Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Api Bfla Api Bola Api Broken Auth Api Broken Object Prop Auth Api Dos Api Improper Inventory Management Api Misconfiguration Api Ssrf Arbitrary File Creation Arbitrary File Read Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities LLM Ldap Injection Llm Excessive Agency Llm Insecure Output Handling Llm Prompt Injection Llm Prompt Leakage Llm Sensitive Information Disclosure Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Apache ActiveMQ default administrative credentials High Apache Airflow default credentials CWE-798 CWE-798 High Apache APISIX default token (CVE-2020-13945/CVE-2022-24112) CVE-2020-13945 CVE-2022-24112 CWE-259 CWE-259 Medium Apache Geronimo default administrative credentials CWE-1392 CWE-1392 High Apache Shiro Deserialization RCE CVE-2016-4437 CWE-78 CWE-78 High Apache Tapestry weak secret key CWE-1391 CWE-1391 High Apache Tomcat insecure default administrative password CVE-2009-3548 CWE-798 CWE-798 High ASP.NET ViewState Weak Validation Key CWE-321 CWE-321 Critical BottlePy weak secret key CWE-1391 CWE-1391 High Cookie signed with weak secret key CWE-1391 CWE-1391 Medium Django weak secret key CWE-1391 CWE-1391 Medium Express cookie-session weak secret key CWE-1391 CWE-1391 Medium Express express-session weak secret key CWE-1391 CWE-1391 Informational Flask weak secret key CWE-1391 CWE-1391 Medium Laravel framework weak secret key CWE-1391 CWE-1391 Medium Mojolicious weak secret key CWE-1391 CWE-1391 Medium Oracle Business Intelligence default administrative credentials High Oracle PeopleSoft SSO weak secret key CWE-1391 CWE-1391 High OSGi Management Console Default Credentials CWE-521 CWE-521 High phpLiteAdmin default password CWE-200 CWE-200 High Play framework weak secret key CWE-1391 CWE-1391 Medium PrimeFaces 5.x Expression Language injection CVE-2017-1000486 High Pyramid framework weak secret key CWE-1391 CWE-1391 Medium RethinkDB administrative interface publicly exposed CWE-200 CWE-200 High Ruby framework weak secret key CWE-1391 CWE-1391 High Ruby on Rails weak/known secret token CVE-2013-0156 CWE-200 CWE-200 High SonarQube default credentials CWE-798 CWE-798 High Tornado weak secret key CWE-1391 CWE-1391 Medium Unrestricted access to Haproxy Data Plane API CWE-200 CWE-200 High Weak Secret is Used to Sign JWT CWE-347 CWE-347 High Web2py weak secret key CWE-1391 CWE-1391 Medium WordPress default administrator account Low Yii2 weak secret key CWE-1391 CWE-1391 Medium