Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Arbitrary File Read Arbitrary File Write Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Path Traversal Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity File tampering CWE-20 CWE-20 Medium Host header attack CWE-20 CWE-20 Medium HTML form susceptible to spam CWE-20 CWE-20 Medium HTML Injection CWE-80 CWE-80 Medium Insecure usage of Version 1 UUID/GUID CWE-328 CWE-328 Medium Java object deserialization of user-supplied data CWE-20 CWE-20 Medium JSF ViewState client side storage CWE-693 CWE-693 Medium Oracle E-Business Suite Frame Injection (CVE-2017-3528) CVE-2017-3528 CWE-601 CWE-601 Medium PHP curl_exec() url is controlled by user CVE-2009-0037 CWE-352 CWE-352 Medium PHP mail function ASCII control character header spoofing vulnerability CVE-2002-0986 CWE-20 CWE-20 Medium PHP object deserialization of user-supplied data CWE-20 CWE-20 Medium PHP preg_replace used on user input CWE-20 CWE-20 Medium PHP super-globals-overwrite CWE-1108 CWE-1108 Medium PHP unserialize() used on user input CWE-20 CWE-20 Medium Python object deserialization of user-supplied data CWE-20 CWE-20 Medium Same origin method execution (SOME) CWE-20 CWE-20 Medium URL rewrite vulnerability CVE-2018-14773 CWE-436 CWE-436 Medium User-controlled form action CWE-20 CWE-20 Medium User controllable charset CWE-20 CWE-20 Medium WordPress XML-RPC authentication brute force CWE-521 CWE-521 Medium
