Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Arbitrary File Read Arbitrary File Write Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Path Traversal Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Adobe ColdFusion 9 administrative login bypass CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 CVE-2013-0632 CWE-287 CWE-287 High Adobe Experience Manager Misconfiguration CVE-2016-0957 CWE-693 CWE-693 High Apache Airflow Experimental API Auth Bypass CVE-2020-13927 CVE-2020-13927 CWE-200 CWE-200 High Apache Axis2 administration console weak password CWE-200 CWE-200 High Apache Geronimo default administrative credentials CWE-693 CWE-693 High Apache REST RCE CVE-2018-11770 CVE-2018-11770 CWE-94 CWE-94 High Apache Roller OGNL injection CVE-2013-4212 CWE-20 CWE-20 High Apache solr service exposed CWE-200 CWE-200 High Apache Spark Master Unauthorized Access Vulnerability CWE-200 CWE-200 High Apache Tapestry weak secret key CWE-693 CWE-693 High Apache Tomcat insecure default administrative password CVE-2009-3548 CWE-284 CWE-284 High Apache Tomcat version older than 6.0.35 CVE-2011-3190 CVE-2011-3375 CVE-2012-0022 CWE-264 CWE-264 High Apache Tomcat version older than 6.0.36 CVE-2012-2733 CVE-2012-3439 CVE-2012-3546 CVE-2012-4431 CVE-2012-4534 CWE-20 CWE-20 High Apache Tomcat version older than 7.0.21 CVE-2011-3190 CWE-264 CWE-264 High Apache Tomcat version older than 7.0.23 CVE-2012-0022 CWE-189 CWE-189 High Apache Tomcat version older than 7.0.28 CVE-2012-2733 CVE-2012-4534 CWE-20 CWE-20 High Apache Tomcat version older than 7.0.30 CVE-2012-3439 CVE-2012-3544 CVE-2012-3546 CWE-20 CWE-20 High ASP.NET connection strings stored in plaintext CWE-16 CWE-16 High Atlassian Jira insecure REST permissions High BottlePy weak secret key CWE-693 CWE-693 High Case-Insensitive Routing Bypass in Express.js Application CWE-287 CWE-287 High Code Execution via WebDav CWE-434 CWE-434 High CodeIgniter session decoding vulnerability CWE-327 CWE-327 High CodeIgniter weak encryption key CWE-200 CWE-200 High Consul API publicly exposed CWE-200 CWE-200 High Core dump file CWE-200 CWE-200 High CouchDB REST API publicly accessible CWE-285 CWE-285 High Delve Debugger Unauthorized Access Vulnerability CWE-200 CWE-200 High Devise weak password CWE-200 CWE-200 High Docker Engine API is accessible without authentication CWE-287 CWE-287 High Docker Registry API is accessible without authentication CWE-287 CWE-287 High Elasticsearch service accessible CWE-200 CWE-200 High Elmah.axd / Errorlog.axd Detected CWE-209 CWE-209 High GlassFish admin console weak credentials CWE-693 CWE-693 High GoCD information disclosure (CVE-2021-43287) CVE-2021-43287 CWE-200 CWE-200 High Hadoop YARN ResourceManager publicly accessible CWE-200 CWE-200 High Harbor Unauthorized Access Vulnerability CVE-2022-46463 CWE-200 CWE-200 High HTTP verb tampering via POST CWE-285 CWE-285 High IBM WebSphere administration console weak password CWE-200 CWE-200 High IIS extended unicode directory traversal vulnerability CVE-2000-0884 CWE-22 CWE-22 High Insecure Transportation Security Protocol Supported (SSLv2) CWE-326 CWE-326 High Insecure Transportation Security Protocol Supported (SSLv3) CWE-326 CWE-326 High Insecure Transportation Security Protocol Supported (TLS 1.0) CWE-326 CWE-326 High JAAS authentication bypass CWE-693 CWE-693 High Java Debug Wire Protocol remote code execution CWE-94 CWE-94 High JBoss BSHDeployer MBean CWE-200 CWE-200 High JBoss HttpAdaptor JMXInvokerServlet CWE-94 CWE-94 High JBoss JMX Console Unrestricted Access CWE-200 CWE-200 High JBoss JMX management console CWE-200 CWE-200 High JBoss ServerInfo MBean CVE-2010-0738 CWE-200 CWE-200 High JBoss Server MBean CWE-200 CWE-200 High JBoss Web Console JMX Invoker CWE-200 CWE-200 High Jenkins Git Plugin missing permission check (CVE-2022-36883) CVE-2022-36883 CWE-862 CWE-862 High Jenkins weak password CWE-200 CWE-200 High Jetpack 2.9.3: Critical Security Update CVE-2014-0173 CWE-287 CWE-287 High JIRA Security Advisory 2013-02-21 CWE-22 CWE-22 High Joomla! 3.2.1 sql injection CWE-89 CWE-89 High Joomla! Core Security Bypass CVE-2017-11364 CWE-264 CWE-264 High Joomla 1.5 end of life CWE-1104 CWE-1104 High Jupyter Notebook publicly accessible CWE-78 CWE-78 High JWT Signature Bypass via None Algorithm CWE-345 CWE-345 High Laravel Terminal open CWE-200 CWE-200 High Magento Cacheleak CWE-200 CWE-200 High MediaWiki remote code execution CVE-2014-1610 CWE-20 CWE-20 High Method Tampering CWE-285 CWE-285 High Microsoft IIS5 NTLM and Basic authentication bypass CVE-2007-2815 CWE-264 CWE-264 High Microsoft IIS WebDAV authentication bypass CVE-2009-1535 CWE-287 CWE-287 High MovableType remote code execution CVE-2015-1592 CWE-94 CWE-94 High Multiple vulnerabilities in Ioncube loader-wizard.php CWE-552 CWE-552 High Nginx PHP code execution via FastCGI CWE-94 CWE-94 High nginx SPDY heap buffer overflow CVE-2014-0133 CWE-122 CWE-122 High Node.js Debugger Unauthorized Access Vulnerability CWE-200 CWE-200 High Node.js Inspector Unauthorized Access Vulnerability CWE-200 CWE-200 High Oracle E-Business Suite Information Disclosure CWE-200 CWE-200 High Oracle PeopleSoft SSO weak secret key CWE-693 CWE-693 High OSGi Management Console Default Credentials CWE-521 CWE-521 High Padding oracle attack CWE-209 CWE-209 High Pentaho API Auth bypass (CVE-2021-31602) CVE-2021-31602 CWE-863 CWE-863 High PHP magic_quotes_gpc is disabled CWE-150 CWE-150 High Python Debugger Unauthorized Access Vulnerability CWE-200 CWE-200 High qdPM Information Disclosure CWE-260 CWE-260 High Reachable SharePoint interface CWE-200 CWE-200 High Request Smuggling CWE-444 CWE-444 High RethinkDB administrative interface publicly exposed CWE-200 CWE-200 High RoR Database Configuration File Detected CWE-538 CWE-538 High Roundcube security updates 0.8.6 and 0.7.3 CVE-2013-1904 CWE-22 CWE-22 High Ruby framework weak secret key CWE-693 CWE-693 High Ruby on Rails weak/known secret token CVE-2013-0156 CWE-200 CWE-200 High SAP Knowledge Management and Collaboration (KMC) incorrect permissions CWE-285 CWE-285 High SAP Management Console get user list CWE-200 CWE-200 High SAP Management Console list logfiles CWE-200 CWE-200 High SAP weak/predictable user credentials CWE-200 CWE-200 High SharePoint user enumeration CWE-200 CWE-200 High Struts 2 development mode CWE-489 CWE-489 High Struts2 Development Mode Enabled CWE-16 CWE-16 High The DROWN attack (SSLv2 supported) CVE-2016-0800 CWE-310 CWE-310 High The Heartbleed Bug CVE-2014-0160 CWE-200 CWE-200 High TorchServe Management API publicly exposed CVE-2023-43654 CWE-200 CWE-200 High Trace.axd Detected CWE-215 CWE-215 High Unprotected phpMyAdmin interface CWE-205 CWE-205 High Unrestricted access to Caddy API interface CWE-200 CWE-200 High Unrestricted access to Haproxy Data Plane API CWE-200 CWE-200 High Unrestricted access to Kong Gateway API CWE-200 CWE-200 High Virtual Host locations misconfiguration CWE-200 CWE-200 High Vulnerable project dependencies CWE-937 CWE-937 High Weak password CWE-200 CWE-200 High Weak Secret is Used to Sign JWT CWE-345 CWE-345 High Weak WordPress security key CWE-16 CWE-16 High Web application default/weak credentials CWE-200 CWE-200 High Web Cache Deception High Web Cache Poisoning CWE-44 CWE-44 High Web Cache Poisoning through HTTP/2 pseudo-headers CWE-44 CWE-44 High Web Cache Poisoning via Fat GET Request CWE-44 CWE-44 High Web Cache Poisoning via Host Header CWE-44 CWE-44 High Web Cache Poisoning via JSONP and UTM_ parameter CWE-44 CWE-44 High Web Cache Poisoning via POST Request CWE-44 CWE-44 High Web Cache Poisoning via semicolon query separator CWE-44 CWE-44 High WebDAV Directory Has Write Permissions CWE-264 CWE-264 High WebLogic admin console weak credentials CWE-693 CWE-693 High Webmail weak password CWE-200 CWE-200 High Xdebug remote code execution via xdebug.remote_connect_back CWE-200 CWE-200 High XML entity injection CWE-611 CWE-611 High XML external entity injection CWE-611 CWE-611 High XML external entity injection (variant) CWE-611 CWE-611 High XML external entity injection and XML injection CWE-611 CWE-611 High XML External Entity Injection via external file CWE-611 CWE-611 High XML external entity injection via File Upload CWE-611 CWE-611 High
