986
PHP object deserialization of user-supplied data
PHP preg_replace used on user input
PHP super-globals-overwrite
PHP unserialize() used on user input
Prototype pollution
Python object deserialization of user-supplied data
Python pickle serialization
Rails mass assignment
Ruby on Rails CookieStore session cookie persistence
Same origin method execution (SOME)
Server-side JavaScript injection
TCPDF arbitrary file read
Uncontrolled format string
Unprotected phpMyAdmin interface
Unrestricted file upload
Unrestricted file upload vulnerability in ofc_upload_image.php CVE-2009-4140
Unsafe use of Reflection
URL rewrite vulnerability
User-controlled form action
User controllable charset
VirtueMart access control bypass
webadmin.php script
WordPress MailPoet Newsletters (wysija-newsletters) unauthenticated file upload
WordPress plugin All in One SEO Pack privilege escalation vulnerabilities
WordPress plugin Custom Contact Forms critical vulnerability
WordPress plugin WPtouch insecure nonce generation
WordPress XML-RPC authentication brute force
XML entity injection
XML external entity injection
XML external entity injection (variant)
XML external entity injection and XML injection
XML external entity injection via external file
XML external entity injection via File Upload
XSLT injection