Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Citrix Gateway Open Redirect And XSS Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity .htaccess File Detected CWE-443 CWE-443 Informational Access-Control-Allow-Origin header with wildcard (*) value CWE-284 CWE-284 Informational Active Mixed Content over HTTPS CWE-284 CWE-284 Medium Adobe ColdFusion 9 administrative login bypass CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 CVE-2013-0632 CWE-287 CWE-287 High Adobe Experience Manager Information Disclosure via Apache Sling v2.3.6 vulnerability CVE-2016-0956 CWE-668 CWE-668 Medium Adobe Experience Manager Misconfiguration CVE-2016-0957 CWE-693 CWE-693 High Apache Airflow Experimental API Auth Bypass CVE-2020-13927 CVE-2020-13927 CWE-200 CWE-200 High Apache Axis2 administration console weak password CWE-200 CWE-200 High Apache Cassandra Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Apache configured to run as proxy CWE-441 CWE-441 Medium Apache Geronimo default administrative credentials CWE-693 CWE-693 High Apache JServ protocol service CWE-200 CWE-200 Medium Apache Kafka Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Apache mod_negotiation filename bruteforcing CWE-538 CWE-538 Low Apache perl-status enabled CWE-200 CWE-200 Medium Apache Proxy HTTP CONNECT method enabled CWE-441 CWE-441 Medium Apache REST RCE CVE-2018-11770 CWE-94 CWE-94 High Apache Roller OGNL injection CVE-2013-4212 CWE-20 CWE-20 High Apache Server-Info Detected CWE-200 CWE-200 Medium Apache Server-Status Detected CWE-200 CWE-200 Medium Apache Solr endpoint CWE-200 CWE-200 Low Apache solr service exposed CWE-200 CWE-200 High Apache Spark Master Unauthorized Access Vulnerability CWE-200 CWE-200 High Apache Spark Web UI Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Apache stronghold-info enabled CWE-200 CWE-200 Low Apache stronghold-status enabled CWE-200 CWE-200 Low Apache Tapestry weak secret key CWE-693 CWE-693 High Apache Tomcat examples directory vulnerabilities CWE-264 CWE-264 Medium Apache Tomcat insecure default administrative password CWE-284 CWE-284 High Apache Tomcat version older than 6.0.35 CVE-2011-3190 CVE-2011-3375 CVE-2012-0022 CWE-264 CWE-264 High Apache Tomcat version older than 6.0.36 CVE-2012-2733 CVE-2012-3439 CVE-2012-3546 CVE-2012-4431 CVE-2012-4534 CWE-20 CWE-20 High Apache Tomcat version older than 7.0.21 CVE-2011-3190 CWE-264 CWE-264 High Apache Tomcat version older than 7.0.23 CVE-2012-0022 CWE-189 CWE-189 High Apache Tomcat version older than 7.0.28 CVE-2012-2733 CVE-2012-4534 CWE-20 CWE-20 High Apache Tomcat version older than 7.0.30 CVE-2012-3439 CVE-2012-3544 CVE-2012-3546 CWE-20 CWE-20 High Apache Tomcat version older than 7.0.32 CVE-2012-4431 CWE-264 CWE-264 Medium Apache ZooKeeper Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Application is Vulnerable to the JWT Alg None Attack CWE-345 CWE-345 High Arbitrary File Read on Nuxt.js Development Server CWE-200 CWE-200 Low ASP.NET: Failure To Require SSL For Authentication Cookies CWE-319 CWE-319 Medium ASP.NET application-level tracing enabled CWE-215 CWE-215 Medium ASP.NET ASPX debugging enabled CWE-11 CWE-11 Medium ASP.NET connection strings stored in plaintext CWE-16 CWE-16 High ASP.NET cookieless authentication enabled CWE-598 CWE-598 Medium ASP.NET Cookieless session state enabled CWE-598 CWE-598 Medium ASP.NET cookies accessible from client-side scripts CWE-1004 CWE-1004 Medium ASP.NET Core Development Mode enabled CWE-200 CWE-200 Medium ASP.NET CustomErrors Is Disabled CWE-12 CWE-12 Medium ASP.NET debugging enabled CWE-11 CWE-11 Low ASP.NET Deny missing from authorization rule on location CWE-16 CWE-16 Medium ASP.NET diagnostic page CWE-200 CWE-200 Medium ASP.NET error message CWE-12 CWE-12 Medium ASP.NET event validation disabled CWE-16 CWE-16 Medium ASP.NET expired session IDs are not regenerated CWE-16 CWE-16 Medium ASP.NET forms authentication using inadequate protection CWE-16 CWE-16 Medium ASP.NET header checking is disabled in web.config CWE-16 CWE-16 Medium ASP.NET login credentials stored in plain text CWE-256 CWE-256 Medium ASP.NET potential HTTP Verb Tampering CWE-16 CWE-16 Medium ASP.NET ValidateRequest Is Globally Disabled CWE-707 CWE-707 Medium ASP.NET viewstate encryption disabled CWE-16 CWE-16 Medium ASP.NET ViewStateUserKey Is Not Set CWE-642 CWE-642 Low ASP.NET WCF metadata enabled for behavior CWE-16 CWE-16 Medium ASP.NET WCF replay attacks are not detected CWE-16 CWE-16 Medium ASP.NET WCF service include exception details CWE-16 CWE-16 Medium Atlassian Jira insecure REST permissions High Atlassian JIRA Servicedesk misconfiguration CWE-287 CWE-287 Medium Axis development mode enabled in WEB-INF/server-config.wsdd CWE-16 CWE-16 Medium Axis system configuration listing enabled in WEB-INF/server-config.wsdd CWE-16 CWE-16 Medium BottlePy weak secret key CWE-693 CWE-693 High Broken Link Hijacking CWE-610 CWE-610 Low Case-Insensitive Routing Bypass in Express.js Application CWE-287 CWE-287 High Chrome Logger information disclosure CWE-200 CWE-200 Medium Clickjacking: CSP frame-ancestors missing CWE-1021 CWE-1021 Low CodeIgniter development mode enabled CWE-16 CWE-16 Medium CodeIgniter session decoding vulnerability CWE-327 CWE-327 High CodeIgniter weak encryption key CWE-200 CWE-200 High ColdFusion administrator login page publicly available CWE-200 CWE-200 Low ColdFusion RDS Service enabled CWE-200 CWE-200 Low Consul API publicly exposed CWE-200 CWE-200 High Content Security Policy (CSP) Not Implemented CWE-1021 CWE-1021 Informational Content Security Policy Misconfiguration CWE-16 CWE-16 Informational Cookie signed with weak secret key CWE-693 CWE-693 Medium Cookies Not Marked as HttpOnly CWE-1004 CWE-1004 Low Cookies Not Marked as Secure CWE-614 CWE-614 Low Cookies with missing, inconsistent or contradictory properties CWE-284 CWE-284 Low Cookies with Secure flag set over insecure connection CWE-16 CWE-16 Informational Core dump file CWE-200 CWE-200 High CouchDB REST API publicly accessible CWE-285 CWE-285 High CRIME SSL/TLS attack CVE-2012-4929 CWE-310 CWE-310 Medium Custom Error Pages Are Not Configured in WEB-INF/web.xml CWE-16 CWE-16 Medium Delve Debugger Unauthorized Access Vulnerability CWE-200 CWE-200 High Devise weak password CWE-200 CWE-200 High Directory listings CWE-538 CWE-538 Medium Django Debug Toolbar CWE-200 CWE-200 Medium Django weak secret key CWE-693 CWE-693 Medium Docker Engine API is accessible without authentication CWE-287 CWE-287 High Docker Registry API is accessible without authentication CWE-287 CWE-287 High Drupal configuration file weak file permissions CWE-16 CWE-16 Medium Drupal trusted_host_patterns setting not configured CWE-16 CWE-16 Medium Elasticsearch service accessible CWE-200 CWE-200 High Elmah.axd / Errorlog.axd Detected CWE-209 CWE-209 High Error page path disclosure CWE-200 CWE-200 Low Error page web server version disclosure CWE-200 CWE-200 Informational Express cookie-session weak secret key CWE-693 CWE-693 Medium Express express-session weak secret key CWE-693 CWE-693 Informational Express running in development mode CWE-200 CWE-200 Medium File Upload Functionality Detected CWE-16 CWE-16 Informational Firebase database accessible without authentication CWE-200 CWE-200 Medium Flask weak secret key CWE-693 CWE-693 Medium Frontpage authors.pwd available CWE-538 CWE-538 Medium FrontPage Identified CWE-16 CWE-16 Low Gitlab open user registration CWE-200 CWE-200 Medium Gitlab user disclosure CWE-200 CWE-200 Low GlassFish admin console weak credentials CWE-693 CWE-693 High GoCD information disclosure (CVE-2021-43287) CVE-2021-43287 CWE-200 CWE-200 High Go web application binary disclosure CWE-540 CWE-540 Medium Grails database console CWE-200 CWE-200 Medium GraphiQL Explorer/Playground Enabled CWE-200 CWE-200 Medium GraphQL Alias Overloading Allowed: Potential Denial of Service Vulnerability CWE-400 CWE-400 Medium GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability CWE-770 CWE-770 Medium GraphQL Circular-Query via Introspection Allowed: Potential DoS Vulnerability CWE-400 CWE-400 Medium GraphQL Field Suggestions Enabled CWE-200 CWE-200 Medium GraphQL Introspection Query Enabled CWE-200 CWE-200 Medium GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Unauthenticated Mutation Detected CWE-306 CWE-306 Medium GraphQL Unhandled Error Leakage CWE-209 CWE-209 Medium H2 console publicly accessible CWE-287 CWE-287 Low Hadoop cluster web interface CWE-200 CWE-200 Medium Hadoop YARN ResourceManager publicly accessible CWE-200 CWE-200 High Hostile subdomain takeover CWE-16 CWE-16 Medium HTTP header reflected in cached response CWE-16 CWE-16 Medium Httpoxy vulnerability CWE-16 CWE-16 Medium HTTP Strict Transport Security (HSTS) Errors and Warnings CWE-16 CWE-16 Informational HTTP Strict Transport Security (HSTS) Policy Not Enabled CWE-16 CWE-16 Medium HTTP verb tampering via POST CWE-285 CWE-285 High IBM WebSphere administration console weak password CWE-200 CWE-200 High IIS extended unicode directory traversal vulnerability CVE-2000-0884 CWE-22 CWE-22 High InfluxDB Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Insecure crossdomain.xml policy CWE-284 CWE-284 Medium Insecure Referrer Policy CWE-16 CWE-16 Informational Insecure Transportation Security Protocol Supported (SSLv2) CWE-326 CWE-326 High Insecure Transportation Security Protocol Supported (SSLv3) CWE-326 CWE-326 High Insecure Transportation Security Protocol Supported (TLS 1.0) CWE-326 CWE-326 High Insecure Transportation Security Protocol Supported (TLS 1.1) CWE-326 CWE-326 Medium Internet Information Server returns IP address in HTTP header (Content-Location) CWE-200 CWE-200 Low Invalid SSL Certificate CWE-298 CWE-298 Medium JAAS authentication bypass CWE-693 CWE-693 High Java Debug Wire Protocol remote code execution CWE-94 CWE-94 High Java Management Extensions (JMX/RMI) service detected CWE-200 CWE-200 Medium JavaMelody publicly accessible CWE-200 CWE-200 Medium JBoss BSHDeployer MBean CWE-200 CWE-200 High JBoss HttpAdaptor JMXInvokerServlet CWE-94 CWE-94 High JBoss JMX Console Unrestricted Access CWE-200 CWE-200 High JBoss JMX management console CWE-200 CWE-200 High JBoss ServerInfo MBean CVE-2010-0738 CWE-200 CWE-200 High JBoss Server MBean CWE-200 CWE-200 High JBoss Web Console JMX Invoker CWE-200 CWE-200 High Jenkins Git Plugin missing permission check (CVE-2022-36883) CWE-862 CWE-862 High Jenkins open people list CWE-200 CWE-200 Low Jenkins open user registration CWE-200 CWE-200 Medium Jenkins weak password CWE-200 CWE-200 High Jetpack 2.9.3: Critical Security Update CVE-2014-0173 CWE-287 CWE-287 High Jetty ConcatServlet Information Disclosure (CVE-2021-28169) CVE-2021-28169 CWE-200 CWE-200 Medium Jetty Information Disclosure (CVE-2021-34429) CVE-2021-34429 CWE-200 CWE-200 Medium JIRA Security Advisory 2013-02-21 CWE-22 CWE-22 High Joomla! 3.2.1 sql injection CWE-89 CWE-89 High Joomla! Core Security Bypass CVE-2017-11364 CWE-264 CWE-264 High Joomla 1.5 end of life CWE-1104 CWE-1104 High Joomla Debug Console enabled CWE-200 CWE-200 Medium Joomla J!Dump extension enabled CWE-200 CWE-200 Medium JSF ViewState client side storage CWE-693 CWE-693 Medium Jupyter Notebook publicly accessible CWE-78 CWE-78 High Kentico Staging API publicly accessible CWE-200 CWE-200 Low Laravel debug mode enabled CWE-200 CWE-200 Medium Laravel debug mode enabled (AcuSensor) CWE-16 CWE-16 Medium Laravel Health Monitor open CWE-200 CWE-200 Medium Laravel Horizon open CWE-200 CWE-200 Medium Laravel LogViewer open CWE-200 CWE-200 Medium Laravel Terminal open CWE-200 CWE-200 High Magento Cacheleak CWE-200 CWE-200 High Magento Config File Disclosure CWE-200 CWE-200 Medium MediaWiki remote code execution CVE-2014-1610 CWE-20 CWE-20 High Memcached Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Method Tampering CWE-285 CWE-285 High Microsoft Frontpage configuration information CWE-200 CWE-200 Informational Microsoft IIS5 NTLM and Basic authentication bypass CVE-2007-2815 CWE-264 CWE-264 High Microsoft IIS WebDAV authentication bypass CVE-2009-1535 CWE-287 CWE-287 High Misconfigured Access-Control-Allow-Origin Header CWE-942 CWE-942 Medium Missing Content-Type Header CWE-16 CWE-16 Low Mojolicious weak secret key CWE-693 CWE-693 Medium MovableType remote code execution CVE-2015-1592 CWE-94 CWE-94 High Multiple vulnerabilities fixed in PHP versions 5.5.12 and 5.4.28 CVE-2014-0185 CWE-1104 CWE-1104 Medium Multiple vulnerabilities in Ioncube loader-wizard.php CWE-552 CWE-552 High MySQL utf8 4-byte truncation CWE-176 CWE-176 Medium Nginx PHP code execution via FastCGI CWE-94 CWE-94 High nginx SPDY heap buffer overflow CVE-2014-0133 CWE-122 CWE-122 High Node.js Debugger Unauthorized Access Vulnerability CWE-200 CWE-200 High Node.js Inspector Unauthorized Access Vulnerability CWE-200 CWE-200 High Node.js Running in Development Mode CWE-215 CWE-215 Medium Node.js Web Application does not handle uncaughtException CWE-248 CWE-248 Medium Node.js Web Application does not handle unhandledRejection CWE-248 CWE-248 Medium Nuxt.js Running in Development Mode CWE-200 CWE-200 Low OData feed accessible anonymously CWE-200 CWE-200 Low Open Silverlight Client Access Policy CWE-16 CWE-16 Medium Oracle applications logs publicy available CWE-200 CWE-200 Medium Oracle E-Business Suite Frame Injection (CVE-2017-3528) CVE-2017-3528 CWE-601 CWE-601 Medium Oracle E-Business Suite Information Disclosure CWE-200 CWE-200 High Oracle E-Business Suite iStore open user registration CWE-200 CWE-200 Medium Oracle PeopleSoft SSO weak secret key CWE-693 CWE-693 High OSGi Management Console Default Credentials CWE-521 CWE-521 High Overly long session timeout in servlet configuration CWE-16 CWE-16 Medium Padding oracle attack CWE-209 CWE-209 High Passive Mixed Content over HTTPS CWE-284 CWE-284 Low Pentaho API Auth bypass (CVE-2021-31602) CVE-2021-31602 CWE-863 CWE-863 High Permissions-Policy header not implemented CWE-1021 CWE-1021 Informational PHP allow_url_fopen Is Enabled CWE-829 CWE-829 Low PHP allow_url_include enabled CWE-829 CWE-829 High PHP allow_url_include Is Enabled CWE-829 CWE-829 Low PHP display_errors Is Enabled CWE-209 CWE-209 Low PHP enable_dl enabled CWE-470 CWE-470 Medium PHP errors enabled CWE-209 CWE-209 Medium Phpfastcache phpinfo publicly accessible (CVE-2021-37704) CVE-2021-37704 CWE-200 CWE-200 Medium PHP magic_quotes_gpc is disabled CWE-150 CWE-150 High PHP open_basedir Is Not Configured CWE-664 CWE-664 Low PHP open_basedir is not set CWE-664 CWE-664 Medium PHP register_globals enabled CWE-1108 CWE-1108 High PHP register_globals Is Enabled CWE-1108 CWE-1108 Medium PHP session.use_only_cookies Is Disabled CWE-598 CWE-598 Medium PHP session.use_trans_sid enabled CWE-598 CWE-598 Medium Pyramid debug mode CWE-489 CWE-489 Medium Pyramid DebugToolbar enabled CWE-200 CWE-200 Medium Python Debugger Unauthorized Access Vulnerability CWE-200 CWE-200 High qdPM Information Disclosure CWE-260 CWE-260 High Rails application running in development mode CWE-200 CWE-200 Medium Reachable SharePoint interface CWE-200 CWE-200 High Redis Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Request Smuggling CWE-444 CWE-444 High RethinkDB administrative interface publicly exposed CWE-200 CWE-200 High Reverse Proxy Detected CWE-16 CWE-16 Informational RoR Database Configuration File Detected CWE-538 CWE-538 High Roundcube security updates 0.8.6 and 0.7.3 CVE-2013-1904 CWE-22 CWE-22 High Ruby framework weak secret key CWE-693 CWE-693 High Ruby on Rails Running in Development Mode CWE-200 CWE-200 Medium Ruby on Rails weak/known secret token CVE-2013-0156 CWE-200 CWE-200 High Same site scripting CWE-16 CWE-16 Medium SAP ICF /sap/public/info sensitive information disclosure CWE-200 CWE-200 Medium SAP Knowledge Management and Collaboration (KMC) incorrect permissions CWE-285 CWE-285 High SAP Management Console get user list CWE-200 CWE-200 High SAP Management Console list logfiles CWE-200 CWE-200 High SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability CWE-200 CWE-200 Medium SAP NetWeaver server info information disclosure CWE-200 CWE-200 Medium SAP NetWeaver server info information disclosure BCB CWE-200 CWE-200 Medium SAP weak/predictable user credentials CWE-200 CWE-200 High Sensitive pages could be cached CWE-200 CWE-200 Low Session cookies scoped to parent domain CWE-284 CWE-284 Low Session ID in URL CWE-200 CWE-200 Low SharePoint exposed web services CWE-200 CWE-200 Medium SharePoint user enumeration CWE-200 CWE-200 High Spring Boot Actuator CWE-489 CWE-489 Medium Spring Boot Actuator v2 CWE-489 CWE-489 Medium Spring Boot Misconfiguration: Actuator endpoint security disabled CWE-16 CWE-16 Medium Spring Boot Misconfiguration: Admin MBean enabled CWE-16 CWE-16 Medium Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed CWE-16 CWE-16 Medium Spring Boot Misconfiguration: Datasource credentials stored in the properties file CWE-16 CWE-16 Medium Spring Boot Misconfiguration: Developer tools enabled on production CWE-16 CWE-16 Medium Spring Boot Misconfiguration: H2 console enabled CWE-16 CWE-16 Medium Spring Boot Misconfiguration: MongoDB credentials stored in the properties file CWE-16 CWE-16 Medium Spring Boot Misconfiguration: Overly long session timeout CWE-16 CWE-16 Medium Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed CWE-16 CWE-16 Low Spring Boot Misconfiguration: Unsafe value for session tracking CWE-16 CWE-16 Medium Spring Misconfiguration: HTML Escaping disabled CWE-16 CWE-16 Medium SSL Certificate Is About To Expire CWE-298 CWE-298 Medium Struts 2 Config Browser plugin enabled CWE-16 CWE-16 Medium Struts 2 development mode CWE-489 CWE-489 High Struts2 Development Mode Enabled CWE-16 CWE-16 High Subresource Integrity (SRI) Not Implemented CWE-830 CWE-830 Informational Symfony debug mode enabled (AcuSensor) CWE-16 CWE-16 Medium Symfony ESI (Edge-Side Includes) enabled CWE-16 CWE-16 Low Symfony running in dev mode CWE-16 CWE-16 Medium Symfony web debug toolbar CWE-489 CWE-489 Medium The DROWN attack (SSLv2 supported) CVE-2016-0800 CWE-310 CWE-310 High The FREAK attack CVE-2015-0204 CWE-310 CWE-310 Medium The Heartbleed Bug CVE-2014-0160 CWE-200 CWE-200 High The POODLE attack (SSLv3 with CBC cipher suites) CVE-2014-3566 CWE-326 CWE-326 Medium TLS/SSL (EC)DHE Key Reuse CWE-310 CWE-310 Informational TLS/SSL certificate key size too small CWE-310 CWE-310 Medium TLS/SSL LOGJAM attack CVE-2015-4000 CWE-310 CWE-310 Medium TLS/SSL Sweet32 attack CVE-2016-2183 CVE-2016-6329 CWE-310 CWE-310 Medium TLS/SSL Weak Cipher Suites CWE-310 CWE-310 Medium Tomcat status page CWE-200 CWE-200 Low Tornado debug mode CWE-489 CWE-489 Medium Tornado weak secret key CWE-693 CWE-693 Medium Trace.axd Detected CWE-215 CWE-215 High TRACE/TRACK Method Detected CWE-489 CWE-489 Low TRACK method is enabled CWE-489 CWE-489 Low Unauthorized Access to a web app installer CWE-200 CWE-200 Medium Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability CWE-400 CWE-400 Medium Unicode Transformation (Best-Fit Mapping) CWE-176 CWE-176 Medium Unprotected Apache NiFi API interface CWE-287 CWE-287 Medium Unprotected Kong Gateway Admin API interface CWE-287 CWE-287 Medium Unprotected phpMyAdmin interface CWE-205 CWE-205 High Unrestricted access to a monitoring system CWE-200 CWE-200 Low Unrestricted access to Caddy API interface CWE-200 CWE-200 High Unrestricted access to Haproxy Data Plane API CWE-200 CWE-200 High Unrestricted access to ImageResizer Diagnotics plugin CWE-200 CWE-200 Low Unrestricted access to Kong Gateway API CWE-200 CWE-200 High Unrestricted access to Prometheus CWE-200 CWE-200 Low Unrestricted access to Prometheus Metrics CWE-200 CWE-200 Low Unsafe value for session tracking in WEB-INF/web.xml CWE-16 CWE-16 Medium Verb tampering via misconfigured security constraint CWE-16 CWE-16 Medium Version Disclosure (IIS) CWE-200 CWE-200 Informational ViewState MAC Disabled CWE-642 CWE-642 Medium Virtual Host locations misconfiguration CWE-200 CWE-200 High Vulnerable project dependencies CWE-937 CWE-937 High W3 total cache debug mode CWE-489 CWE-489 Medium Weak password CWE-200 CWE-200 High Weak Secret is Used to Sign JWT CWE-345 CWE-345 Critical Weak WordPress security key CWE-16 CWE-16 High Web2py weak secret key CWE-693 CWE-693 Medium Webalizer script CWE-538 CWE-538 Medium Web application default/weak credentials CWE-200 CWE-200 High Web Application Firewall Detected CWE-16 CWE-16 Informational Web Cache Deception High Web Cache Poisoning CWE-44 CWE-44 High Web Cache Poisoning DoS CWE-400 CWE-400 Medium Web Cache Poisoning DoS (for javascript) CWE-400 CWE-400 Medium Web Cache Poisoning DoS through HTTP/2 headers CWE-400 CWE-400 Medium Web Cache Poisoning through HTTP/2 pseudo-headers CWE-44 CWE-44 High Web Cache Poisoning via Fat GET Request CWE-44 CWE-44 High Web Cache Poisoning via Host Header CWE-44 CWE-44 High Web Cache Poisoning via JSONP and UTM_ parameter CWE-44 CWE-44 High Web Cache Poisoning via POST Request CWE-44 CWE-44 High Web Cache Poisoning via semicolon query separator CWE-44 CWE-44 High WebDAV Directory Has Write Permissions CWE-264 CWE-264 High WebDAV directory listing CWE-538 CWE-538 Medium WebDAV Enabled CWE-16 CWE-16 Informational WebDAV remote code execution CWE-434 CWE-434 High WebLogic admin console weak credentials CWE-693 CWE-693 High Webmail weak password CWE-200 CWE-200 High WebPageTest Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Web server default welcome page CWE-200 CWE-200 Informational WordPress admin accessible without HTTP authentication CWE-16 CWE-16 Low WordPress allows editing theme/plugin files CWE-16 CWE-16 Medium WordPress configuration file weak file permissions CWE-16 CWE-16 Medium WordPress default administrator account CWE-16 CWE-16 Low WordPress readme.html file CWE-200 CWE-200 Informational WordPress user registration enabled CWE-16 CWE-16 Informational Xdebug remote code execution via xdebug.remote_connect_back CWE-200 CWE-200 High XML entity injection CWE-611 CWE-611 Critical XML external entity injection CWE-611 CWE-611 Critical XML external entity injection (variant) CWE-611 CWE-611 Critical XML external entity injection and XML injection CWE-611 CWE-611 Critical XML External Entity Injection via external file CWE-611 CWE-611 Critical XML external entity injection via File Upload CWE-611 CWE-611 Critical Yii2 debug toolkit CWE-200 CWE-200 Medium Yii2 Gii extension CWE-200 CWE-200 Medium Yii2 weak secret key CWE-693 CWE-693 Medium Yii debug mode enabled CWE-16 CWE-16 Medium Yii running in dev mode CWE-16 CWE-16 Medium [Possible] AWStats Detected CWE-538 CWE-538 Medium [Possible] Password Transmitted over Query String CWE-200 CWE-200 Medium
