Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Citrix Gateway Open Redirect And XSS Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity AngularJS client-side template injection CWE-79 CWE-79 High Apache Tomcat JK connector security bypass CVE-2007-1860 CWE-200 CWE-200 High Authentication bypass via MongoDB operator injection CWE-943 CWE-943 High Client-Side Prototype Pollution High Cross-site Scripting via File Upload CWE-79 CWE-79 High Database User Has Admin Privileges CWE-267 CWE-267 High Deserialization of Untrusted Data (.NET BinaryFormatter Object Deserialization) CWE-502 CWE-502 High Deserialization of Untrusted Data (Java JSON Deserialization) Fastjson CWE-502 CWE-502 High Deserialization of Untrusted Data (Java JSON Deserialization) Genson CWE-502 CWE-502 High Deserialization of Untrusted Data (Java JSON Deserialization) Jackson CWE-502 CWE-502 High Deserialization of Untrusted Data (Java JSON Deserialization) JsonIO CWE-502 CWE-502 High Deserialization of Untrusted Data (Java Object Deserialization) CWE-502 CWE-502 High Deserialization of Untrusted Data (XStream) CWE-502 CWE-502 High DotNetNuke multiple vulnerabilities CVE-2012-1030 CWE-79 CWE-79 High Email Header Injection CWE-20 CWE-20 High Email Header Injection (AcuSensor) CWE-20 CWE-20 High Email injection CWE-20 CWE-20 High File upload XSS (Java applet) CWE-79 CWE-79 High Http redirect security bypass CWE-20 CWE-20 High Java Debug Wire Protocol remote code execution CWE-94 CWE-94 High JIRA Security Advisory 2013-02-21 CWE-22 CWE-22 High JSP authentication bypass CWE-287 CWE-287 High MediaWiki chunked uploads security issue CVE-2013-2114 CWE-434 CWE-434 High MongoDB $where operator JavaScript injection CWE-943 CWE-943 High MongoDB injection CWE-943 CWE-943 High Multiple vulnerabilities reported in Parallels Plesk Sitebuilder CWE-94 CWE-94 High node-serialize Insecure Deserialization CVE-2017-5941 CWE-502 CWE-502 High Prototype pollution High Python pickle serialization CWE-502 CWE-502 High Rails mass assignment CWE-915 CWE-915 High Server-side JavaScript injection CWE-20 CWE-20 High TCPDF arbitrary file read CWE-98 CWE-98 High Uncontrolled format string CWE-134 CWE-134 High Unprotected phpMyAdmin interface CWE-205 CWE-205 High Unrestricted access to Haproxy Data Plane API CWE-200 CWE-200 High Unrestricted file upload vulnerability in ofc_upload_image.php CVE-2009-4140 CWE-434 CWE-434 High Unsafe use of Reflection CWE-470 CWE-470 High VirtueMart access control bypass CWE-287 CWE-287 High webadmin.php script CWE-552 CWE-552 High Web Cache Deception High WordPress MailPoet Newsletters (wysija-newsletters) unauthenticated file upload CWE-434 CWE-434 High WordPress plugin All in One SEO Pack privilege escalation vulnerabilities CWE-269 CWE-269 High WordPress plugin Custom Contact Forms critical vulnerability CWE-287 CWE-287 High WordPress plugin WPtouch insecure nonce generation CWE-287 CWE-287 High XSLT injection CWE-91 CWE-91 High