Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Citrix Gateway Open Redirect And XSS Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Apache mod_negotiation filename bruteforcing CWE-538 CWE-538 Low Apache Solr endpoint CWE-200 CWE-200 Low Apache stronghold-info enabled CWE-200 CWE-200 Low Apache stronghold-status enabled CWE-200 CWE-200 Low Arbitrary File Read on Nuxt.js Development Server CWE-200 CWE-200 Low ASP.NET debugging enabled CWE-11 CWE-11 Low ASP.NET ViewStateUserKey Is Not Set CWE-642 CWE-642 Low Broken Link Hijacking CWE-610 CWE-610 Low Clickjacking: CSP frame-ancestors missing CWE-1021 CWE-1021 Low ColdFusion administrator login page publicly available CWE-200 CWE-200 Low ColdFusion RDS Service enabled CWE-200 CWE-200 Low Cookies Not Marked as HttpOnly CWE-1004 CWE-1004 Low Cookies Not Marked as Secure CWE-614 CWE-614 Low Cookies with missing, inconsistent or contradictory properties CWE-284 CWE-284 Low Error page path disclosure CWE-200 CWE-200 Low FrontPage Identified CWE-16 CWE-16 Low Gitlab user disclosure CWE-200 CWE-200 Low H2 console publicly accessible CWE-287 CWE-287 Low Internet Information Server returns IP address in HTTP header (Content-Location) CWE-200 CWE-200 Low Jenkins open people list CWE-200 CWE-200 Low Kentico Staging API publicly accessible CWE-200 CWE-200 Low Missing Content-Type Header CWE-16 CWE-16 Low Nuxt.js Running in Development Mode CWE-200 CWE-200 Low OData feed accessible anonymously CWE-200 CWE-200 Low Passive Mixed Content over HTTPS CWE-284 CWE-284 Low PHP allow_url_fopen Is Enabled CWE-829 CWE-829 Low PHP allow_url_include Is Enabled CWE-829 CWE-829 Low PHP display_errors Is Enabled CWE-209 CWE-209 Low PHP open_basedir Is Not Configured CWE-664 CWE-664 Low Sensitive pages could be cached CWE-200 CWE-200 Low Session cookies scoped to parent domain CWE-284 CWE-284 Low Session ID in URL CWE-200 CWE-200 Low Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed CWE-16 CWE-16 Low Symfony ESI (Edge-Side Includes) enabled CWE-16 CWE-16 Low Tomcat status page CWE-200 CWE-200 Low TRACE/TRACK Method Detected CWE-489 CWE-489 Low TRACK method is enabled CWE-489 CWE-489 Low Unrestricted access to a monitoring system CWE-200 CWE-200 Low Unrestricted access to ImageResizer Diagnotics plugin CWE-200 CWE-200 Low Unrestricted access to Prometheus CWE-200 CWE-200 Low Unrestricted access to Prometheus Metrics CWE-200 CWE-200 Low WordPress admin accessible without HTTP authentication CWE-16 CWE-16 Low WordPress default administrator account CWE-16 CWE-16 Low