Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Api Bfla Api Bola Api Broken Auth Api Broken Object Prop Auth Api Dos Api Improper Inventory Management Api Misconfiguration Api Ssrf Arbitrary File Creation Arbitrary File Read Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities LLM Ldap Injection Llm Excessive Agency Llm Insecure Output Handling Llm Prompt Injection Llm Prompt Leakage Llm Sensitive Information Disclosure Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity .htaccess File Detected CWE-529 CWE-529 Informational Access-Control-Allow-Origin header with wildcard (*) value CWE-942 CWE-942 Informational Active Mixed Content over HTTPS CWE-319 CWE-1428 CWE-319 CWE-1428 Medium Adobe ColdFusion 9 administrative login bypass CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 CVE-2013-0632 CWE-287 CWE-287 High Adobe Experience Manager Blind XXE via package upload CVE-2025-54251 CVE-2025-54249 CVE-2025-54252 CVE-2025-54250 CVE-2025-54247 CVE-2025-54248 CVE-2025-54246 CWE-611 CWE-611 High Adobe Experience Manager exposed user passwords via querybuilder CVE-2025-54251 CVE-2025-54249 CVE-2025-54252 CVE-2025-54250 CVE-2025-54247 CVE-2025-54248 CVE-2025-54246 CWE-200 CWE-200 High Adobe Experience Manager Expression Language injection via cloudsettings CVE-2025-54251 CVE-2025-54249 CVE-2025-54252 CVE-2025-54250 CVE-2025-54247 CVE-2025-54248 CVE-2025-54246 CWE-94 CWE-94 High Adobe Experience Manager Information Disclosure via Apache Sling v2.3.6 vulnerability CVE-2016-0956 CWE-668 CWE-668 Medium Adobe Experience Manager Misconfiguration CVE-2016-0957 CWE-693 CWE-693 High Adobe Experience Manager SSRF via MS token verify servlet CVE-2025-54251 CVE-2025-54249 CVE-2025-54252 CVE-2025-54250 CVE-2025-54247 CVE-2025-54248 CVE-2025-54246 CWE-918 CWE-918 High Adobe Experience Manager writable JCR nodes via querybuilder CVE-2025-54251 CVE-2025-54249 CVE-2025-54252 CVE-2025-54250 CVE-2025-54247 CVE-2025-54248 CVE-2025-54246 CWE-276 CWE-276 High An Unsafe Content Security Policy (CSP) Directive in Use CWE-942 CWE-942 Informational Apache Airflow Experimental API Auth Bypass CVE-2020-13927 CVE-2020-13927 CWE-200 CWE-200 High Apache Axis2 administration console weak password CWE-200 CWE-200 High Apache Cassandra Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Apache configured to run as proxy CWE-441 CWE-441 Medium Apache Geronimo default administrative credentials CWE-693 CWE-693 High Apache JServ protocol service CWE-200 CWE-200 Medium Apache Kafka Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Apache mod_negotiation filename bruteforcing CWE-538 CWE-538 Low Apache perl-status enabled CWE-200 CWE-200 Medium Apache Proxy HTTP CONNECT method enabled CWE-441 CWE-441 Medium Apache REST RCE CVE-2018-11770 CVE-2018-11770 CWE-94 CWE-94 High Apache Roller OGNL injection CVE-2013-4212 CWE-20 CWE-20 High Apache Server-Info Detected CWE-200 CWE-200 Medium Apache Server-Status Detected CWE-200 CWE-200 Medium Apache Solr endpoint CWE-200 CWE-200 Low Apache solr service exposed CWE-200 CWE-200 High Apache Spark Master Unauthorized Access Vulnerability CWE-200 CWE-200 High Apache Spark Web UI Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Apache stronghold-info enabled CWE-200 CWE-200 Low Apache stronghold-status enabled CWE-200 CWE-200 Low Apache Tapestry weak secret key CWE-693 CWE-693 High Apache Tomcat examples directory vulnerabilities Medium Apache Tomcat insecure default administrative password CVE-2009-3548 CWE-798 CWE-798 High Apache ZooKeeper Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Arbitrary File Read on Nuxt.js Development Server CWE-200 CWE-200 Low ASP.NET: Failure To Require SSL For Authentication Cookies CWE-319 CWE-319 Medium ASP.NET application-level tracing enabled CWE-215 CWE-215 Medium ASP.NET ASPX debugging enabled CWE-11 CWE-11 Medium ASP.NET connection strings stored in plaintext CWE-312 CWE-312 High ASP.NET cookieless authentication enabled CWE-598 CWE-598 Medium ASP.NET Cookieless session state enabled CWE-598 CWE-598 Medium ASP.NET cookies accessible from client-side scripts CWE-1004 CWE-1004 Medium ASP.NET Core Development Mode enabled CWE-200 CWE-200 Medium ASP.NET CustomErrors Is Disabled CWE-12 CWE-12 Medium ASP.NET debugging enabled CWE-11 CWE-11 Low ASP.NET Deny missing from authorization rule on location CWE-288 CWE-288 Medium ASP.NET diagnostic page CWE-200 CWE-200 Medium ASP.NET error message CWE-12 CWE-12 Low ASP.NET event validation disabled CWE-345 CWE-345 Medium ASP.NET expired session IDs are not regenerated CWE-384 CWE-384 Medium ASP.NET forms authentication using inadequate protection CWE-345 CWE-345 Medium ASP.NET header checking is disabled in web.config CWE-113 CWE-113 Medium ASP.NET login credentials stored in plain text CWE-256 CWE-256 Medium ASP.NET potential HTTP Verb Tampering CWE-288 CWE-288 Medium ASP.NET ValidateRequest Is Globally Disabled CWE-707 CWE-707 Medium ASP.NET viewstate encryption disabled CWE-319 CWE-319 Medium ASP.NET ViewStateUserKey Is Not Set CWE-642 CWE-642 Low ASP.NET ViewState Weak Validation Key CWE-321 CWE-321 Critical ASP.NET WCF metadata enabled for behavior CWE-200 CWE-200 Medium ASP.NET WCF replay attacks are not detected CWE-294 CWE-294 Medium ASP.NET WCF service include exception details CWE-209 CWE-209 Medium Atlassian Jira insecure REST permissions High Atlassian JIRA Servicedesk misconfiguration CWE-287 CWE-287 Medium Axis development mode enabled in WEB-INF/server-config.wsdd CWE-200 CWE-489 CWE-200 CWE-489 Medium Axis system configuration listing enabled in WEB-INF/server-config.wsdd CWE-200 CWE-200 Medium BottlePy weak secret key CWE-693 CWE-693 High Broken Link Hijacking CWE-610 CWE-610 Low Case-Insensitive Routing Bypass in Express.js Application CWE-287 CWE-287 High Chrome Logger information disclosure CWE-200 CWE-200 Medium Clickjacking: CSP frame-ancestors missing CWE-1021 CWE-1021 Low Code Execution via WebDav CWE-434 CWE-434 High CodeIgniter development mode enabled CWE-200 CWE-489 CWE-200 CWE-489 Medium CodeIgniter session decoding vulnerability CWE-327 CWE-327 High CodeIgniter weak encryption key CWE-200 CWE-200 High ColdFusion administrator login page publicly available CWE-200 CWE-200 Low ColdFusion RDS Service enabled CWE-200 CWE-200 Low Consul API publicly exposed CWE-200 CWE-200 High Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags CWE-358 CWE-358 Informational Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive CWE-358 CWE-358 Informational Content Security Policy (CSP) Contains Out of Scope report-uri Domain CWE-358 CWE-358 Informational Content Security Policy (CSP) Keywords Not Used Within Single Quotes CWE-942 CWE-942 Informational Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes CWE-358 CWE-358 Informational Content Security Policy (CSP) Nonce Without Matching Script Block CWE-358 CWE-358 Informational Content Security Policy (CSP) Not Implemented CWE-1021 CWE-1021 Informational Content Security Policy (CSP) report-uri Uses HTTP CWE-319 CWE-319 Informational Content Security Policy Misconfiguration CWE-942 CWE-358 CWE-942 CWE-358 Informational Cookie signed with weak secret key CWE-693 CWE-693 Medium Cookies Not Marked as HttpOnly CWE-1004 CWE-1004 Low Cookies Not Marked as Secure CWE-614 CWE-614 Low Cookies with missing, inconsistent or contradictory properties CWE-732 CWE-732 Low Cookies with Secure flag set over insecure connection CWE-614 CWE-614 Informational Core dump file CWE-200 CWE-200 High CouchDB REST API publicly accessible CWE-285 CWE-285 High Craft CMS Development Mode enabled CWE-200 CWE-200 Medium CRIME SSL/TLS attack CVE-2012-4929 CWE-311 CWE-311 Medium Cross-Origin-Embedder-Policy (COEP) needs improvements CWE-203 CWE-359 CWE-203 CWE-359 Informational Cross-Origin-Embedder-Policy (COEP) Not Implemented CWE-203 CWE-359 CWE-203 CWE-359 Informational Cross-Origin Opener Policy (COOP) Needs Improvements CWE-942 CWE-1022 CWE-942 CWE-1022 Informational Cross-Origin Opener Policy (COOP) Not Implemented CWE-942 CWE-1022 CWE-942 CWE-1022 Informational Cross-Origin Opener Policy (COOP) Syntax Error CWE-942 CWE-1022 CWE-942 CWE-1022 Informational Custom Error Pages Are Not Configured in WEB-INF/web.xml CWE-209 CWE-209 Medium data: Used in a Content Security Policy (CSP) Directive CWE-942 CWE-942 Informational default-src Used in Content Security Policy (CSP) CWE-942 CWE-942 Informational Delve Debugger Unauthorized Access Vulnerability CWE-200 CWE-200 High Deprecated Header Instruction Used to Implement Content Security Policy (CSP) CWE-358 CWE-358 Informational Devise weak password CWE-200 CWE-200 High Directory listings CWE-538 CWE-538 Medium Django Debug Toolbar CWE-200 CWE-200 Medium Django weak secret key CWE-693 CWE-693 Medium Docker Engine API is accessible without authentication CWE-287 CWE-287 High Docker Registry API is accessible without authentication CWE-287 CWE-287 High Drupal configuration file weak file permissions CWE-732 CWE-732 Medium Drupal trusted_host_patterns setting not configured Medium Elasticsearch service accessible CWE-200 CWE-200 High Elmah.axd / Errorlog.axd Detected CWE-209 CWE-209 High Error page path disclosure CWE-200 CWE-200 Low Error page web server version disclosure CWE-200 CWE-200 Informational Express cookie-session weak secret key CWE-693 CWE-693 Medium Express Development Mode enabled CWE-200 CWE-200 Medium Express express-session weak secret key CWE-693 CWE-693 Informational Firebase database accessible without authentication CWE-200 CWE-200 Medium Flask weak secret key CWE-693 CWE-693 Medium Frontpage authors.pwd available CWE-538 CWE-538 Medium FrontPage Identified CWE-200 CWE-200 Low Gitlab open user registration CWE-200 CWE-200 Medium Gitlab user disclosure CWE-200 CWE-200 Low GlassFish admin console weak credentials CWE-693 CWE-693 High GoCD information disclosure (CVE-2021-43287) CVE-2021-43287 CWE-200 CWE-200 High Go web application binary disclosure CWE-540 CWE-540 Medium Grails database console CWE-200 CWE-200 Medium GraphiQL Explorer/Playground Enabled CWE-200 CWE-200 Medium GraphQL Alias Overloading Allowed: Potential Denial of Service Vulnerability CWE-400 CWE-400 Medium GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability CWE-770 CWE-770 Medium GraphQL Circular-Query via Introspection Allowed: Potential DoS Vulnerability CWE-400 CWE-400 Medium GraphQL Field Suggestions Enabled CWE-200 CWE-200 Medium GraphQL Introspection Query Enabled CWE-200 CWE-200 Medium GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Unauthenticated Mutation Detected CWE-306 CWE-306 Medium GraphQL Unhandled Error Leakage CWE-209 CWE-209 Medium H2 console publicly accessible CWE-287 CWE-287 Low Hadoop cluster web interface CWE-200 CWE-200 Medium Hadoop YARN ResourceManager publicly accessible CWE-200 CWE-200 High Harbor Unauthorized Access Vulnerability CVE-2022-46463 CWE-200 CWE-200 High Hostile subdomain takeover CWE-346 CWE-346 Medium HTTP header reflected in cached response CWE-200 CWE-79 CWE-200 CWE-79 Medium Httpoxy vulnerability CWE-918 CWE-918 Medium HTTP Strict Transport Security (HSTS) Errors and Warnings CWE-1428 CWE-319 CWE-1428 CWE-319 Informational HTTP Strict Transport Security (HSTS) Policy Not Enabled CWE-319 CWE-1428 CWE-319 CWE-1428 Medium HTTP verb tampering via POST CWE-285 CWE-285 High IBM WebSphere administration console weak password CWE-200 CWE-200 High IIS extended unicode directory traversal vulnerability CVE-2000-0884 CWE-22 CWE-22 High IIS Path disclosure CWE-200 CWE-200 Low Incorrect Content Security Policy (CSP) Implementation CWE-942 CWE-942 Informational InfluxDB Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Insecure crossdomain.xml policy CWE-942 CWE-942 Medium Insecure Protocol Detected in Content Security Policy (CSP) CWE-942 CWE-942 Informational Insecure Referrer Policy CWE-200 CWE-200 Informational Insecure Transportation Security Protocol Supported (SSLv2) CWE-326 CWE-326 High Insecure Transportation Security Protocol Supported (SSLv3) CWE-326 CWE-326 High Insecure Transportation Security Protocol Supported (TLS 1.0) CWE-326 CWE-326 High Insecure Transportation Security Protocol Supported (TLS 1.1) CWE-326 CWE-326 Low Internet Information Server returns IP address in HTTP header (Content-Location) CWE-200 CWE-200 Low Invalid Content Security Policy (CSP) Directive Identified in meta Elements CWE-358 CWE-358 Informational Invalid SSL Certificate CWE-298 CWE-298 Medium JAAS authentication bypass CWE-693 CWE-693 High Java Debug Wire Protocol remote code execution CWE-94 CWE-94 High Java Management Extensions (JMX/RMI) service detected CWE-200 CWE-200 Medium JavaMelody publicly accessible CWE-200 CWE-200 Medium JBoss BSHDeployer MBean CWE-200 CWE-200 High JBoss HttpAdaptor JMXInvokerServlet CWE-94 CWE-94 High JBoss JMX Console Unrestricted Access CWE-200 CWE-200 High JBoss JMX management console CWE-200 CWE-200 High JBoss ServerInfo MBean CVE-2010-0738 CWE-200 CWE-200 High JBoss Server MBean CWE-200 CWE-200 High JBoss Web Console JMX Invoker CWE-200 CWE-200 High Jenkins Git Plugin missing permission check (CVE-2022-36883) CVE-2022-36883 CWE-862 CWE-862 High Jenkins open people list CWE-200 CWE-200 Low Jenkins open user registration CWE-200 CWE-200 Medium Jenkins weak password CWE-200 CWE-200 High Jetpack 2.9.3: Critical Security Update CVE-2014-0173 CWE-287 CWE-287 High Jetty ConcatServlet Information Disclosure (CVE-2021-28169) CVE-2021-28169 CWE-200 CWE-200 Medium Jetty Information Disclosure (CVE-2021-34429) CVE-2021-34429 CVE-2021-28164 CWE-200 CWE-200 Medium JIRA Security Advisory 2013-02-21 CWE-22 CWE-22 High Joomla! 3.2.1 sql injection CWE-89 CWE-89 High Joomla! Core Security Bypass CVE-2017-11364 High Joomla 1.5 end of life CWE-1104 CWE-1104 High Joomla Debug Console enabled CWE-200 CWE-200 Medium Joomla J!Dump extension enabled CWE-200 CWE-200 Medium JSF ViewState client side storage CWE-693 CWE-693 Medium Jupyter Notebook publicly accessible CWE-78 CWE-78 High JWT Signature Bypass via None Algorithm CWE-345 CWE-345 High JWT Signature Bypass via unvalidated jwk parameter CWE-287 CWE-287 High JWT Signature is not Verified CWE-287 CWE-287 High Kentico Staging API Authentication Bypass CVE-2025-2747 CVE-2025-2746 CWE-287 CWE-287 Critical Kentico Staging API publicly accessible CWE-200 CWE-200 Low Laravel debug mode enabled CWE-200 CWE-200 Medium Laravel debug mode enabled (Invicti IAST) CWE-200 CWE-489 CWE-200 CWE-489 Medium Laravel Health Monitor open CWE-200 CWE-200 Medium Laravel Horizon open CWE-200 CWE-200 Medium Laravel LogViewer open CWE-200 CWE-200 Medium Laravel Terminal open CWE-200 CWE-200 High Lucee Stacktrace Information Disclosure CWE-200 CWE-200 Medium Lucee Unset Admin Password CWE-200 CWE-200 Critical Magento Cacheleak CWE-200 CWE-200 High Magento Config File Disclosure CWE-200 CWE-200 Medium MediaWiki remote code execution CVE-2014-1610 CWE-20 CWE-20 High Memcached Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Method Tampering CWE-285 CWE-285 High Microsoft Frontpage configuration information CWE-200 CWE-200 Informational Microsoft IIS5 NTLM and Basic authentication bypass CVE-2007-2815 CWE-288 CWE-288 High Microsoft IIS WebDAV authentication bypass CVE-2009-1535 CWE-287 CWE-287 High Misconfigured Access-Control-Allow-Origin Header CWE-942 CWE-942 Medium Missing Content-Type Header CWE-436 CWE-358 CWE-436 CWE-358 Low Missing object-src in CSP Declaration CWE-942 CWE-942 Informational Mojolicious weak secret key CWE-693 CWE-693 Medium MovableType remote code execution CVE-2015-1592 CWE-94 CWE-94 High Multiple Content Security Policy (CSP) Implementation Detected CWE-358 CWE-358 Informational Multiple vulnerabilities in Ioncube loader-wizard.php CWE-552 CWE-552 High MySQL utf8 4-byte truncation CWE-176 CWE-176 Medium Next.js image Blind SSRF CWE-918 CWE-918 Medium Nginx PHP code execution via FastCGI CWE-94 CWE-94 High Node.js Debugger Unauthorized Access Vulnerability CWE-200 CWE-200 High Node.js Inspector Unauthorized Access Vulnerability CWE-200 CWE-200 High Node.js Running in Development Mode CWE-215 CWE-215 Medium Node.js Web Application does not handle uncaughtException CWE-248 CWE-248 Medium Node.js Web Application does not handle unhandledRejection CWE-248 CWE-248 Medium Nonce Usage Detected in Content Security Policy (CSP) Directive CWE-358 CWE-358 Informational No Script Block Detected with the Hash Value Declared in Content Security Policy (CSP) CWE-942 CWE-942 Informational Nuxt.js Running in Development Mode CWE-200 CWE-200 Low OData feed accessible anonymously CWE-200 CWE-200 Low Open Silverlight Client Access Policy CWE-942 CWE-942 Medium Oracle applications logs publicy available CWE-200 CWE-200 Medium Oracle E-Business Suite Frame Injection (CVE-2017-3528) CVE-2017-3528 CWE-601 CWE-601 Medium Oracle E-Business Suite Information Disclosure CWE-200 CWE-200 High Oracle E-Business Suite iStore open user registration CVE-2022-21500 CWE-200 CWE-200 Medium Oracle PeopleSoft SSO weak secret key CWE-693 CWE-693 High OSGi Management Console Default Credentials CWE-521 CWE-521 High Overly long session timeout in servlet configuration CWE-613 CWE-613 Medium Padding oracle attack CWE-209 CWE-209 High Passive Mixed Content over HTTPS CWE-319 CWE-1428 CWE-319 CWE-1428 Low Pentaho API Auth bypass (CVE-2021-31602) CVE-2021-31602 CWE-863 CWE-863 High Permissions-Policy header not implemented CWE-1021 CWE-1021 Informational PHP allow_url_fopen Is Enabled CWE-829 CWE-829 Low PHP allow_url_include enabled CWE-829 CWE-829 Low PHP allow_url_include Is Enabled CWE-829 CWE-829 Low PHP display_errors Is Enabled CWE-209 CWE-209 Low PHP enable_dl enabled CWE-470 CWE-470 Medium PHP errors enabled CWE-209 CWE-209 Medium Phpfastcache phpinfo publicly accessible (CVE-2021-37704) CVE-2021-37704 CWE-200 CWE-200 Medium PHP magic_quotes_gpc is disabled CWE-150 CWE-150 High PHP open_basedir Is Not Configured CWE-664 CWE-664 Low PHP open_basedir is not set CWE-664 CWE-664 Low PHP register_globals enabled CWE-1108 CWE-1108 Medium PHP register_globals Is Enabled CWE-1108 CWE-1108 Medium PHP session.use_only_cookies Is Disabled CWE-598 CWE-598 Medium PHP session.use_trans_sid enabled CWE-598 CWE-598 Medium Possible Database Name Disclosure CWE-200 CWE-200 Low Pyramid debug mode CWE-489 CWE-489 Medium Pyramid DebugToolbar enabled CWE-200 CWE-200 Medium Python Debugger Unauthorized Access Vulnerability CWE-200 CWE-200 High qdPM Information Disclosure CWE-260 CWE-260 High Reachable SharePoint interface CWE-200 CWE-200 High Redis Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Request Smuggling CWE-444 CWE-444 High RethinkDB administrative interface publicly exposed CWE-200 CWE-200 High Reverse Proxy Detected Informational RoR Database Configuration File Detected CWE-538 CWE-538 High RoR Development Mode enabled CWE-200 CWE-200 Medium Roundcube security updates 0.8.6 and 0.7.3 CVE-2013-1904 CWE-22 CWE-22 High Ruby framework weak secret key CWE-693 CWE-693 High Ruby on Rails weak/known secret token CVE-2013-0156 CWE-200 CWE-200 High Same site scripting CWE-200 CWE-350 CWE-200 CWE-350 Medium SAP ICF /sap/public/info sensitive information disclosure CWE-200 CWE-200 Medium SAP Knowledge Management and Collaboration (KMC) incorrect permissions CWE-285 CWE-285 High SAP Management Console get user list CWE-200 CWE-200 High SAP Management Console list logfiles CWE-200 CWE-200 High SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability CWE-200 CWE-200 Medium SAP NetWeaver server info information disclosure CWE-200 CWE-200 Medium SAP NetWeaver server info information disclosure BCB CWE-200 CWE-200 Medium SAP weak/predictable user credentials CWE-200 CWE-200 High Scheme URI Detected in Content Security Policy (CSP) Directive CWE-942 CWE-942 Informational Sensitive pages could be cached CWE-200 CWE-200 Low Session cookies scoped to parent domain CWE-923 CWE-358 CWE-923 CWE-358 Low Session ID in URL CWE-200 CWE-200 Low SharePoint exposed web services CWE-200 CWE-200 Medium SharePoint user enumeration CWE-200 CWE-200 High Spring Boot Actuator CWE-489 CWE-489 Medium Spring Boot Actuator v2 CWE-489 CWE-489 Medium Spring Boot Misconfiguration: Actuator endpoint security disabled CWE-749 CWE-749 Medium Spring Boot Misconfiguration: Admin MBean enabled CWE-749 CWE-749 Medium Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed CWE-200 CWE-200 Medium Spring Boot Misconfiguration: Datasource credentials stored in the properties file CWE-312 CWE-312 Medium Spring Boot Misconfiguration: Developer tools enabled on production CWE-200 CWE-489 CWE-200 CWE-489 Medium Spring Boot Misconfiguration: H2 console enabled CWE-200 CWE-200 Medium Spring Boot Misconfiguration: MongoDB credentials stored in the properties file CWE-312 CWE-312 Medium Spring Boot Misconfiguration: Overly long session timeout CWE-613 CWE-613 Medium Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed CWE-749 CWE-749 Low Spring Boot Misconfiguration: Unsafe value for session tracking CWE-200 CWE-598 CWE-200 CWE-598 Medium Spring Misconfiguration: HTML Escaping disabled CWE-116 CWE-116 Medium SSL Certificate Is About To Expire CWE-298 CWE-298 Medium Static Nonce Identified in Content Security Policy (CSP) CWE-334 CWE-334 Informational Struts 2 Config Browser plugin enabled CWE-200 CWE-200 Medium Struts 2 development mode CWE-489 CWE-489 High Struts2 Development Mode Enabled CWE-200 CWE-489 CWE-200 CWE-489 High Subresource Integrity (SRI) Not Implemented CWE-830 CWE-830 Informational Symfony debug mode enabled (Invicti IAST) CWE-489 CWE-489 Medium Symfony ESI (Edge-Side Includes) enabled CWE-749 CWE-200 CWE-749 CWE-200 Low Symfony running in dev mode CWE-200 CWE-489 CWE-200 CWE-489 Medium Symfony web debug toolbar CWE-489 CWE-489 Medium The DROWN attack (SSLv2 supported) CVE-2016-0800 CWE-327 CWE-327 High The FREAK attack CVE-2015-0204 CWE-326 CWE-327 CWE-326 CWE-327 Medium The Heartbleed Bug CVE-2014-0160 CWE-200 CWE-200 High The POODLE attack (SSLv3 with CBC cipher suites) CVE-2014-3566 CWE-326 CWE-326 Medium TLS/SSL (EC)DHE Key Reuse CWE-327 CWE-327 Informational TLS/SSL certificate key size too small CWE-326 CWE-326 Medium TLS/SSL LOGJAM attack CVE-2015-4000 CWE-326 CWE-326 Medium TLS/SSL Sweet32 attack CVE-2016-2183 CVE-2016-6329 CWE-327 CWE-327 Medium TLS/SSL Weak Cipher Suites CWE-327 CWE-327 Medium Tomcat status page CWE-200 CWE-200 Low TorchServe Management API publicly exposed CVE-2023-43654 CWE-200 CWE-200 High Tornado debug mode CWE-489 CWE-489 Medium Tornado weak secret key CWE-693 CWE-693 Medium Trace.axd Detected CWE-215 CWE-215 High TRACE Method enabled CWE-489 CWE-489 Low TRACK Method enabled CWE-489 CWE-489 Low Unauthorized Access to a web app installer CWE-200 CWE-200 Medium Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability CWE-400 CWE-400 Medium Unicode Transformation (Best-Fit Mapping) CWE-176 CWE-176 Medium Unprotected Apache NiFi API interface CWE-287 CWE-287 Medium Unprotected Kong Gateway Admin API interface CWE-287 CWE-287 Medium Unprotected phpMyAdmin interface CWE-205 CWE-205 High Unrestricted access to a monitoring system CWE-200 CWE-200 Low Unrestricted access to AnythingLLM API CVE-2024-6842 CWE-200 CWE-200 Medium Unrestricted access to Apache HugeGraph CWE-200 CWE-200 Critical Unrestricted access to Caddy API interface CWE-200 CWE-200 High Unrestricted access to Haproxy Data Plane API CWE-200 CWE-200 High Unrestricted access to ImageResizer Diagnotics plugin CWE-200 CWE-200 Low Unrestricted access to Kong Gateway API CWE-200 CWE-200 High Unrestricted access to MLflow CWE-200 CWE-200 Medium Unrestricted access to Prometheus CWE-200 CWE-200 Low Unrestricted access to Prometheus Metrics CWE-200 CWE-200 Low Unsafe value for session tracking in WEB-INF/web.xml CWE-200 CWE-598 CWE-200 CWE-598 Medium Unsupported Hash Detected in Content Security Policy (CSP) CWE-327 CWE-327 Informational Verb tampering via misconfigured security constraint CWE-288 CWE-288 Medium Version Disclosure (IIS) CWE-200 CWE-200 Low ViewState MAC Disabled CWE-642 CWE-642 Medium ViewStateMac is Not Enabled CWE-354 CWE-354 Medium Virtual Host locations misconfiguration CWE-200 CWE-200 High Vulnerable project dependencies CWE-1395 CWE-1395 High W3 total cache debug mode CWE-489 CWE-489 Medium Weak Nonce Detected in Content Security Policy (CSP) Declaration CWE-942 CWE-330 CWE-942 CWE-330 Informational Weak password CWE-200 CWE-200 High Weak Secret is Used to Sign JWT CWE-347 CWE-347 High Weak WordPress security key CWE-326 CWE-326 High Web2py weak secret key CWE-693 CWE-693 Medium Webalizer script CWE-538 CWE-538 Medium Web application default/weak credentials CWE-200 CWE-200 High Web Application Firewall Detected Informational Web Cache Deception High Web Cache Poisoning CWE-44 CWE-44 High Web Cache Poisoning DoS CWE-400 CWE-400 Medium Web Cache Poisoning DoS (for javascript) CWE-400 CWE-400 Medium Web Cache Poisoning DoS through HTTP/2 headers CWE-400 CWE-400 Medium Web Cache Poisoning through HTTP/2 pseudo-headers CWE-44 CWE-44 High Web Cache Poisoning via Fat GET Request CWE-44 CWE-44 High Web Cache Poisoning via Host Header CWE-44 CWE-44 High Web Cache Poisoning via JSONP and UTM_ parameter CWE-44 CWE-44 High Web Cache Poisoning via POST Request CWE-44 CWE-44 High Web Cache Poisoning via semicolon query separator CWE-44 CWE-44 High WebDAV Directory Has Write Permissions CWE-732 CWE-732 High WebDAV directory listing CWE-538 CWE-538 Medium WebDAV Enabled CWE-749 CWE-749 Informational WebLogic admin console weak credentials CWE-693 CWE-693 High Webmail weak password CWE-200 CWE-200 High WebPageTest Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Web server default welcome page CWE-200 CWE-200 Informational Wildcard Detected in Domain Portion of Content Security Policy (CSP) Directive CWE-942 CWE-942 Informational Wildcard Detected in Port Portion of Content Security Policy (CSP) Directive CWE-942 CWE-942 Informational Wildcard Detected in Scheme Portion of Content Security Policy (CSP) Directive CWE-942 CWE-942 Informational Wing FTP Anonymous access CWE-200 CWE-200 Low WordPress admin accessible without HTTP authentication Low WordPress allows editing theme/plugin files CWE-749 CWE-749 Medium WordPress configuration file weak file permissions CWE-732 CWE-732 Medium WordPress default administrator account Low WordPress readme.html file CWE-200 CWE-200 Informational WordPress user registration enabled Informational X-Content-Type-Options (XCTO) Not Implemented Informational Xdebug remote code execution via xdebug.remote_connect_back CWE-200 CWE-200 High XML entity injection CWE-611 CWE-611 High XML external entity injection CWE-611 CWE-611 High XML external entity injection (variant) CWE-611 CWE-611 High XML external entity injection and XML injection CWE-611 CWE-611 High XML External Entity Injection via external file CWE-611 CWE-611 High XML external entity injection via File Upload CWE-611 CWE-611 High Yii2 debug toolkit CWE-200 CWE-200 Medium Yii2 Gii extension CWE-200 CWE-200 Medium Yii2 weak secret key CWE-693 CWE-693 Medium Yii debug mode enabled CWE-200 CWE-489 CWE-200 CWE-489 Medium Yii running in dev mode CWE-200 CWE-489 CWE-200 CWE-489 Medium [Possible] AWStats Detected CWE-538 CWE-538 Medium [Possible] Password Transmitted over Query String CWE-200 CWE-200 Medium
