Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Api Bfla Api Bola Api Broken Auth Api Broken Object Prop Auth Api Dos Api Improper Inventory Management Api Misconfiguration Api Ssrf Arbitrary File Creation Arbitrary File Read Arbitrary File Write Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities LLM Ldap Injection Llm Excessive Agency Llm Insecure Output Handling Llm Prompt Injection Llm Sensitive Information Disclosure Malware Missing Update Path Traversal Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Xss - Known Vulnerabilities Vulnerability Name CVE CWE CWE Severity Apache mod_negotiation filename bruteforcing CWE-538 CWE-538 Low Apache Solr endpoint CWE-200 CWE-200 Low Apache stronghold-info enabled CWE-200 CWE-200 Low Apache stronghold-status enabled CWE-200 CWE-200 Low Arbitrary File Read on Nuxt.js Development Server CWE-200 CWE-200 Low ASP.NET debugging enabled CWE-11 CWE-11 Low ASP.NET error message CWE-12 CWE-12 Low ASP.NET ViewStateUserKey Is Not Set CWE-642 CWE-642 Low Broken Link Hijacking CWE-610 CWE-610 Low Clickjacking: CSP frame-ancestors missing CWE-1021 CWE-1021 Low ColdFusion administrator login page publicly available CWE-200 CWE-200 Low ColdFusion RDS Service enabled CWE-200 CWE-200 Low Cookies Not Marked as HttpOnly CWE-1004 CWE-1004 Low Cookies Not Marked as Secure CWE-614 CWE-614 Low Cookies with missing, inconsistent or contradictory properties CWE-284 CWE-284 Low Error page path disclosure CWE-200 CWE-200 Low FrontPage Identified CWE-16 CWE-16 Low Gitlab user disclosure CWE-200 CWE-200 Low H2 console publicly accessible CWE-287 CWE-287 Low Internet Information Server returns IP address in HTTP header (Content-Location) CWE-200 CWE-200 Low Jenkins open people list CWE-200 CWE-200 Low Kentico Staging API publicly accessible CWE-200 CWE-200 Low Missing Content-Type Header CWE-16 CWE-16 Low Nuxt.js Running in Development Mode CWE-200 CWE-200 Low OData feed accessible anonymously CWE-200 CWE-200 Low Passive Mixed Content over HTTPS CWE-284 CWE-284 Low PHP allow_url_fopen Is Enabled CWE-829 CWE-829 Low PHP allow_url_include enabled CWE-829 CWE-829 Low PHP allow_url_include Is Enabled CWE-829 CWE-829 Low PHP display_errors Is Enabled CWE-209 CWE-209 Low PHP open_basedir Is Not Configured CWE-664 CWE-664 Low PHP open_basedir is not set CWE-664 CWE-664 Low Possible Database Name Disclosure CWE-200 CWE-200 Low Sensitive pages could be cached CWE-200 CWE-200 Low Session cookies scoped to parent domain CWE-284 CWE-284 Low Session ID in URL CWE-200 CWE-200 Low Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed CWE-16 CWE-16 Low Symfony ESI (Edge-Side Includes) enabled CWE-16 CWE-16 Low Tomcat status page CWE-200 CWE-200 Low TRACE Method enabled CWE-489 CWE-489 Low TRACK Method enabled CWE-489 CWE-489 Low Unrestricted access to a monitoring system CWE-200 CWE-200 Low Unrestricted access to ImageResizer Diagnotics plugin CWE-200 CWE-200 Low Unrestricted access to Prometheus CWE-200 CWE-200 Low Unrestricted access to Prometheus Metrics CWE-200 CWE-200 Low Version Disclosure (IIS) CWE-200 CWE-200 Low Wing FTP Anonymous access CWE-200 CWE-200 Low WordPress admin accessible without HTTP authentication CWE-16 CWE-16 Low WordPress default administrator account CWE-16 CWE-16 Low
