Vulnerability Name |
CVE
CWE
|
CWE |
Severity |
.htaccess File Detected
|
CWE-443
|
CWE-443
|
Informational
|
A2 Optimized WP Information Disclosure (2.0.10.8)
|
CWE-200
|
CWE-200
|
High
|
AccessAlly Information Disclosure (3.5.6)
|
CVE-2021-24226
CWE-200
|
CWE-200
|
High
|
ACF to REST API Information Disclosure (3.2.0)
|
CVE-2020-13700
CWE-200
|
CWE-200
|
High
|
Activity Log Information Disclosure (2.2.12)
|
CWE-200
|
CWE-200
|
High
|
Acumbamail Information Disclosure (1.0.4)
|
CWE-200
|
CWE-200
|
High
|
Adminer 4.6.2 file disclosure vulnerability
|
CWE-22
|
CWE-22
|
High
|
Adobe ColdFusion directory traversal
|
CVE-2013-3336
CWE-22
|
CWE-22
|
High
|
Advanced Contact form 7 DB Information Disclosure (1.1.0)
|
CWE-200
|
CWE-200
|
High
|
Advanced Contact form 7 DB Information Disclosure (1.6.2)
|
CWE-200
|
CWE-200
|
High
|
Advanced Custom Fields (ACF) Information Disclosure (6.0.2)
|
CVE-2022-40696
CWE-200
|
CWE-200
|
High
|
Advanced Custom Fields PRO Information Disclosure (6.0.2)
|
CVE-2022-40696
CWE-200
|
CWE-200
|
High
|
Advanced Woo Search Information Disclosure (1.99)
|
CVE-2020-12070
CWE-200
|
CWE-200
|
High
|
Advanced XML Reader XML External Entity Information Disclosure (0.3.4)
|
CWE-611
|
CWE-611
|
High
|
AlertWire Information Disclosure (1.1.1)
|
CWE-200
|
CWE-200
|
High
|
All-In-One Security (AIOS)-Security and Firewall Information Disclosure (5.1.2)
|
CVE-2022-4346
CWE-200
|
CWE-200
|
High
|
All-in-One WP Migration Information Disclosure (7.0)
|
CWE-200
|
CWE-200
|
High
|
All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Information Disclosure (2.2.5.1)
|
CVE-2015-0902
CWE-200
|
CWE-200
|
High
|
Amazon S3 public bucket
|
CWE-264
|
CWE-264
|
Medium
|
Amazon S3 publicly writable bucket
|
CWE-264
|
CWE-264
|
High
|
Apache 2.x version older than 2.0.48
|
CVE-2003-0542
CVE-2003-0789
CWE-119
|
CWE-119
|
Medium
|
Apache Axis2 administration console weak password
|
CWE-200
|
CWE-200
|
High
|
Apache Axis2 information disclosure
|
CWE-200
|
CWE-200
|
Medium
|
Apache Axis2 web services enumeration
|
CWE-200
|
CWE-200
|
Low
|
Apache Axis2 xsd local file inclusion
|
CWE-22
|
CWE-22
|
High
|
Apache balancer-manager application publicly accessible
|
CWE-200
|
CWE-200
|
Medium
|
Apache httpOnly cookie disclosure
|
CVE-2012-0053
CWE-264
|
CWE-264
|
Medium
|
Apache mod_negotiation filename bruteforcing
|
CWE-538
|
CWE-538
|
Low
|
Apache OFBiz Log4Shell RCE
|
CVE-2021-44228
CWE-78
|
CWE-78
|
High
|
Apache perl-status enabled
|
CWE-200
|
CWE-200
|
Medium
|
Apache Server-Info Detected
|
CWE-200
|
CWE-200
|
Medium
|
Apache Server-Status Detected
|
CWE-200
|
CWE-200
|
Medium
|
Apache Solr endpoint
|
CWE-200
|
CWE-200
|
Low
|
Apache Solr Log4Shell RCE
|
CVE-2021-44228
CWE-78
|
CWE-78
|
High
|
Apache solr service exposed
|
CWE-200
|
CWE-200
|
High
|
Apache stronghold-info enabled
|
CWE-200
|
CWE-200
|
Low
|
Apache stronghold-status enabled
|
CWE-200
|
CWE-200
|
Low
|
Apache Tomcat examples directory vulnerabilities
|
CWE-264
|
CWE-264
|
Medium
|
Apache Tomcat Information Disclosure CVE-2017-7674
|
CVE-2017-12616
CWE-200
|
CWE-200
|
High
|
Apache Tomcat sample files
|
CWE-538
|
CWE-538
|
Medium
|
Apache Tomcat version older than 4.1.37
|
CVE-2005-3164
CVE-2007-1355
CVE-2007-2449
CVE-2007-2450
CVE-2007-3382
CVE-2007-3383
CVE-2007-3385
CVE-2007-5333
CVE-2007-5461
CWE-79
|
CWE-79
|
Medium
|
Apache Tomcat version older than 5.5.26
|
CVE-2007-5333
CVE-2007-5342
CVE-2007-5461
CVE-2007-6286
CWE-264
|
CWE-264
|
Medium
|
Apache Tomcat version older than 6.0.11
|
CVE-2005-2090
CVE-2007-1355
CWE-79
|
CWE-79
|
Medium
|
Apache Tomcat version older than 6.0.35
|
CVE-2011-3190
CVE-2011-3375
CVE-2012-0022
CWE-264
|
CWE-264
|
High
|
Apache Tomcat version older than 7.0.21
|
CVE-2011-3190
CWE-264
|
CWE-264
|
High
|
apc.php page found
|
CWE-538
|
CWE-538
|
Medium
|
API Sensitive Info(PII) accessible without authentication
|
CWE-284
|
CWE-284
|
High
|
ApplyOnline-Application Form Builder and Manager Arbitrary File Disclosure (1.9.92)
|
CWE-538
|
CWE-538
|
High
|
Arbitrary file existence disclosure in Action Pack
|
CVE-2014-7829
CWE-200
|
CWE-200
|
Medium
|
Arbitrary File Read on Nuxt.js Development Server
|
CWE-200
|
CWE-200
|
Low
|
Arbitrary local file read via file upload
|
CWE-200
|
CWE-200
|
High
|
ASP.NET application-level tracing enabled
|
CWE-215
|
CWE-215
|
Medium
|
ASP.NET connection strings stored in plaintext
|
CWE-16
|
CWE-16
|
High
|
ASP.NET Core Development Mode enabled
|
CWE-200
|
CWE-200
|
Medium
|
ASP.NET CustomErrors Is Disabled
|
CWE-12
|
CWE-12
|
Medium
|
ASP.NET debugging enabled
|
CWE-11
|
CWE-11
|
Low
|
ASP.NET diagnostic page
|
CWE-200
|
CWE-200
|
Medium
|
ASP.NET error message
|
CWE-12
|
CWE-12
|
Medium
|
ASP.NET path disclosure
|
CWE-200
|
CWE-200
|
Low
|
ASP.NET viewstate encryption disabled
|
CWE-16
|
CWE-16
|
Medium
|
ASP.NET WCF service include exception details
|
CWE-16
|
CWE-16
|
Medium
|
Aspose Cloud eBook Generator Arbitrary File Download (1.0)
|
CWE-22
|
CWE-22
|
High
|
Aspose DOC Exporter Arbitrary File Download (1.0)
|
CWE-22
|
CWE-22
|
High
|
Aspose Importer & Exporter Arbitrary File Download (2.0)
|
CWE-22
|
CWE-22
|
High
|
Aspose PDF Exporter Arbitrary File Download (1.0)
|
CWE-22
|
CWE-22
|
High
|
Atlassian Confluence Access Restriction Bypass
|
CVE-2017-9505
|
|
Medium
|
Atlassian Confluence information disclosure
|
CVE-2017-7415
|
|
High
|
Atlassian Confluence Stored Cross Site Scripting
|
CVE-2016-6283
|
|
Medium
|
Atlassian Jira Manage Filters information disclosure
|
CWE-200
|
CWE-200
|
Low
|
BackupBuddy Arbitrary File Download (8.7.4.1)
|
CVE-2022-31474
CWE-22
|
CWE-22
|
High
|
BackupBuddy Information Disclosure (2.2.28)
|
CVE-2013-2743
CVE-2013-2744
CWE-200
|
CWE-200
|
High
|
Bazaar repository found
|
CWE-538
|
CWE-538
|
High
|
Be POPIA Compliant Information Disclosure (1.1.5)
|
CVE-2022-1186
CWE-200
|
CWE-200
|
High
|
Better WordPress Minify Arbitrary File Disclosure (1.2.2)
|
CWE-538
|
CWE-538
|
High
|
Bitrix server test script publicly accessible
|
CWE-200
|
CWE-200
|
Medium
|
Breadcrumb NavXT Information Disclosure (6.1.0)
|
CWE-200
|
CWE-200
|
High
|
BuddyPress Information Disclosure (5.1.1)
|
CVE-2020-5244
CWE-200
|
CWE-200
|
High
|
BulletProof Security Information Disclosure (5.1)
|
CVE-2021-39327
CWE-200
|
CWE-200
|
High
|
Caldera Forms-More Than Contact Forms Arbitrary File Disclosure (1.8.1)
|
CWE-538
|
CWE-538
|
High
|
Caldera Forms-More Than Contact Forms Information Disclosure (1.3.5.2)
|
CWE-200
|
CWE-200
|
High
|
Candidate Application Form Arbitrary File Disclosure (1.6)
|
CWE-538
|
CWE-538
|
High
|
Candidate Application Form Arbitrary File Download (1.0)
|
CVE-2015-1000005
CWE-22
|
CWE-22
|
High
|
Cart66 Pro Arbitrary File Disclosure (1.5.3)
|
CVE-2014-9461
CWE-22
|
CWE-22
|
High
|
Cherry Services List Information Disclosure (1.4.1)
|
CWE-200
|
CWE-200
|
High
|
Cherry Team Members Information Disclosure (1.4.1)
|
CWE-200
|
CWE-200
|
High
|
Child Theme Configurator Arbitrary File Disclosure (1.7.4)
|
CWE-538
|
CWE-538
|
High
|
Chrome Logger information disclosure
|
CWE-200
|
CWE-200
|
Medium
|
Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2)
|
CWE-22
|
CWE-22
|
High
|
Citrix ADC NetScaler Local File Inclusion (CVE-2020-8193)
|
CVE-2020-8193
CWE-284
|
CWE-284
|
Medium
|
Clockwork PHP dev tool enabled
|
CWE-200
|
CWE-200
|
Medium
|
cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)
|
CWE-22
|
CWE-22
|
High
|
CodeArt-Google MP3 Player Arbitrary File Disclosure (1.0.11)
|
CWE-538
|
CWE-538
|
High
|
CodeIgniter development mode enabled
|
CWE-16
|
CWE-16
|
Medium
|
ColdFusion path disclosures
|
CWE-200
|
CWE-200
|
Low
|
ColdFusion Request Debugging information disclosure
|
CWE-200
|
CWE-200
|
Medium
|
ColdFusion Robust Exception enabled
|
CWE-200
|
CWE-200
|
Medium
|
Composer installed.json publicly accessible
|
CWE-200
|
CWE-200
|
Low
|
Configuration file disclosure
|
CWE-538
|
CWE-538
|
High
|
Configuration file source code disclosure
|
CWE-538
|
CWE-538
|
High
|
Consul API publicly exposed
|
CWE-200
|
CWE-200
|
High
|
Contact Form 7 Database Information Disclosure (1.3)
|
CWE-200
|
CWE-200
|
High
|
Contact Form Email Information Disclosure (1.2.66)
|
CWE-200
|
CWE-200
|
High
|
Core dump checker PHP script
|
CWE-200
|
CWE-200
|
Medium
|
Core dump file
|
CWE-200
|
CWE-200
|
High
|
Correos Woocommerce Arbitrary File Download (1.3.0.0)
|
CVE-2023-0331
CWE-552
|
CWE-552
|
High
|
Count per Day Arbitrary File Download and Cross-Site Scripting Vulnerabilities (3.1)
|
CVE-2012-0896
CWE-22
CWE-79
|
CWE-22
CWE-79
|
High
|
Count per Day Information Disclosure (3.2.5)
|
CWE-200
|
CWE-200
|
High
|
CP Image Store with Slideshow Arbitrary File Download (1.0.5)
|
CWE-22
|
CWE-22
|
High
|
Crayon Syntax Highlighter Local File Disclosure (2.6.10)
|
CWE-22
|
CWE-22
|
High
|
Credit card number disclosed
|
CWE-200
|
CWE-200
|
Medium
|
Credova_Financial Information Disclosure (1.4.8)
|
CVE-2021-39342
CWE-200
|
CWE-200
|
High
|
Customize WordPress Emails and Alerts-Better Notifications for WP Information Disclosure (1.8.6)
|
CVE-2022-0345
CWE-200
|
CWE-200
|
High
|
CVS Detected
|
CWE-527
|
CWE-527
|
Medium
|
Delve Debugger Unauthorized Access Vulnerability
|
CWE-200
|
CWE-200
|
High
|
Development configuration files
|
CWE-538
|
CWE-538
|
Medium
|
Devise weak password
|
CWE-200
|
CWE-200
|
High
|
Direct Download for Woocommerce Arbitrary File Download (1.15)
|
CWE-538
|
CWE-538
|
High
|
Directory listings
|
CWE-538
|
CWE-538
|
Medium
|
Django Debug Mode Enabled
|
CWE-200
|
CWE-200
|
Medium
|
Django Debug Toolbar
|
CWE-200
|
CWE-200
|
Medium
|
Documentation files
|
CWE-538
|
CWE-538
|
Low
|
Doneren met Mollie Information Disclosure (2.8.4)
|
CWE-200
|
CWE-200
|
High
|
Dotenv .env file
|
CWE-538
|
CWE-538
|
High
|
Download Monitor Information Disclosure (1.6.3)
|
CWE-538
|
CWE-538
|
High
|
Download Shortcode Arbitrary File Disclosure (0.1)
|
CWE-22
|
CWE-22
|
High
|
Download Zip Attachments Arbitrary File Download (1.0.0)
|
CVE-2015-4704
CWE-22
|
CWE-22
|
High
|
Dragonfly Arbitrary File Read/Write (CVE-2021-33564)
|
CVE-2021-33564
CWE-20
|
CWE-20
|
High
|
Drupal 7 arbitrary PHP code execution and information disclosure
|
CVE-2012-4553
CVE-2012-4554
CWE-264
|
CWE-264
|
High
|
Drupal Backup Migrate directory publicly accessible
|
CWE-538
|
CWE-538
|
High
|
Drupal Core 5.x Information Disclosure (5.0 - 5.18)
|
CVE-2009-2374
CWE-200
|
CWE-200
|
High
|
Drupal Core 6.x Information Disclosure (6.0 - 6.30)
|
CVE-2014-2983
CWE-200
|
CWE-200
|
High
|
Drupal Core 7.x Information Disclosure (7.0 - 7.14)
|
CVE-2012-2922
CWE-200
|
CWE-200
|
High
|
Drupal Core 7.x Information Disclosure (7.0 - 7.26)
|
CVE-2014-2983
CWE-200
|
CWE-200
|
High
|
Drupal Core 8.8.x Information Disclosure (8.8.0 - 8.8.9)
|
CVE-2020-13670
CWE-200
|
CWE-200
|
High
|
Drupal Core 8.9.x Information Disclosure (8.9.0 - 8.9.5)
|
CVE-2020-13670
CWE-200
|
CWE-200
|
High
|
Drupal Core 8.x.x Information Disclosure (8.0.0 - 8.7.14)
|
CVE-2020-13670
CWE-200
|
CWE-200
|
High
|
Drupal Core 9.0.x Information Disclosure (9.0.0 - 9.0.5)
|
CVE-2020-13670
CWE-200
|
CWE-200
|
High
|
Drupal Views module information disclosure vulnerability
|
CWE-200
|
CWE-200
|
Medium
|
Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0)
|
CWE-22
|
CWE-22
|
High
|
Duplicator-WordPress Migration Arbitrary File Download (1.3.26)
|
CVE-2020-11738
CWE-538
|
CWE-538
|
High
|
DZS Video Gallery Information Disclosure (3.1.3)
|
CWE-200
|
CWE-200
|
High
|
Easy Author Image Information Disclosure (1.5)
|
CWE-200
|
CWE-200
|
High
|
Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0)
|
CWE-22
|
CWE-22
|
High
|
Easy Digital Downloads-Simple eCommerce for Selling Digital Files Information Disclosure (2.7.6)
|
CWE-200
|
CWE-200
|
High
|
Ektron CMS unauthenticated code execution and Local File Read
|
CVE-2012-5357
CVE-2012-5358
CWE-20
|
CWE-20
|
High
|
Elasticsearch service accessible
|
CWE-200
|
CWE-200
|
High
|
Elmah.axd / Errorlog.axd Detected
|
CWE-209
|
CWE-209
|
High
|
Email Log Information Disclosure (1.9)
|
CWE-200
|
CWE-200
|
High
|
Email newsletter 'option' Parameter Information Disclosure (8.0)
|
CWE-200
|
CWE-200
|
High
|
Email Subscribers & Newsletters Information Disclosure (3.4.7)
|
CVE-2018-6015
CWE-200
|
CWE-200
|
High
|
Envoy Metadata disclosure
|
CWE-200
|
CWE-200
|
Low
|
Error messages
|
CWE-209
|
CWE-209
|
Low
|
Error page path disclosure
|
CWE-200
|
CWE-200
|
Low
|
Error page web server version disclosure
|
CWE-200
|
CWE-200
|
Informational
|
Eshop Magic Arbitrary File Disclosure (0.1)
|
CWE-22
|
CWE-22
|
High
|
Express running in development mode
|
CWE-200
|
CWE-200
|
Medium
|
F5 BIG-IP Cookie Information Disclosure
|
CWE-200
|
CWE-200
|
Low
|
Fast Velocity Minify Information Disclosure (2.7.6)
|
CVE-2019-19983
CWE-200
|
CWE-200
|
High
|
File Content Disclosure in Action View
|
CVE-2019-5418
CWE-200
|
CWE-200
|
High
|
Filedownload 'download.php' Local File Disclosure (0.1)
|
CWE-22
|
CWE-22
|
High
|
File Manager Information Disclosure (6.4)
|
CVE-2020-24312
CWE-200
|
CWE-200
|
High
|
Find My Blocks Information Disclosure (3.3.2)
|
CVE-2021-24677
CWE-200
|
CWE-200
|
High
|
FireStats Arbitrary File Download (1.6.5)
|
CWE-538
|
CWE-538
|
High
|
Font Awesome Information Disclosure (4.0.0-rc16)
|
CWE-200
|
CWE-200
|
High
|
Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Information Disclosure (2.0.07)
|
CWE-200
|
CWE-200
|
High
|
Forums 'url' Parameter Arbitrary File Disclosure (1.4.3)
|
CVE-2012-4920
CWE-22
|
CWE-22
|
High
|
Frontpage authors.pwd available
|
CWE-538
|
CWE-538
|
Medium
|
FrontPage Identified
|
CWE-16
|
CWE-16
|
Low
|
Full public read access Azure blob storage
|
CWE-264
|
CWE-264
|
Medium
|
Fusion Engage Local File Disclosure (1.0.5)
|
CWE-22
|
CWE-22
|
High
|
Gallery-Flagallery Photo Portfolio Information Disclosure (4.24)
|
CVE-2014-8491
CWE-200
|
CWE-200
|
High
|
Gallery-Flagallery Photo Portfolio SQL Injection and Information Disclosure Vulnerabilities (0.59)
|
CWE-22
CWE-89
|
CWE-22
CWE-89
|
High
|
Gallery by BestWebSoft Arbitrary File Disclosure (3.8.3)
|
CWE-538
|
CWE-538
|
High
|
Generic Email Address Disclosure
|
CWE-200
|
CWE-200
|
Informational
|
Ghost Arbitrary File Download (0.5.5)
|
CWE-538
|
CWE-538
|
High
|
GIT Detected
|
CWE-527
|
CWE-527
|
Medium
|
Gitlab user disclosure
|
CWE-200
|
CWE-200
|
Low
|
GiveWP-Donation and Fundraising Platform Information Disclosure (2.20.2)
|
CVE-2022-2117
CWE-200
|
CWE-200
|
High
|
GlassFish admin console weak credentials
|
CWE-693
|
CWE-693
|
High
|
Global.asa backup file found
|
CWE-538
|
CWE-538
|
Medium
|
Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1)
|
CWE-95
CWE-200
|
CWE-95
CWE-200
|
High
|
GlotPress Information Disclosure (2.2.1)
|
CWE-200
|
CWE-200
|
High
|
Gmail SMTP Arbitrary File Disclosure (1.1.0)
|
CVE-2017-5223
CWE-200
|
CWE-200
|
High
|
GoCD information disclosure (CVE-2021-43287)
|
CVE-2021-43287
CWE-200
|
CWE-200
|
High
|
Golang runtime profiling data
|
CWE-200
|
CWE-200
|
Medium
|
Google Doc Embedder Arbitrary File Disclosure (2.4.6)
|
CVE-2012-4915
CWE-22
|
CWE-22
|
High
|
Google Drive for WordPress Information Disclosure (2.2)
|
CWE-538
|
CWE-538
|
High
|
Go web application binary disclosure
|
CWE-540
|
CWE-540
|
Medium
|
Grails database console
|
CWE-200
|
CWE-200
|
Medium
|
GraphiQL Explorer/Playground Enabled
|
CWE-200
|
CWE-200
|
Medium
|
GraphQL Field Suggestions Enabled
|
CWE-200
|
CWE-200
|
Medium
|
GraphQL Introspection Query Enabled
|
CWE-200
|
CWE-200
|
Medium
|
GraphQL Unhandled Error Leakage
|
CWE-209
|
CWE-209
|
Medium
|
Gravity Forms Information Disclosure (2.4.8)
|
CVE-2020-13764
CWE-200
|
CWE-200
|
High
|
Groundhogg-Marketing Automation & CRM for WordPress Arbitrary File Disclosure (2.0.9.4)
|
CWE-538
|
CWE-538
|
High
|
HB AUDIO GALLERY LITE Arbitrary File Download (1.0.0)
|
CWE-538
|
CWE-538
|
High
|
Health Check & Troubleshooting Arbitrary File Disclosure (1.2.3)
|
CWE-538
|
CWE-538
|
High
|
Helpful Information Disclosure (4.5.25)
|
CVE-2022-2834
CWE-200
|
CWE-200
|
High
|
History Collection Arbitrary File Download (1.1.1)
|
CWE-538
|
CWE-538
|
High
|
HTML5 MP3 Player with Playlist Free Information Disclosure (2.6)
|
CVE-2014-9177
CWE-200
|
CWE-200
|
High
|
HTML Form found in redirect page
|
CWE-287
|
CWE-287
|
Low
|
IBM Web Content Manager XPath injection
|
CVE-2013-6735
CWE-264
|
CWE-264
|
High
|
IBM WebSphere/WebLogic application source file exposure
|
CWE-200
|
CWE-200
|
High
|
IBM WebSphere administration console weak password
|
CWE-200
|
CWE-200
|
High
|
IBS Mappro Arbitrary File Download (0.6)
|
CVE-2015-5472
CWE-22
|
CWE-22
|
High
|
IIS Path disclosure
|
CWE-200
|
CWE-200
|
Low
|
Image Export Arbitrary File Download (1.1.0)
|
CVE-2015-5609
CWE-22
|
CWE-22
|
High
|
Import all XML, CSV & TXT into WordPress Arbitrary File Disclosure (3.7)
|
CWE-22
|
CWE-22
|
High
|
Import all XML, CSV & TXT into WordPress Information Disclosure (3.6.74)
|
CWE-200
|
CWE-200
|
High
|
InfluxDB Unauthorized Access Vulnerability
|
CWE-200
|
CWE-200
|
Medium
|
Information Disclosure (Microsoft Office)
|
CWE-200
|
CWE-200
|
Low
|
Insecure transition from HTTPS to HTTP in form post
|
CWE-200
|
CWE-200
|
Low
|
Insecure transition from HTTP to HTTPS in form post
|
CWE-200
|
CWE-200
|
Medium
|
Internet Information Server returns IP address in HTTP header (Content-Location)
|
CWE-200
|
CWE-200
|
Low
|
IP Blacklist Cloud Arbitrary File Disclosure (3.42)
|
CWE-22
|
CWE-22
|
High
|
iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1)
|
CWE-200
|
CWE-200
|
High
|
Javascript Source map detected
|
CWE-16
|
CWE-16
|
Informational
|
JBoss BSHDeployer MBean
|
CWE-200
|
CWE-200
|
High
|
JBoss HttpAdaptor JMXInvokerServlet
|
CWE-94
|
CWE-94
|
High
|
JBoss JMX Console Unrestricted Access
|
CWE-200
|
CWE-200
|
High
|
JBoss JMX management console
|
CWE-200
|
CWE-200
|
High
|
JBoss Seam remoting vulnerabilities
|
CVE-2013-6447
CVE-2013-6448
CWE-611
|
CWE-611
|
High
|
JBoss ServerInfo MBean
|
CVE-2010-0738
CWE-200
|
CWE-200
|
High
|
JBoss Server MBean
|
CWE-200
|
CWE-200
|
High
|
JBoss status servlet information leak
|
CVE-2010-1429
CWE-200
|
CWE-200
|
Medium
|
JBoss Web Console JMX Invoker
|
CWE-200
|
CWE-200
|
High
|
JBoss web service console
|
CWE-200
|
CWE-200
|
Low
|
Jenkins dashboard
|
CWE-200
|
CWE-200
|
Medium
|
Jenkins open people list
|
CWE-200
|
CWE-200
|
Low
|
Jenkins user enumeration
|
CWE-200
|
CWE-200
|
Low
|
Jenkins weak password
|
CWE-200
|
CWE-200
|
High
|
JetBrains .idea project directory
|
CWE-538
|
CWE-538
|
Medium
|
JetLeak vulnerability
|
CVE-2015-2080
CWE-200
|
CWE-200
|
High
|
Jetpack-WP Security, Backup, Speed, & Growth Information Disclosure (9.7.1)
|
CVE-2021-24374
CWE-200
|
CWE-200
|
High
|
Jetty ConcatServlet Information Disclosure (CVE-2021-28169)
|
CVE-2021-28169
CWE-200
|
CWE-200
|
Medium
|
Jetty Information Disclosure (CVE-2021-34429)
|
CVE-2021-34429
CWE-200
|
CWE-200
|
Medium
|
Jigoshop Information Disclosure (1.17.9)
|
CWE-200
|
CWE-200
|
High
|
Jira Unauthorized User Enumeration (CVE-2020-14181)
|
CVE-2020-14181
CWE-200
|
CWE-200
|
Medium
|
Jira Unauthorized User Enumeration via UserPickerBrowser
|
CWE-200
|
CWE-200
|
Low
|
JM Twitter Cards Information Disclosure (6.1)
|
CWE-200
|
CWE-200
|
High
|
Joe Editor DEADJOE file
|
CWE-538
|
CWE-538
|
Low
|
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.11)
|
CVE-2011-4911
CWE-200
|
CWE-200
|
High
|
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.12)
|
CWE-200
|
CWE-200
|
High
|
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.14)
|
CWE-200
|
CWE-200
|
High
|
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.15)
|
CVE-2010-1432
CWE-200
|
CWE-200
|
High
|
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.23)
|
CVE-2011-3629
CWE-200
|
CWE-200
|
High
|
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.25)
|
CVE-2012-1599
CWE-264
|
CWE-264
|
High
|
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.3)
|
CWE-200
|
CWE-200
|
High
|
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6)
|
CVE-2012-0821
CWE-200
|
CWE-200
|
High
|
Joomla! Core 1.7.0 Information Disclosure (1.7.0)
|
CWE-200
|
CWE-200
|
High
|
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1)
|
CVE-2011-4937
CWE-200
|
CWE-200
|
High
|
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3)
|
CVE-2012-0819
CWE-200
|
CWE-200
|
High
|
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4)
|
CVE-2012-0836
CWE-200
|
CWE-200
|
High
|
Joomla! Core 2.5.0 Information Disclosure (2.5.0)
|
CVE-2012-0835
CWE-200
|
CWE-200
|
High
|
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.3)
|
CVE-2012-1611
CWE-200
|
CWE-200
|
High
|
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.4)
|
CVE-2012-2748
CWE-200
|
CWE-200
|
High
|
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.8)
|
CVE-2013-1453
CWE-200
|
CWE-200
|
High
|
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.9)
|
CVE-2013-3057
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2)
|
CVE-2013-1455
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.3)
|
CVE-2013-3057
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.7.x Information Disclosure (3.7.0 - 3.7.5)
|
CVE-2017-14595
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.9.x Information Disclosure (3.9.0 - 3.9.22)
|
CVE-2020-35614
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.8.7)
|
CVE-2018-11325
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.9.19)
|
CVE-2020-15698
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.x.x Information Disclosure (3.1.0 - 3.8.7)
|
CVE-2018-11327
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.x.x Information Disclosure (3.4.0 - 3.6.5)
|
CVE-2017-8057
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.x.x Information Disclosure (3.6.0 - 3.9.12)
|
CVE-2019-18674
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.x.x Information Disclosure (3.7.0 - 3.8.1)
|
CVE-2017-16633
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.x.x Information Disclosure (3.8.0 - 3.9.13)
|
CVE-2019-19845
CWE-200
|
CWE-200
|
High
|
Joomla! Core 4.2.0 Information Disclosure (4.2.0)
|
CVE-2022-27911
CWE-200
|
CWE-200
|
High
|
Joomla! Core improper access check in webservice endpoints
|
CVE-2023-23752
CWE-200
|
CWE-200
|
Medium
|
Joomla! Core Information Disclosure (1.5.0 - 3.7.5)
|
CVE-2017-14596
CWE-200
|
CWE-200
|
High
|
Joomla! Core Information Disclosure (1.5.0 - 3.8.1)
|
CVE-2017-14596
CWE-200
|
CWE-200
|
High
|
Joomla! Core Information Disclosure (2.5.0 - 3.9.22)
|
CVE-2020-35611
CWE-200
|
CWE-200
|
High
|
Joomla Debug Console enabled
|
CWE-200
|
CWE-200
|
Medium
|
Joomla J!Dump extension enabled
|
CWE-200
|
CWE-200
|
Medium
|
JSONP enabled by default in MappingJackson2JsonView
|
CVE-2018-11040
CWE-538
|
CWE-538
|
Medium
|
JVM version leakage
|
CWE-200
|
CWE-200
|
Informational
|
Laravel log file publicly accessible
|
CWE-538
|
CWE-538
|
Medium
|
Laravel LogViewer open
|
CWE-200
|
CWE-200
|
Medium
|
Laravel Telescope open
|
CWE-200
|
CWE-200
|
Medium
|
Laravel Terminal open
|
CWE-200
|
CWE-200
|
High
|
Log Emails Information Disclosure (1.0.6)
|
CWE-200
|
CWE-200
|
High
|
MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure (2.8)
|
CWE-22
|
CWE-22
|
High
|
MAC PHOTO GALLERY Arbitrary File Download (3.0)
|
CWE-538
|
CWE-538
|
High
|
Macromedia Dreamweaver remote database scripts
|
CVE-2004-1893
CWE-200
|
CWE-200
|
High
|
Magento Cacheleak
|
CWE-200
|
CWE-200
|
High
|
Magento Config File Disclosure
|
CWE-200
|
CWE-200
|
Medium
|
Mailing List 'dl.php' Arbitrary File Download (1.4.1)
|
CWE-22
|
CWE-22
|
High
|
MantisBT multiple security issues
|
CVE-2014-9571
CVE-2014-9572
CVE-2014-9573
CVE-2014-9624
CVE-2015-1042
CWE-200
|
CWE-200
|
High
|
MapSVG Lite Arbitrary File Disclosure (4.2.3.1)
|
CWE-538
|
CWE-538
|
High
|
Mashshare-Social Media Icons SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure (2.3.0)
|
CWE-200
|
CWE-200
|
High
|
Media Library Assistant Information Disclosure (3.00)
|
CVE-2022-41618
CWE-200
|
CWE-200
|
High
|
MediaWiki multiple remote vulnerabilities
|
CVE-2012-4377
CVE-2012-4378
CWE-79
|
CWE-79
|
High
|
Membership Simplified Arbitrary File Download (1.58)
|
CVE-2017-1002008
CWE-538
|
CWE-538
|
High
|
Memphis Documents Library Arbitrary File Download (3.1.5)
|
CWE-538
|
CWE-538
|
High
|
Mercurial repository found
|
CWE-538
|
CWE-538
|
High
|
MetaSlider Information Disclosure (3.3.1)
|
CWE-200
|
CWE-200
|
High
|
Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Information Disclosure (2.1.3)
|
CVE-2022-1442
CWE-200
|
CWE-200
|
High
|
Microsoft Access Database File Detected
|
CWE-538
|
CWE-538
|
Medium
|
Microsoft Frontpage configuration information
|
CWE-200
|
CWE-200
|
Informational
|
Microsoft IIS5 NTLM and Basic authentication bypass
|
CVE-2007-2815
CWE-264
|
CWE-264
|
High
|
Microsoft IIS Server service.cnf file found
|
CWE-538
|
CWE-538
|
Low
|
Microsoft IIS tilde directory enumeration
|
CWE-20
|
CWE-20
|
High
|
Minify arbitrary file disclosure
|
CVE-2013-6619
CWE-538
|
CWE-538
|
High
|
MinIO Information Disclosure (CVE-2023-28432)
|
CVE-2023-28432
CWE-200
|
CWE-200
|
High
|
MiwoFTP-File & Folder Manager Arbitrary File Disclosure (1.0.4)
|
CWE-538
|
CWE-538
|
High
|
MiwoFTP-File & Folder Manager Arbitrary File Download (1.0.5)
|
CWE-538
|
CWE-538
|
High
|
MongoDB HTTP status interface
|
CWE-200
|
CWE-200
|
Medium
|
MP3-jPlayer Information Disclosure (2.3.2)
|
CVE-2015-1000008
CWE-200
|
CWE-200
|
High
|
MP3-jPlayer Local File Disclosure (2.3)
|
CWE-538
|
CWE-538
|
High
|
Multiple vulnerabilities in Ioncube loader-wizard.php
|
CWE-552
|
CWE-552
|
High
|
Multi Plugin Installer Arbitrary File Disclosure (1.1.0)
|
CWE-538
|
CWE-538
|
High
|
MySQL connection credentials
|
CWE-538
|
CWE-538
|
High
|
MySQL username disclosure
|
CWE-538
|
CWE-538
|
Low
|
NextGEN Gallery-WordPress Gallery Information Disclosure (1.9.11)
|
CVE-2013-0291
CWE-200
|
CWE-200
|
High
|
Nginx memory disclosure with specially crafted HTTP backend responses
|
CVE-2012-1180
CWE-399
|
CWE-399
|
High
|
nginx range filter integer overflow
|
CVE-2017-7529
CWE-200
|
CWE-200
|
Medium
|
Node.js Running in Development Mode
|
CWE-215
|
CWE-215
|
Medium
|
NodeBB Arbitrary JSON File Read (CVE-2021-43788)
|
CVE-2021-43788
CWE-22
|
CWE-22
|
Medium
|
npm log file publicly accessible (npm-debug.log)
|
CWE-200
|
CWE-200
|
Medium
|
Nuxt.js Running in Development Mode
|
CWE-200
|
CWE-200
|
Low
|
OData feed accessible anonymously
|
CWE-200
|
CWE-200
|
Low
|
Oracle applications logs publicy available
|
CWE-200
|
CWE-200
|
Medium
|
Oracle E-Business Suite Information Disclosure
|
CWE-200
|
CWE-200
|
High
|
Oracle E-Business Suite iStore open user registration
|
CWE-200
|
CWE-200
|
Medium
|
Oracle JavaServer Faces multiple vulnerabilities
|
CVE-2013-3827
CWE-22
|
CWE-22
|
High
|
Oracle Reports Services RWServlet environment variables disclosure
|
CWE-200
|
CWE-200
|
Low
|
Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)
|
CWE-200
|
CWE-200
|
High
|
Organizer Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (1.2.1)
|
CVE-2012-6511
CVE-2012-6512
CWE-79
CWE-200
|
CWE-79
CWE-200
|
High
|
Padding oracle attack
|
CWE-209
|
CWE-209
|
High
|
Page and Post Clone Information Disclosure (1.1)
|
CWE-200
|
CWE-200
|
High
|
Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2)
|
CVE-2008-5752
CWE-22
|
CWE-22
|
High
|
Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions 'memberslist-csv.php' Information Disclosure (1.4.9)
|
CWE-538
|
CWE-538
|
High
|
Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Information Disclosure (2.5.2)
|
CWE-200
|
CWE-200
|
High
|
Password found in server response
|
CWE-312
|
CWE-312
|
Medium
|
Payara Micro File Read (CVE-2021-41381)
|
CVE-2021-41381
CWE-22
|
CWE-22
|
Medium
|
PAYPAL CURRENCY CONVERTER BASIC FOR WOOCOMMERCE Arbitrary File Disclosure (1.3)
|
CWE-538
|
CWE-538
|
High
|
PHP-CGI remote code execution
|
CVE-2012-1823
CVE-2012-2311
CWE-20
|
CWE-20
|
High
|
PHP-CS-Fixer cache file publicly accessible (.php_cs.cache)
|
CWE-200
|
CWE-200
|
Medium
|
PHP-FPM Status Page
|
CWE-200
|
CWE-200
|
Medium
|
PHP Console addon enabled
|
CWE-200
|
CWE-200
|
Medium
|
PHP curl_exec() url is controlled by user
|
CVE-2009-0037
CWE-352
|
CWE-352
|
Medium
|
PHP Debug Bar enabled
|
CWE-200
|
CWE-200
|
Medium
|
PHP display_errors Is Enabled
|
CWE-209
|
CWE-209
|
Low
|
Phpfastcache phpinfo publicly accessible (CVE-2021-37704)
|
CVE-2021-37704
CWE-200
|
CWE-200
|
Medium
|
phpinfo() Output Detected
|
CWE-200
|
CWE-200
|
Medium
|
PHPinfo pages
|
CWE-200
|
CWE-200
|
Medium
|
PHP opcache-gui publicly accessible
|
CWE-200
|
CWE-200
|
Medium
|
PHP opcache-status page publicly accessible
|
CWE-200
|
CWE-200
|
Medium
|
PHP Safedir restriction bypass vulnerabilities
|
CWE-20
|
CWE-20
|
High
|
PHP upload arbitrary file disclosure vulnerability
|
CVE-2000-0860
CWE-538
|
CWE-538
|
Medium
|
PHP X Prober publicly accessible
|
CWE-200
|
CWE-200
|
Medium
|
PICA Photo Gallery 'imgname' Parameter Information Disclosure (1.0)
|
CWE-22
|
CWE-22
|
High
|
Pike Firewall Information Disclosure (1.4)
|
CWE-200
|
CWE-200
|
High
|
Plugin:Newsletter 'data' Parameter Information Disclosure (1.5)
|
CVE-2012-3588
CWE-22
|
CWE-22
|
High
|
Popup Maker-Popup for opt-ins, lead gen, & more Information Disclosure (1.8.11)
|
CVE-2019-17574
CWE-200
|
CWE-200
|
High
|
Possible database backup
|
CWE-538
|
CWE-538
|
High
|
Possible sensitive directories
|
CWE-200
|
CWE-200
|
Low
|
Possible sensitive files
|
CWE-200
|
CWE-200
|
Low
|
Possible SQL Statement in comment
|
CWE-200
|
CWE-200
|
Low
|
Possible username or password disclosure
|
CWE-200
|
CWE-200
|
Low
|
Possible virtual host found
|
CWE-200
|
CWE-200
|
Low
|
Product Input Fields for WooCommerce Arbitrary File Download (1.2.6)
|
CWE-538
|
CWE-538
|
High
|
Product Subtitle For WooCommerce Arbitrary File Disclosure (4.1)
|
CWE-538
|
CWE-538
|
High
|
Profile Builder-User Profile & User Registration Forms Information Disclosure (3.9.0)
|
CVE-2023-0814
CWE-200
|
CWE-200
|
High
|
Programming Error Messages
|
CWE-209
|
CWE-209
|
Low
|
Pyramid DebugToolbar enabled
|
CWE-200
|
CWE-200
|
Medium
|
qdPM Information Disclosure
|
CWE-260
|
CWE-260
|
High
|
Quick Buy For Woocommerce Arbitrary File Disclosure (2.0)
|
CWE-538
|
CWE-538
|
High
|
rack-mini-profiler environment variables disclosure
|
CWE-287
|
CWE-287
|
Medium
|
Rails controller possible sensitive information disclosure
|
CWE-200
|
CWE-200
|
Medium
|
RB Agency Local File Disclosure (2.4.7)
|
CWE-22
|
CWE-22
|
High
|
Reachable SharePoint interface
|
CWE-200
|
CWE-200
|
High
|
Recent Backups Arbitrary File Download (0.7)
|
CVE-2015-1000006
CWE-22
|
CWE-22
|
High
|
RoR Database Configuration File Detected
|
CWE-538
|
CWE-538
|
High
|
RSA Private Key Detected
|
CWE-200
|
CWE-200
|
High
|
Ruby on Rails Running in Development Mode
|
CWE-200
|
CWE-200
|
Medium
|
S3Bubble Cloud Video With Adverts & Analytics Arbitrary File Download (0.7)
|
CVE-2015-9464
CWE-22
|
CWE-22
|
High
|
Salon booking system Multiple Information Disclosure Vulnerabilities (7.6.2)
|
CVE-2022-0919
CVE-2022-0920
CWE-200
|
CWE-200
|
High
|
SAP ICF /sap/public/info sensitive information disclosure
|
CWE-200
|
CWE-200
|
Medium
|
SAP Management Console get user list
|
CWE-200
|
CWE-200
|
High
|
SAP Management Console list logfiles
|
CWE-200
|
CWE-200
|
High
|
SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability
|
CWE-200
|
CWE-200
|
Medium
|
SAP NetWeaver server info information disclosure
|
CWE-200
|
CWE-200
|
Medium
|
SAP NetWeaver server info information disclosure BCB
|
CWE-200
|
CWE-200
|
Medium
|
SAP weak/predictable user credentials
|
CWE-200
|
CWE-200
|
High
|
Save Contact Form 7 Information Disclosure (2.0)
|
CWE-200
|
CWE-200
|
High
|
Sell Downloads Arbitrary File Disclosure (1.0.1)
|
CVE-2014-9511
CWE-538
|
CWE-538
|
High
|
Sell Downloads Arbitrary File Disclosure (1.0.17)
|
CWE-22
|
CWE-22
|
High
|
Sensitive Data Exposure
|
CWE-200
|
CWE-200
|
Medium
|
Sensitive pages could be cached
|
CWE-200
|
CWE-200
|
Low
|
Server-based source code disclosures
|
CWE-538
|
CWE-538
|
Medium
|
Service Finder-Provider and Business Listing Local File Disclosure (3.0)
|
CWE-538
|
CWE-538
|
High
|
Session ID in URL
|
CWE-200
|
CWE-200
|
Low
|
Share Drafts Publicly Information Disclosure (1.1.4)
|
CWE-200
|
CWE-200
|
High
|
SharePoint exposed web services
|
CWE-200
|
CWE-200
|
Medium
|
SharePoint user enumeration
|
CWE-200
|
CWE-200
|
High
|
ShareYourCart Information Disclosure (1.6.1)
|
CVE-2012-4332
CWE-200
|
CWE-200
|
High
|
Shopping Cart & eCommerce Store Information Disclosure (2.0.5)
|
CVE-2014-4942
CWE-200
|
CWE-200
|
High
|
Simple Backup Arbitrary File Download (2.7.10)
|
CWE-538
|
CWE-538
|
High
|
Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)
|
CWE-22
|
CWE-22
|
High
|
Simple File Downloader Cross-Site Scripting (1.0.4)
|
CVE-2022-4764
CWE-79
|
CWE-79
|
High
|
Simple File List Arbitrary File Download (3.2.7)
|
CVE-2022-1119
CWE-538
|
CWE-538
|
High
|
Simple Gmail Login Stack Trace Information Disclosure (1.1.3)
|
CVE-2012-6313
CWE-200
|
CWE-200
|
High
|
Simple History Information Disclosure (1.0.7)
|
CWE-200
|
CWE-200
|
High
|
Simple History Information Disclosure (2.7.4)
|
CWE-200
|
CWE-200
|
High
|
Simple Image Manipulator Arbitrary File Download (1.0)
|
CVE-2015-1000010
CWE-538
|
CWE-538
|
High
|
Simply Static Arbitrary File Download (1.6.2)
|
CWE-22
|
CWE-22
|
High
|
SKU Shortlink For WooCommerce Arbitrary File Disclosure (1.3.4)
|
CWE-538
|
CWE-538
|
High
|
Slack-Chat Information Disclosure (1.5.5)
|
CVE-2019-14367
CWE-200
|
CWE-200
|
High
|
Slideshow Information Disclosure (2.2.21)
|
CVE-2015-3634
CWE-200
|
CWE-200
|
High
|
Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (2.1.12)
|
CWE-79
CWE-200
|
CWE-79
CWE-200
|
High
|
SL User Create Information Disclosure (0.2.4)
|
CWE-200
|
CWE-200
|
High
|
Snoop Servlet information disclosure
|
CWE-200
|
CWE-200
|
Low
|
Social Discussions Remote File Include and Information Disclosure Vulnerabilities (6.1.1)
|
CWE-94
CWE-200
|
CWE-94
CWE-200
|
High
|
Social Network Tabs Information Disclosure (1.7.1)
|
CVE-2018-20555
CWE-200
|
CWE-200
|
High
|
Social Security Number Disclosure
|
CWE-200
|
CWE-200
|
Medium
|
Source code disclosures
|
CWE-538
|
CWE-538
|
Medium
|
Spring Boot Actuator
|
CWE-489
|
CWE-489
|
Medium
|
Spring Boot Actuator v2
|
CWE-489
|
CWE-489
|
Medium
|
SQLite Database File Found
|
CWE-538
|
CWE-538
|
Medium
|
SS Downloads Cross-Site Request Forgery and Information Disclosure Vulnerabilities (1.4.3)
|
CWE-352
CWE-538
|
CWE-352
CWE-538
|
High
|
SSL Insecure Content Fixer Information Disclosure (2.0.0)
|
CWE-200
|
CWE-200
|
High
|
Stack Trace Disclosure (Apache MyFaces)
|
CWE-209
|
CWE-209
|
Low
|
Stack Trace Disclosure (ASP.NET)
|
CWE-209
|
CWE-209
|
Low
|
Stack Trace Disclosure (CakePHP)
|
CWE-209
|
CWE-209
|
Low
|
Stack Trace Disclosure (CherryPy)
|
CWE-209
|
CWE-209
|
Low
|
Stack Trace Disclosure (ColdFusion)
|
CWE-209
|
CWE-209
|
Medium
|
Stack Trace Disclosure (Grails)
|
CWE-209
|
CWE-209
|
Low
|
Stack Trace Disclosure (GWT)
|
CWE-209
|
CWE-209
|
Low
|
Stack Trace Disclosure (Java)
|
CWE-209
|
CWE-209
|
Medium
|
Stack Trace Disclosure (Laravel)
|
CWE-209
|
CWE-209
|
Medium
|
Stack Trace Disclosure (NodeJS)
|
CWE-209
|
CWE-209
|
Low
|
Stack Trace Disclosure (Python)
|
CWE-209
|
CWE-209
|
Medium
|
Stack Trace Disclosure (RoR)
|
CWE-209
|
CWE-209
|
Medium
|
Stack Trace Disclosure (Ruby-Sinatra Framework)
|
CWE-209
|
CWE-209
|
Low
|
Stack Trace Disclosure (Tomcat)
|
CWE-209
|
CWE-209
|
Low
|
Stop User Enumeration Cross-Site Scripting (1.3.7)
|
CWE-79
|
CWE-79
|
High
|
Stop User Enumeration Security Bypass (1.3.18)
|
CWE-264
|
CWE-264
|
High
|
Stop User Enumeration User Enumeration (1.2.4)
|
CWE-203
|
CWE-203
|
High
|
Stop User Enumeration User Enumeration (1.3.4)
|
CWE-203
|
CWE-203
|
High
|
Stop User Enumeration User Enumeration (1.3.8)
|
CWE-203
|
CWE-203
|
High
|
Struts 2 Config Browser plugin enabled
|
CWE-16
|
CWE-16
|
Medium
|
Struts2 Development Mode Enabled
|
CWE-16
|
CWE-16
|
High
|
Subscribe to Comments Unsubscribe Challenge Information Disclosure (2.0.2)
|
CWE-200
|
CWE-200
|
High
|
Super Refer A Friend Information Disclosure (1.0)
|
CWE-200
|
CWE-200
|
High
|
SVN Detected
|
CWE-538
|
CWE-538
|
High
|
Swim Team Arbitrary File Download (1.44.1077)
|
CVE-2015-5471
CWE-22
|
CWE-22
|
High
|
Symfony databases.yml configuration file
|
CWE-538
|
CWE-538
|
High
|
Symfony debug mode enabled
|
CWE-200
|
CWE-200
|
Low
|
Symfony debug mode enabled (AcuSensor)
|
CWE-16
|
CWE-16
|
Medium
|
Symfony Profiler open
|
CWE-200
|
CWE-200
|
Medium
|
Symfony running in dev mode
|
CWE-16
|
CWE-16
|
Medium
|
Symfony web debug toolbar
|
CWE-489
|
CWE-489
|
Medium
|
Test CGI script leaking environment variables
|
|
|
Medium
|
The Heartbleed Bug
|
CVE-2014-0160
CWE-200
|
CWE-200
|
High
|
Theme Editor Arbitrary File Download (2.5)
|
CVE-2021-24154
CWE-538
|
CWE-538
|
High
|
Thinkun Remind 'dirPath' Parameter Information Disclosure (1.1.3)
|
CWE-22
|
CWE-22
|
High
|
Tiki Wiki CMS: Arbitrary Code Execution
|
|
|
High
|
Tiki Wiki CMS: Arbitrary File Download
|
|
|
High
|
Tiki Wiki CMS: Remote Code Execution via Calendar Module
|
|
|
High
|
Timetable and Event Schedule by MotoPress Information Disclosure (2.3.19)
|
CVE-2021-24585
CWE-200
|
CWE-200
|
High
|
Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7)
|
CWE-22
|
CWE-22
|
High
|
Tomcat status page
|
CWE-200
|
CWE-200
|
Low
|
Tornado debug mode
|
CWE-489
|
CWE-489
|
Medium
|
Total Upkeep-WordPress Backup plus Restore & Migrate by BoldGrid Information Disclosure (1.14.9)
|
CWE-200
|
CWE-200
|
High
|
Trace.axd Detected
|
CWE-215
|
CWE-215
|
High
|
TRACE/TRACK Method Detected
|
CWE-489
|
CWE-489
|
Low
|
Tracy debugging tool enabled
|
CWE-200
|
CWE-200
|
Medium
|
TRADIES Information Disclosure (2.2.6)
|
CWE-200
|
CWE-200
|
High
|
Typo3 debug mode enabled
|
CWE-200
|
CWE-200
|
Low
|
Typo3 sensitive files
|
CWE-200
|
CWE-200
|
Low
|
Ubiquiti Unifi Log4Shell RCE
|
CVE-2021-44228
CWE-78
|
CWE-78
|
High
|
U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)
|
CWE-22
|
CWE-22
|
High
|
U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)
|
CWE-22
|
CWE-22
|
High
|
Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Information Disclosure (1.2.5)
|
CWE-200
|
CWE-200
|
High
|
Unencrypted __VIEWSTATE parameter
|
CWE-200
|
CWE-200
|
Medium
|
UnGallery Local File Disclosure (1.5.8)
|
CWE-22
|
CWE-22
|
High
|
Unprotected JSON file leaking secrets
|
CWE-200
|
CWE-200
|
Medium
|
Unprotected phpMyAdmin interface
|
CWE-205
|
CWE-205
|
High
|
Unrestricted access to a monitoring system
|
CWE-200
|
CWE-200
|
Low
|
Unrestricted access to Caddy API interface
|
CWE-200
|
CWE-200
|
High
|
Unrestricted access to NGINX+ API interface (read only)
|
CWE-200
|
CWE-200
|
Medium
|
Unrestricted access to NGINX+ API interface (read write)
|
CWE-200
|
CWE-200
|
High
|
Unrestricted access to NGINX+ Dashboard
|
CWE-200
|
CWE-200
|
Medium
|
Unrestricted access to NGINX+ Status module
|
CWE-200
|
CWE-200
|
Low
|
Unrestricted access to NGINX+ Upstream HTTP interface
|
CWE-200
|
CWE-200
|
Medium
|
Unrestricted access to Prometheus
|
CWE-200
|
CWE-200
|
Low
|
Unrestricted access to Prometheus Metrics
|
CWE-200
|
CWE-200
|
Low
|
Unyson Information Disclosure (2.7.18)
|
CWE-200
|
CWE-200
|
High
|
UpiCRM-Free WordPress CRM and Lead Management Information Disclosure (2.1.8.5)
|
CWE-538
|
CWE-538
|
High
|
User Meta Manager Information Disclosure (3.4.7)
|
CWE-200
|
CWE-200
|
High
|
User Profile Picture Information Disclosure (2.4.0)
|
CVE-2021-24170
CWE-200
|
CWE-200
|
High
|
vBulletin customer number disclosure
|
CVE-2013-6129
CWE-264
|
CWE-264
|
High
|
Version Disclosure (ASP.NET)
|
CWE-200
|
CWE-200
|
Low
|
Version Disclosure (ASP.NET MVC)
|
CWE-200
|
CWE-200
|
Low
|
Version Disclosure (IIS)
|
CWE-200
|
CWE-200
|
Informational
|
Version Disclosure (PHP)
|
|
|
Low
|
Video Conferencing with Zoom Information Disclosure (3.8.16)
|
CVE-2022-0384
CWE-200
|
CWE-200
|
High
|
Video Embed & Thumbnail Generator Information Disclosure (1.1)
|
CVE-2012-1786
CWE-200
|
CWE-200
|
High
|
Virtual host directory listing
|
CWE-538
|
CWE-538
|
Medium
|
Vitamin Multiple Arbitrary File Disclosure Vulnerabilities (1.0.0)
|
CVE-2012-6651
CWE-22
|
CWE-22
|
High
|
VMware Horizon Log4Shell RCE
|
CVE-2021-44228
CWE-78
|
CWE-78
|
High
|
VMware vCenter Log4Shell RCE
|
CVE-2021-44228
CWE-78
|
CWE-78
|
High
|
VMware vCenter vcavbootstrap Arbitrary File Read
|
|
|
High
|
W3 Total Cache Arbitrary File Disclosure (0.9.3)
|
CVE-2019-6715
CWE-538
|
CWE-538
|
High
|
W3 total cache debug mode
|
CWE-489
|
CWE-489
|
Medium
|
W3 Total Cache Information Disclosure (0.9.2.4)
|
CWE-200
|
CWE-200
|
High
|
Weak password
|
CWE-200
|
CWE-200
|
High
|
web.xml configuration file disclosure
|
CWE-538
|
CWE-538
|
High
|
webadmin.php script
|
CWE-552
|
CWE-552
|
High
|
Webalizer script
|
CWE-538
|
CWE-538
|
Medium
|
Web application default/weak credentials
|
CWE-200
|
CWE-200
|
High
|
WebDAV directory listing
|
CWE-538
|
CWE-538
|
Medium
|
WebLogic admin console weak credentials
|
CWE-693
|
CWE-693
|
High
|
Webmail weak password
|
CWE-200
|
CWE-200
|
High
|
WebPageTest Unauthorized Access Vulnerability
|
CWE-200
|
CWE-200
|
Medium
|
WebP Express Arbitrary File Disclosure (0.14.10)
|
CVE-2019-15330
CWE-538
|
CWE-538
|
High
|
Welcart e-Commerce Information Disclosure (2.2.7)
|
CWE-200
|
CWE-200
|
High
|
Wholesale Market Arbitrary File Download (2.2.0)
|
CVE-2022-4298
CWE-552
|
CWE-552
|
High
|
Wholesale Market for WooCommerce Arbitrary File Download (1.0.6)
|
CVE-2022-4106
CWE-552
|
CWE-552
|
High
|
Wholesale Market for WooCommerce Arbitrary File Download (1.0.7)
|
CVE-2022-4108
CWE-552
|
CWE-552
|
High
|
Whoops error handler component detected
|
CWE-200
|
CWE-200
|
Low
|
WooCommerce Arbitrary File Download (3.4.5)
|
CWE-538
|
CWE-538
|
High
|
WooCommerce Email Test Information Disclosure (1.5)
|
CWE-200
|
CWE-200
|
High
|
WooCommerce Information Disclosure (4.5.2)
|
CVE-2020-29156
CWE-200
|
CWE-200
|
High
|
WordPress Backup to Dropbox Information Disclosure (4.7.1)
|
CWE-200
|
CWE-200
|
High
|
WordPress database credentials disclosure
|
CWE-538
|
CWE-538
|
Medium
|
WordPress debug mode
|
CWE-200
|
CWE-200
|
High
|
WordPress full path disclosure
|
CWE-200
|
CWE-200
|
Low
|
WordPress Mobile Pack Information Disclosure (2.0.1)
|
CVE-2014-5337
CWE-264
|
CWE-264
|
High
|
WordPress Mobile Pack Information Disclosure (2.1.2)
|
CVE-2015-9269
CWE-200
|
CWE-200
|
High
|
WordPress pingback scanner
|
CVE-2013-0235
CWE-918
|
CWE-918
|
Medium
|
WordPress Pingback Source URI Denial of Service and Information Disclosure Vulnerabilities (0.6.2 - 2.1.3)
|
CVE-2007-0540
CWE-200
CWE-400
|
CWE-200
CWE-400
|
High
|
WordPress readme.html file
|
CWE-200
|
CWE-200
|
Informational
|
WordPress renaming tool by Vlajo Arbitrary File Download (1.0)
|
CVE-2015-4703
CWE-538
|
CWE-538
|
High
|
WordPress REST API User Enumeration
|
CWE-200
|
CWE-200
|
Low
|
WordPress Social Stream Information Disclosure (1.6)
|
CWE-522
|
CWE-522
|
High
|
WordPress username enumeration
|
CWE-200
|
CWE-200
|
Medium
|
WordPress W3 Total Cache plugin predictable cache filenames
|
CVE-2012-6077
CVE-2012-6078
CVE-2012-6079
CWE-200
|
CWE-200
|
High
|
WP-DBManager 'wp-config.php' Arbitrary File Download (2.60)
|
CWE-22
|
CWE-22
|
High
|
wp-FileManager Arbitrary File Disclosure (1.3.0)
|
CWE-22
|
CWE-22
|
High
|
Wp-ImageZoom 'file' Parameter Information Disclosure (1.0.3)
|
CWE-22
|
CWE-22
|
High
|
WP-Live Chat by 3CX Information Disclosure (8.0.28)
|
CWE-200
|
CWE-200
|
High
|
WP-Mon Arbitrary File Disclosure (0.5.1)
|
CWE-22
|
CWE-22
|
High
|
WP-Property-WordPress Powered Real Estate and Property Management Information Disclosure (1.38.3.2)
|
CWE-200
|
CWE-200
|
High
|
WP-RecentComments Information Disclosure (2.2.7)
|
CVE-2023-23886
CWE-200
|
CWE-200
|
High
|
WP Activity Log Information Disclosure (3.1.1)
|
CVE-2018-8719
CWE-200
|
CWE-200
|
High
|
WP Attachment Export Arbitrary File Download (0.2.3)
|
CWE-538
|
CWE-538
|
High
|
WP CSS 'wp-css-compress.php' Local File Disclosure (2.0.5)
|
CWE-22
|
CWE-22
|
High
|
WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1)
|
CVE-2011-1669
CWE-22
|
CWE-22
|
High
|
WP e-Commerce Shop Styling Arbitrary File Download (2.5)
|
CVE-2015-5468
CWE-22
|
CWE-22
|
High
|
WP Easy full backup Information Disclosure (1.4)
|
CWE-200
|
CWE-200
|
High
|
WPEngine _wpeprivate/config.json information disclosure
|
CWE-200
|
CWE-200
|
High
|
WP Hide & Security Enhancer Arbitrary File Download (1.3.9.2)
|
CWE-538
|
CWE-538
|
High
|
WP Import Export Information Disclosure (3.9.15)
|
CVE-2022-0236
CWE-200
|
CWE-200
|
High
|
WP Import Export Lite Information Disclosure (3.9.15)
|
CVE-2022-0236
CWE-200
|
CWE-200
|
High
|
WP Intercom-Slack for WordPress Information Disclosure (1.2.1)
|
CVE-2019-14365
CWE-200
|
CWE-200
|
High
|
WP Marketplace-Complete Shopping Cart/eCommerce Solution Arbitrary File Download (2.4.0)
|
CVE-2014-9013
CVE-2014-9014
CWE-22
|
CWE-22
|
High
|
WP Mobile Edition Arbitrary File Disclosure (2.2.7)
|
CWE-22
|
CWE-22
|
High
|
WP Online Store Local File Include and Multiple File Disclosure Vulnerabilities (1.3.1)
|
CWE-22
CWE-538
|
CWE-22
CWE-538
|
High
|
WP PHP widget Information Disclosure (1.0.2)
|
CVE-2013-0721
CWE-200
|
CWE-200
|
High
|
WP REST API (WP API) Information Disclosure (1.2)
|
CWE-200
|
CWE-200
|
High
|
WP SlackSync Information Disclosure (1.8.5)
|
CVE-2019-14366
CWE-200
|
CWE-200
|
High
|
wp superb Slideshow Information Disclosure (2.4)
|
CWE-200
|
CWE-200
|
High
|
wptf-image-gallery Arbitrary File Download (1.0.3)
|
CVE-2015-1000007
CWE-538
|
CWE-538
|
High
|
X-Forwarded-For HTTP header security bypass
|
CWE-287
|
CWE-287
|
High
|
XML entity injection
|
CWE-611
|
CWE-611
|
Critical
|
XML external entity injection
|
CWE-611
|
CWE-611
|
Critical
|
XML external entity injection (variant)
|
CWE-611
|
CWE-611
|
Critical
|
XML external entity injection and XML injection
|
CWE-611
|
CWE-611
|
Critical
|
XML External Entity Injection via external file
|
CWE-611
|
CWE-611
|
Critical
|
XML external entity injection via File Upload
|
CWE-611
|
CWE-611
|
Critical
|
YaySMTP-Simple WP SMTP Mail Information Disclosure (2.2)
|
CVE-2022-2369
CWE-862
|
CWE-862
|
High
|
Yii2 debug toolkit
|
CWE-200
|
CWE-200
|
Medium
|
Yii debug mode enabled
|
CWE-16
|
CWE-16
|
Medium
|
Yoast SEO Information Disclosure (3.2.4)
|
CWE-200
|
CWE-200
|
High
|
Zabbix Guest Access
|
CWE-200
|
CWE-200
|
Medium
|
Zend framework configuration file information disclosure
|
CWE-538
|
CWE-538
|
High
|
Zend Framework local file disclosure via XXE injection
|
CVE-2012-3363
CVE-2015-5161
CWE-611
|
CWE-611
|
High
|
Zip Attachments Arbitrary File Download (1.4)
|
CVE-2015-4694
CWE-538
|
CWE-538
|
High
|
[Possible] AWStats Detected
|
CWE-538
|
CWE-538
|
Medium
|
[Possible] Backup Folder
|
CWE-538
|
CWE-538
|
Medium
|
[Possible] Backup Source Code Detected
|
CWE-538
|
CWE-538
|
High
|
[Possible] Database Connection String Detected
|
CWE-200
|
CWE-200
|
Medium
|
[Possible] Internal IP Address Disclosure
|
CWE-200
|
CWE-200
|
Low
|
[Possible] Internal Path Disclosure (*nix)
|
CWE-200
|
CWE-200
|
Informational
|
[Possible] Internal Path Disclosure (Windows)
|
CWE-200
|
CWE-200
|
Informational
|
[Possible] Password Transmitted over Query String
|
CWE-200
|
CWE-200
|
Medium
|
[Possible] Sublime SFTP Config File Detected
|
CWE-200
|
CWE-200
|
High
|
[Possible] WS_FTP Log File Detected
|
CWE-538
|
CWE-538
|
Informational
|