Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Citrix Gateway Open Redirect And XSS Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Active Mixed Content over HTTPS CWE-284 CWE-284 Medium Adobe Experience Manager Information Disclosure via Apache Sling v2.3.6 vulnerability CVE-2016-0956 CWE-668 CWE-668 Medium Apache Cassandra Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Apache configured to run as proxy CWE-441 CWE-441 Medium Apache JServ protocol service CWE-200 CWE-200 Medium Apache Kafka Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Apache perl-status enabled CWE-200 CWE-200 Medium Apache Proxy HTTP CONNECT method enabled CWE-441 CWE-441 Medium Apache Server-Info Detected CWE-200 CWE-200 Medium Apache Server-Status Detected CWE-200 CWE-200 Medium Apache Spark Web UI Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Apache Tomcat examples directory vulnerabilities CWE-264 CWE-264 Medium Apache Tomcat version older than 7.0.32 CVE-2012-4431 CWE-264 CWE-264 Medium Apache ZooKeeper Unauthorized Access Vulnerability CWE-200 CWE-200 Medium ASP.NET: Failure To Require SSL For Authentication Cookies CWE-319 CWE-319 Medium ASP.NET application-level tracing enabled CWE-215 CWE-215 Medium ASP.NET ASPX debugging enabled CWE-11 CWE-11 Medium ASP.NET cookieless authentication enabled CWE-598 CWE-598 Medium ASP.NET Cookieless session state enabled CWE-598 CWE-598 Medium ASP.NET cookies accessible from client-side scripts CWE-1004 CWE-1004 Medium ASP.NET Core Development Mode enabled CWE-200 CWE-200 Medium ASP.NET CustomErrors Is Disabled CWE-12 CWE-12 Medium ASP.NET Deny missing from authorization rule on location CWE-16 CWE-16 Medium ASP.NET diagnostic page CWE-200 CWE-200 Medium ASP.NET error message CWE-12 CWE-12 Medium ASP.NET event validation disabled CWE-16 CWE-16 Medium ASP.NET expired session IDs are not regenerated CWE-16 CWE-16 Medium ASP.NET forms authentication using inadequate protection CWE-16 CWE-16 Medium ASP.NET header checking is disabled in web.config CWE-16 CWE-16 Medium ASP.NET login credentials stored in plain text CWE-256 CWE-256 Medium ASP.NET potential HTTP Verb Tampering CWE-16 CWE-16 Medium ASP.NET ValidateRequest Is Globally Disabled CWE-707 CWE-707 Medium ASP.NET viewstate encryption disabled CWE-16 CWE-16 Medium ASP.NET WCF metadata enabled for behavior CWE-16 CWE-16 Medium ASP.NET WCF replay attacks are not detected CWE-16 CWE-16 Medium ASP.NET WCF service include exception details CWE-16 CWE-16 Medium Atlassian JIRA Servicedesk misconfiguration CWE-287 CWE-287 Medium Axis development mode enabled in WEB-INF/server-config.wsdd CWE-16 CWE-16 Medium Axis system configuration listing enabled in WEB-INF/server-config.wsdd CWE-16 CWE-16 Medium Chrome Logger information disclosure CWE-200 CWE-200 Medium CodeIgniter development mode enabled CWE-16 CWE-16 Medium Cookie signed with weak secret key CWE-693 CWE-693 Medium CRIME SSL/TLS attack CVE-2012-4929 CWE-310 CWE-310 Medium Custom Error Pages Are Not Configured in WEB-INF/web.xml CWE-16 CWE-16 Medium Directory listings CWE-538 CWE-538 Medium Django Debug Toolbar CWE-200 CWE-200 Medium Django weak secret key CWE-693 CWE-693 Medium Drupal configuration file weak file permissions CWE-16 CWE-16 Medium Drupal trusted_host_patterns setting not configured CWE-16 CWE-16 Medium Express cookie-session weak secret key CWE-693 CWE-693 Medium Express running in development mode CWE-200 CWE-200 Medium Firebase database accessible without authentication CWE-200 CWE-200 Medium Flask weak secret key CWE-693 CWE-693 Medium Frontpage authors.pwd available CWE-538 CWE-538 Medium Gitlab open user registration CWE-200 CWE-200 Medium Go web application binary disclosure CWE-540 CWE-540 Medium Grails database console CWE-200 CWE-200 Medium GraphiQL Explorer/Playground Enabled CWE-200 CWE-200 Medium GraphQL Alias Overloading Allowed: Potential Denial of Service Vulnerability CWE-400 CWE-400 Medium GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability CWE-770 CWE-770 Medium GraphQL Circular-Query via Introspection Allowed: Potential DoS Vulnerability CWE-400 CWE-400 Medium GraphQL Field Suggestions Enabled CWE-200 CWE-200 Medium GraphQL Introspection Query Enabled CWE-200 CWE-200 Medium GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Unauthenticated Mutation Detected CWE-306 CWE-306 Medium GraphQL Unhandled Error Leakage CWE-209 CWE-209 Medium Hadoop cluster web interface CWE-200 CWE-200 Medium Hostile subdomain takeover CWE-16 CWE-16 Medium HTTP header reflected in cached response CWE-16 CWE-16 Medium Httpoxy vulnerability CWE-16 CWE-16 Medium HTTP Strict Transport Security (HSTS) Policy Not Enabled CWE-16 CWE-16 Medium InfluxDB Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Insecure crossdomain.xml policy CWE-284 CWE-284 Medium Insecure Transportation Security Protocol Supported (TLS 1.1) CWE-326 CWE-326 Medium Invalid SSL Certificate CWE-298 CWE-298 Medium Java Management Extensions (JMX/RMI) service detected CWE-200 CWE-200 Medium JavaMelody publicly accessible CWE-200 CWE-200 Medium Jenkins open user registration CWE-200 CWE-200 Medium Jetty ConcatServlet Information Disclosure (CVE-2021-28169) CVE-2021-28169 CWE-200 CWE-200 Medium Jetty Information Disclosure (CVE-2021-34429) CVE-2021-34429 CWE-200 CWE-200 Medium Joomla Debug Console enabled CWE-200 CWE-200 Medium Joomla J!Dump extension enabled CWE-200 CWE-200 Medium JSF ViewState client side storage CWE-693 CWE-693 Medium Laravel debug mode enabled CWE-200 CWE-200 Medium Laravel debug mode enabled (AcuSensor) CWE-16 CWE-16 Medium Laravel Health Monitor open CWE-200 CWE-200 Medium Laravel Horizon open CWE-200 CWE-200 Medium Laravel LogViewer open CWE-200 CWE-200 Medium Magento Config File Disclosure CWE-200 CWE-200 Medium Memcached Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Misconfigured Access-Control-Allow-Origin Header CWE-942 CWE-942 Medium Mojolicious weak secret key CWE-693 CWE-693 Medium Multiple vulnerabilities fixed in PHP versions 5.5.12 and 5.4.28 CVE-2014-0185 CWE-1104 CWE-1104 Medium MySQL utf8 4-byte truncation CWE-176 CWE-176 Medium Node.js Running in Development Mode CWE-215 CWE-215 Medium Node.js Web Application does not handle uncaughtException CWE-248 CWE-248 Medium Node.js Web Application does not handle unhandledRejection CWE-248 CWE-248 Medium Open Silverlight Client Access Policy CWE-16 CWE-16 Medium Oracle applications logs publicy available CWE-200 CWE-200 Medium Oracle E-Business Suite Frame Injection (CVE-2017-3528) CVE-2017-3528 CWE-601 CWE-601 Medium Oracle E-Business Suite iStore open user registration CWE-200 CWE-200 Medium Overly long session timeout in servlet configuration CWE-16 CWE-16 Medium PHP enable_dl enabled CWE-470 CWE-470 Medium PHP errors enabled CWE-209 CWE-209 Medium Phpfastcache phpinfo publicly accessible (CVE-2021-37704) CVE-2021-37704 CWE-200 CWE-200 Medium PHP open_basedir is not set CWE-664 CWE-664 Medium PHP register_globals Is Enabled CWE-1108 CWE-1108 Medium PHP session.use_only_cookies Is Disabled CWE-598 CWE-598 Medium PHP session.use_trans_sid enabled CWE-598 CWE-598 Medium Pyramid debug mode CWE-489 CWE-489 Medium Pyramid DebugToolbar enabled CWE-200 CWE-200 Medium Rails application running in development mode CWE-200 CWE-200 Medium Redis Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Ruby on Rails Running in Development Mode CWE-200 CWE-200 Medium Same site scripting CWE-16 CWE-16 Medium SAP ICF /sap/public/info sensitive information disclosure CWE-200 CWE-200 Medium SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability CWE-200 CWE-200 Medium SAP NetWeaver server info information disclosure CWE-200 CWE-200 Medium SAP NetWeaver server info information disclosure BCB CWE-200 CWE-200 Medium SharePoint exposed web services CWE-200 CWE-200 Medium Spring Boot Actuator CWE-489 CWE-489 Medium Spring Boot Actuator v2 CWE-489 CWE-489 Medium Spring Boot Misconfiguration: Actuator endpoint security disabled CWE-16 CWE-16 Medium Spring Boot Misconfiguration: Admin MBean enabled CWE-16 CWE-16 Medium Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed CWE-16 CWE-16 Medium Spring Boot Misconfiguration: Datasource credentials stored in the properties file CWE-16 CWE-16 Medium Spring Boot Misconfiguration: Developer tools enabled on production CWE-16 CWE-16 Medium Spring Boot Misconfiguration: H2 console enabled CWE-16 CWE-16 Medium Spring Boot Misconfiguration: MongoDB credentials stored in the properties file CWE-16 CWE-16 Medium Spring Boot Misconfiguration: Overly long session timeout CWE-16 CWE-16 Medium Spring Boot Misconfiguration: Unsafe value for session tracking CWE-16 CWE-16 Medium Spring Misconfiguration: HTML Escaping disabled CWE-16 CWE-16 Medium SSL Certificate Is About To Expire CWE-298 CWE-298 Medium Struts 2 Config Browser plugin enabled CWE-16 CWE-16 Medium Symfony debug mode enabled (AcuSensor) CWE-16 CWE-16 Medium Symfony running in dev mode CWE-16 CWE-16 Medium Symfony web debug toolbar CWE-489 CWE-489 Medium The FREAK attack CVE-2015-0204 CWE-310 CWE-310 Medium The POODLE attack (SSLv3 with CBC cipher suites) CVE-2014-3566 CWE-326 CWE-326 Medium TLS/SSL certificate key size too small CWE-310 CWE-310 Medium TLS/SSL LOGJAM attack CVE-2015-4000 CWE-310 CWE-310 Medium TLS/SSL Sweet32 attack CVE-2016-2183 CVE-2016-6329 CWE-310 CWE-310 Medium TLS/SSL Weak Cipher Suites CWE-310 CWE-310 Medium Tornado debug mode CWE-489 CWE-489 Medium Tornado weak secret key CWE-693 CWE-693 Medium Unauthorized Access to a web app installer CWE-200 CWE-200 Medium Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability CWE-400 CWE-400 Medium Unicode Transformation (Best-Fit Mapping) CWE-176 CWE-176 Medium Unprotected Apache NiFi API interface CWE-287 CWE-287 Medium Unprotected Kong Gateway Admin API interface CWE-287 CWE-287 Medium Unsafe value for session tracking in WEB-INF/web.xml CWE-16 CWE-16 Medium Verb tampering via misconfigured security constraint CWE-16 CWE-16 Medium ViewState MAC Disabled CWE-642 CWE-642 Medium W3 total cache debug mode CWE-489 CWE-489 Medium Web2py weak secret key CWE-693 CWE-693 Medium Webalizer script CWE-538 CWE-538 Medium Web Cache Poisoning DoS CWE-400 CWE-400 Medium Web Cache Poisoning DoS (for javascript) CWE-400 CWE-400 Medium Web Cache Poisoning DoS through HTTP/2 headers CWE-400 CWE-400 Medium WebDAV directory listing CWE-538 CWE-538 Medium WebPageTest Unauthorized Access Vulnerability CWE-200 CWE-200 Medium WordPress allows editing theme/plugin files CWE-16 CWE-16 Medium WordPress configuration file weak file permissions CWE-16 CWE-16 Medium Yii2 debug toolkit CWE-200 CWE-200 Medium Yii2 Gii extension CWE-200 CWE-200 Medium Yii2 weak secret key CWE-693 CWE-693 Medium Yii debug mode enabled CWE-16 CWE-16 Medium Yii running in dev mode CWE-16 CWE-16 Medium [Possible] AWStats Detected CWE-538 CWE-538 Medium [Possible] Password Transmitted over Query String CWE-200 CWE-200 Medium
