Vulnerability Name |
CVE
CWE
|
CWE |
Severity |
.htaccess File Detected
|
CWE-443
|
CWE-443
|
Informational
|
Adminer 4.6.2 file disclosure vulnerability
|
CWE-22
|
CWE-22
|
High
|
Adobe ColdFusion directory traversal
|
CVE-2013-3336
CWE-22
|
CWE-22
|
High
|
Amazon S3 public bucket
|
CWE-264
|
CWE-264
|
Medium
|
Amazon S3 publicly writable bucket
|
CWE-264
|
CWE-264
|
High
|
Apache 2.x version older than 2.0.48
|
CVE-2003-0542
CVE-2003-0789
CWE-119
|
CWE-119
|
Medium
|
Apache Axis2 administration console weak password
|
CWE-200
|
CWE-200
|
High
|
Apache Axis2 information disclosure
|
CWE-200
|
CWE-200
|
Medium
|
Apache Axis2 web services enumeration
|
CWE-200
|
CWE-200
|
Low
|
Apache Axis2 xsd local file inclusion
|
CWE-22
|
CWE-22
|
High
|
Apache balancer-manager application publicly accessible
|
CWE-200
|
CWE-200
|
Medium
|
Apache httpOnly cookie disclosure
|
CVE-2012-0053
CWE-264
|
CWE-264
|
Medium
|
Apache mod_negotiation filename bruteforcing
|
CWE-538
|
CWE-538
|
Low
|
Apache OFBiz Log4Shell RCE
|
CVE-2021-44228
CWE-78
|
CWE-78
|
High
|
Apache perl-status enabled
|
CWE-200
|
CWE-200
|
Medium
|
Apache Server-Info Detected
|
CWE-200
|
CWE-200
|
Medium
|
Apache Server-Status Detected
|
CWE-200
|
CWE-200
|
Medium
|
Apache Solr endpoint
|
CWE-200
|
CWE-200
|
Low
|
Apache Solr Log4Shell RCE
|
CVE-2021-44228
CWE-78
|
CWE-78
|
High
|
Apache solr service exposed
|
CWE-200
|
CWE-200
|
High
|
Apache stronghold-info enabled
|
CWE-200
|
CWE-200
|
Low
|
Apache stronghold-status enabled
|
CWE-200
|
CWE-200
|
Low
|
Apache Tomcat examples directory vulnerabilities
|
CWE-264
|
CWE-264
|
Medium
|
Apache Tomcat Information Disclosure CVE-2017-7674
|
CVE-2017-12616
CWE-200
|
CWE-200
|
High
|
Apache Tomcat sample files
|
CWE-538
|
CWE-538
|
Medium
|
Apache Tomcat version older than 4.1.37
|
CVE-2005-3164
CVE-2007-1355
CVE-2007-2449
CVE-2007-2450
CVE-2007-3382
CVE-2007-3383
CVE-2007-3385
CVE-2007-5333
CVE-2007-5461
CWE-79
|
CWE-79
|
Medium
|
Apache Tomcat version older than 5.5.26
|
CVE-2007-5333
CVE-2007-5342
CVE-2007-5461
CVE-2007-6286
CWE-264
|
CWE-264
|
Medium
|
Apache Tomcat version older than 6.0.11
|
CVE-2005-2090
CVE-2007-1355
CWE-79
|
CWE-79
|
Medium
|
Apache Tomcat version older than 6.0.35
|
CVE-2011-3190
CVE-2011-3375
CVE-2012-0022
CWE-264
|
CWE-264
|
High
|
Apache Tomcat version older than 7.0.21
|
CVE-2011-3190
CWE-264
|
CWE-264
|
High
|
apc.php page found
|
CWE-538
|
CWE-538
|
Medium
|
API Sensitive Info(PII) accessible without authentication
|
CWE-284
|
CWE-284
|
High
|
Arbitrary file existence disclosure in Action Pack
|
CVE-2014-7829
CWE-200
|
CWE-200
|
Medium
|
Arbitrary File Read on Nuxt.js Development Server
|
CWE-200
|
CWE-200
|
Low
|
Arbitrary local file read via file upload
|
CWE-200
|
CWE-200
|
High
|
Argo CD Information Disclosure (CVE-2024-37152)
|
CVE-2024-37152
CWE-287
|
CWE-287
|
Medium
|
ASP.NET application-level tracing enabled
|
CWE-215
|
CWE-215
|
Medium
|
ASP.NET connection strings stored in plaintext
|
CWE-16
|
CWE-16
|
High
|
ASP.NET Core Development Mode enabled
|
CWE-200
|
CWE-200
|
Medium
|
ASP.NET CustomErrors Is Disabled
|
CWE-12
|
CWE-12
|
Medium
|
ASP.NET debugging enabled
|
CWE-11
|
CWE-11
|
Low
|
ASP.NET diagnostic page
|
CWE-200
|
CWE-200
|
Medium
|
ASP.NET error message
|
CWE-12
|
CWE-12
|
Medium
|
ASP.NET path disclosure
|
CWE-200
|
CWE-200
|
Low
|
ASP.NET viewstate encryption disabled
|
CWE-16
|
CWE-16
|
Medium
|
ASP.NET WCF service include exception details
|
CWE-16
|
CWE-16
|
Medium
|
Atlassian Confluence Access Restriction Bypass
|
CVE-2017-9505
|
|
Medium
|
Atlassian Confluence information disclosure
|
CVE-2017-7415
|
|
High
|
Atlassian Confluence Stored Cross Site Scripting
|
CVE-2016-6283
|
|
Medium
|
Atlassian Jira Manage Filters information disclosure
|
CWE-200
|
CWE-200
|
Low
|
Bazaar repository found
|
CWE-538
|
CWE-538
|
High
|
Bitrix server test script publicly accessible
|
CWE-200
|
CWE-200
|
Medium
|
Chrome Logger information disclosure
|
CWE-200
|
CWE-200
|
Medium
|
Citrix ADC NetScaler Local File Inclusion (CVE-2020-8193)
|
CVE-2020-8193
CWE-284
|
CWE-284
|
Medium
|
Citrix NetScaler Information Disclosure 'Citrix Bleed' (CVE-2023-4966)
|
CVE-2023-4966
CWE-119
|
CWE-119
|
Critical
|
Clockwork PHP dev tool enabled
|
CWE-200
|
CWE-200
|
Medium
|
Cloud metadata publicly exposed
|
CWE-918
|
CWE-918
|
High
|
CodeIgniter development mode enabled
|
CWE-16
|
CWE-16
|
Medium
|
ColdFusion path disclosures
|
CWE-200
|
CWE-200
|
Low
|
ColdFusion Request Debugging information disclosure
|
CWE-200
|
CWE-200
|
Medium
|
ColdFusion Robust Exception enabled
|
CWE-200
|
CWE-200
|
Medium
|
Composer installed.json publicly accessible
|
CWE-200
|
CWE-200
|
Low
|
Configuration file disclosure
|
CWE-538
|
CWE-538
|
High
|
Configuration file source code disclosure
|
CWE-538
|
CWE-538
|
High
|
Consul API publicly exposed
|
CWE-200
|
CWE-200
|
High
|
Core dump checker PHP script
|
CWE-200
|
CWE-200
|
Medium
|
Core dump file
|
CWE-200
|
CWE-200
|
High
|
Credit card number disclosed
|
CWE-200
|
CWE-200
|
Medium
|
CVS Detected
|
CWE-527
|
CWE-527
|
Medium
|
Delve Debugger Unauthorized Access Vulnerability
|
CWE-200
|
CWE-200
|
High
|
Development configuration files
|
CWE-538
|
CWE-538
|
Medium
|
Devise weak password
|
CWE-200
|
CWE-200
|
High
|
Directory listings
|
CWE-538
|
CWE-538
|
Medium
|
Django Debug Mode Enabled
|
CWE-200
|
CWE-200
|
Medium
|
Django Debug Toolbar
|
CWE-200
|
CWE-200
|
Medium
|
Documentation files
|
CWE-538
|
CWE-538
|
Low
|
Dolibarr Information Disclosure (CVE-2023-33568)
|
CVE-2023-33568
CWE-552
|
CWE-552
|
High
|
Dotenv .env file
|
CWE-538
|
CWE-538
|
High
|
Dragonfly Arbitrary File Read/Write (CVE-2021-33564)
|
CVE-2021-33564
CWE-20
|
CWE-20
|
High
|
Drupal 7 arbitrary PHP code execution and information disclosure
|
CVE-2012-4553
CVE-2012-4554
CWE-264
|
CWE-264
|
High
|
Drupal Backup Migrate directory publicly accessible
|
CWE-538
|
CWE-538
|
High
|
Drupal Core 5.x Information Disclosure (5.0 - 5.18)
|
CVE-2009-2374
CWE-200
|
CWE-200
|
High
|
Drupal Core 6.x Information Disclosure (6.0 - 6.30)
|
CVE-2014-2983
CWE-200
|
CWE-200
|
High
|
Drupal Core 7.x Information Disclosure (7.0 - 7.14)
|
CVE-2012-2922
CWE-200
|
CWE-200
|
High
|
Drupal Core 7.x Information Disclosure (7.0 - 7.26)
|
CVE-2014-2983
CWE-200
|
CWE-200
|
High
|
Drupal Core 8.8.x Information Disclosure (8.8.0 - 8.8.9)
|
CVE-2020-13670
CWE-200
|
CWE-200
|
High
|
Drupal Core 8.9.x Information Disclosure (8.9.0 - 8.9.5)
|
CVE-2020-13670
CWE-200
|
CWE-200
|
High
|
Drupal Core 8.x.x Information Disclosure (8.0.0 - 8.7.14)
|
CVE-2020-13670
CWE-200
|
CWE-200
|
High
|
Drupal Core 9.0.x Information Disclosure (9.0.0 - 9.0.5)
|
CVE-2020-13670
CWE-200
|
CWE-200
|
High
|
Drupal Views module information disclosure vulnerability
|
CWE-200
|
CWE-200
|
Medium
|
Ektron CMS unauthenticated code execution and Local File Read
|
CVE-2012-5357
CVE-2012-5358
CWE-20
|
CWE-20
|
High
|
Elasticsearch service accessible
|
CWE-200
|
CWE-200
|
High
|
Elmah.axd / Errorlog.axd Detected
|
CWE-209
|
CWE-209
|
High
|
Envoy Metadata disclosure
|
CWE-200
|
CWE-200
|
Low
|
Error messages
|
CWE-209
|
CWE-209
|
Low
|
Error page path disclosure
|
CWE-200
|
CWE-200
|
Low
|
Error page web server version disclosure
|
CWE-200
|
CWE-200
|
Informational
|
Express running in development mode
|
CWE-200
|
CWE-200
|
Medium
|
F5 BIG-IP Cookie Information Disclosure
|
CWE-200
|
CWE-200
|
Low
|
File Content Disclosure in Action View
|
CVE-2019-5418
CWE-200
|
CWE-200
|
High
|
Frontpage authors.pwd available
|
CWE-538
|
CWE-538
|
Medium
|
FrontPage Identified
|
CWE-16
|
CWE-16
|
Low
|
Full public read access Azure blob storage
|
CWE-264
|
CWE-264
|
Medium
|
Generic Email Address Disclosure
|
CWE-200
|
CWE-200
|
Informational
|
GIT Detected
|
CWE-527
|
CWE-527
|
Medium
|
Gitlab user disclosure
|
CWE-200
|
CWE-200
|
Low
|
GlassFish admin console weak credentials
|
CWE-693
|
CWE-693
|
High
|
Global.asa backup file found
|
CWE-538
|
CWE-538
|
Medium
|
GoCD information disclosure (CVE-2021-43287)
|
CVE-2021-43287
CWE-200
|
CWE-200
|
High
|
Golang runtime profiling data
|
CWE-200
|
CWE-200
|
Medium
|
Go web application binary disclosure
|
CWE-540
|
CWE-540
|
Medium
|
Grails database console
|
CWE-200
|
CWE-200
|
Medium
|
GraphiQL Explorer/Playground Enabled
|
CWE-200
|
CWE-200
|
Medium
|
GraphQL Field Suggestions Enabled
|
CWE-200
|
CWE-200
|
Medium
|
GraphQL Introspection Query Enabled
|
CWE-200
|
CWE-200
|
Medium
|
GraphQL Unhandled Error Leakage
|
CWE-209
|
CWE-209
|
Medium
|
Harbor Unauthorized Access Vulnerability
|
CVE-2022-46463
CWE-200
|
CWE-200
|
High
|
HTML Form found in redirect page
|
CWE-287
|
CWE-287
|
Low
|
IBM Web Content Manager XPath injection
|
CVE-2013-6735
CWE-264
|
CWE-264
|
High
|
IBM WebSphere/WebLogic application source file exposure
|
CWE-200
|
CWE-200
|
High
|
IBM WebSphere administration console weak password
|
CWE-200
|
CWE-200
|
High
|
IIS Path disclosure
|
CWE-200
|
CWE-200
|
Low
|
InfluxDB Unauthorized Access Vulnerability
|
CWE-200
|
CWE-200
|
Medium
|
Insecure transition from HTTPS to HTTP in form post
|
CWE-200
|
CWE-200
|
Low
|
Insecure transition from HTTP to HTTPS in form post
|
CWE-200
|
CWE-200
|
Medium
|
Internet Information Server returns IP address in HTTP header (Content-Location)
|
CWE-200
|
CWE-200
|
Low
|
Javascript Source map detected
|
CWE-16
|
CWE-16
|
Informational
|
JBoss BSHDeployer MBean
|
CWE-200
|
CWE-200
|
High
|
JBoss HttpAdaptor JMXInvokerServlet
|
CWE-94
|
CWE-94
|
High
|
JBoss JMX Console Unrestricted Access
|
CWE-200
|
CWE-200
|
High
|
JBoss JMX management console
|
CWE-200
|
CWE-200
|
High
|
JBoss Seam remoting vulnerabilities
|
CVE-2013-6447
CVE-2013-6448
CWE-611
|
CWE-611
|
High
|
JBoss ServerInfo MBean
|
CVE-2010-0738
CWE-200
|
CWE-200
|
High
|
JBoss Server MBean
|
CWE-200
|
CWE-200
|
High
|
JBoss status servlet information leak
|
CVE-2010-1429
CWE-200
|
CWE-200
|
Medium
|
JBoss Web Console JMX Invoker
|
CWE-200
|
CWE-200
|
High
|
JBoss web service console
|
CWE-200
|
CWE-200
|
Low
|
Jenkins dashboard
|
CWE-200
|
CWE-200
|
Medium
|
Jenkins open people list
|
CWE-200
|
CWE-200
|
Low
|
Jenkins user enumeration
|
CWE-200
|
CWE-200
|
Low
|
Jenkins weak password
|
CWE-200
|
CWE-200
|
High
|
JetBrains .idea project directory
|
CWE-538
|
CWE-538
|
Medium
|
JetLeak vulnerability
|
CVE-2015-2080
CWE-200
|
CWE-200
|
High
|
Jetty ConcatServlet Information Disclosure (CVE-2021-28169)
|
CVE-2021-28169
CWE-200
|
CWE-200
|
Medium
|
Jetty Information Disclosure (CVE-2021-34429)
|
CVE-2021-34429
CVE-2021-28164
CWE-200
|
CWE-200
|
Medium
|
Jira QueryComponent Information Disclosure (CVE-2020-14179)
|
CVE-2020-14179
CWE-288
|
CWE-288
|
Medium
|
Jira Unauthorized User Enumeration (CVE-2020-14181)
|
CVE-2020-14181
CWE-200
|
CWE-200
|
Medium
|
Jira Unauthorized User Enumeration via UserPickerBrowser
|
CWE-200
|
CWE-200
|
Low
|
Joe Editor DEADJOE file
|
CWE-538
|
CWE-538
|
Low
|
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.11)
|
CVE-2011-4911
CWE-200
|
CWE-200
|
High
|
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.12)
|
CWE-200
|
CWE-200
|
High
|
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.14)
|
CWE-200
|
CWE-200
|
High
|
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.15)
|
CVE-2010-1432
CWE-200
|
CWE-200
|
High
|
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.23)
|
CVE-2011-3629
CWE-200
|
CWE-200
|
High
|
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.25)
|
CVE-2012-1599
CWE-264
|
CWE-264
|
High
|
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.3)
|
CWE-200
|
CWE-200
|
High
|
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6)
|
CVE-2012-0821
CWE-200
|
CWE-200
|
High
|
Joomla! Core 1.7.0 Information Disclosure (1.7.0)
|
CWE-200
|
CWE-200
|
High
|
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1)
|
CVE-2011-4937
CWE-200
|
CWE-200
|
High
|
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3)
|
CVE-2012-0819
CWE-200
|
CWE-200
|
High
|
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4)
|
CVE-2012-0836
CWE-200
|
CWE-200
|
High
|
Joomla! Core 2.5.0 Information Disclosure (2.5.0)
|
CVE-2012-0835
CWE-200
|
CWE-200
|
High
|
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.3)
|
CVE-2012-1611
CWE-200
|
CWE-200
|
High
|
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.4)
|
CVE-2012-2748
CWE-200
|
CWE-200
|
High
|
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.8)
|
CVE-2013-1453
CWE-200
|
CWE-200
|
High
|
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.9)
|
CVE-2013-3057
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2)
|
CVE-2013-1455
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.3)
|
CVE-2013-3057
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.7.x Information Disclosure (3.7.0 - 3.7.5)
|
CVE-2017-14595
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.9.x Information Disclosure (3.9.0 - 3.9.22)
|
CVE-2020-35614
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.8.7)
|
CVE-2018-11325
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.9.19)
|
CVE-2020-15698
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.x.x Information Disclosure (3.1.0 - 3.8.7)
|
CVE-2018-11327
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.x.x Information Disclosure (3.4.0 - 3.6.5)
|
CVE-2017-8057
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.x.x Information Disclosure (3.6.0 - 3.9.12)
|
CVE-2019-18674
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.x.x Information Disclosure (3.7.0 - 3.8.1)
|
CVE-2017-16633
CWE-200
|
CWE-200
|
High
|
Joomla! Core 3.x.x Information Disclosure (3.8.0 - 3.9.13)
|
CVE-2019-19845
CWE-200
|
CWE-200
|
High
|
Joomla! Core 4.2.0 Information Disclosure (4.2.0)
|
CVE-2022-27911
CWE-200
|
CWE-200
|
High
|
Joomla! Core improper access check in webservice endpoints
|
CVE-2023-23752
CWE-200
|
CWE-200
|
Medium
|
Joomla! Core Information Disclosure (1.5.0 - 3.7.5)
|
CVE-2017-14596
CWE-200
|
CWE-200
|
High
|
Joomla! Core Information Disclosure (1.5.0 - 3.8.1)
|
CVE-2017-14596
CWE-200
|
CWE-200
|
High
|
Joomla! Core Information Disclosure (2.5.0 - 3.9.22)
|
CVE-2020-35611
CWE-200
|
CWE-200
|
High
|
Joomla Debug Console enabled
|
CWE-200
|
CWE-200
|
Medium
|
Joomla J!Dump extension enabled
|
CWE-200
|
CWE-200
|
Medium
|
JSONP enabled by default in MappingJackson2JsonView
|
CVE-2018-11040
CWE-538
|
CWE-538
|
Medium
|
JVM version leakage
|
CWE-200
|
CWE-200
|
Informational
|
KeyCloak Information Disclosure (CVE-2020-27838)
|
CVE-2020-27838
CWE-287
|
CWE-287
|
Medium
|
Laravel log file publicly accessible
|
CWE-538
|
CWE-538
|
Medium
|
Laravel LogViewer open
|
CWE-200
|
CWE-200
|
Medium
|
Laravel Telescope open
|
CWE-200
|
CWE-200
|
Medium
|
Laravel Terminal open
|
CWE-200
|
CWE-200
|
High
|
Lucee Stacktrace Information Disclosure
|
CWE-200
|
CWE-200
|
Medium
|
Macromedia Dreamweaver remote database scripts
|
CVE-2004-1893
CWE-200
|
CWE-200
|
High
|
Magento Cacheleak
|
CWE-200
|
CWE-200
|
High
|
Magento Config File Disclosure
|
CWE-200
|
CWE-200
|
Medium
|
MantisBT multiple security issues
|
CVE-2014-9571
CVE-2014-9572
CVE-2014-9573
CVE-2014-9624
CVE-2015-1042
CWE-200
|
CWE-200
|
High
|
MediaWiki multiple remote vulnerabilities
|
CVE-2012-4377
CVE-2012-4378
CWE-79
|
CWE-79
|
High
|
Mercurial repository found
|
CWE-538
|
CWE-538
|
High
|
Microsoft Access Database File Detected
|
CWE-538
|
CWE-538
|
Medium
|
Microsoft Frontpage configuration information
|
CWE-200
|
CWE-200
|
Informational
|
Microsoft IIS5 NTLM and Basic authentication bypass
|
CVE-2007-2815
CWE-264
|
CWE-264
|
High
|
Microsoft IIS Server service.cnf file found
|
CWE-538
|
CWE-538
|
Low
|
Microsoft IIS tilde directory enumeration
|
CWE-20
|
CWE-20
|
Low
|
Minify arbitrary file disclosure
|
CVE-2013-6619
CWE-538
|
CWE-538
|
High
|
MinIO Information Disclosure (CVE-2023-28432)
|
CVE-2023-28432
CWE-200
|
CWE-200
|
High
|
MongoDB HTTP status interface
|
CWE-200
|
CWE-200
|
Medium
|
Multiple vulnerabilities in Ioncube loader-wizard.php
|
CWE-552
|
CWE-552
|
High
|
MySQL connection credentials
|
CWE-538
|
CWE-538
|
High
|
MySQL username disclosure
|
CWE-538
|
CWE-538
|
Low
|
Nginx memory disclosure with specially crafted HTTP backend responses
|
CVE-2012-1180
CWE-399
|
CWE-399
|
High
|
nginx range filter integer overflow
|
CVE-2017-7529
CWE-200
|
CWE-200
|
Medium
|
Node.js Running in Development Mode
|
CWE-215
|
CWE-215
|
Medium
|
NodeBB Arbitrary JSON File Read (CVE-2021-43788)
|
CVE-2021-43788
CWE-22
|
CWE-22
|
Medium
|
npm log file publicly accessible (npm-debug.log)
|
CWE-200
|
CWE-200
|
Medium
|
Nuxt.js Running in Development Mode
|
CWE-200
|
CWE-200
|
Low
|
OData feed accessible anonymously
|
CWE-200
|
CWE-200
|
Low
|
Oracle applications logs publicy available
|
CWE-200
|
CWE-200
|
Medium
|
Oracle E-Business Suite Information Disclosure
|
CWE-200
|
CWE-200
|
High
|
Oracle E-Business Suite iStore open user registration
|
CVE-2022-21500
CWE-200
|
CWE-200
|
Medium
|
Oracle JavaServer Faces multiple vulnerabilities
|
CVE-2013-3827
CWE-22
|
CWE-22
|
High
|
Oracle Reports Services RWServlet environment variables disclosure
|
CWE-200
|
CWE-200
|
Low
|
OwnCloud phpinfo Information Disclosure (CVE-2023-49103)
|
CVE-2023-49103
CWE-200
|
CWE-200
|
Critical
|
Padding oracle attack
|
CWE-209
|
CWE-209
|
High
|
Password found in server response
|
CWE-312
|
CWE-312
|
Medium
|
Payara Micro File Read (CVE-2021-41381)
|
CVE-2021-41381
CWE-22
|
CWE-22
|
Medium
|
PHP-CGI remote code execution
|
CVE-2012-1823
CVE-2012-2311
CWE-20
|
CWE-20
|
High
|
PHP-CS-Fixer cache file publicly accessible (.php_cs.cache)
|
CWE-200
|
CWE-200
|
Medium
|
PHP-FPM Status Page
|
CWE-200
|
CWE-200
|
Medium
|
PHP Console addon enabled
|
CWE-200
|
CWE-200
|
Medium
|
PHP curl_exec() url is controlled by user
|
CVE-2009-0037
CWE-352
|
CWE-352
|
Medium
|
PHP Debug Bar enabled
|
CWE-200
|
CWE-200
|
Medium
|
PHP display_errors Is Enabled
|
CWE-209
|
CWE-209
|
Low
|
Phpfastcache phpinfo publicly accessible (CVE-2021-37704)
|
CVE-2021-37704
CWE-200
|
CWE-200
|
Medium
|
PHPinfo pages
|
CWE-200
|
CWE-200
|
Medium
|
PHP opcache-gui publicly accessible
|
CWE-200
|
CWE-200
|
Medium
|
PHP opcache-status page publicly accessible
|
CWE-200
|
CWE-200
|
Medium
|
PHP Safedir restriction bypass vulnerabilities
|
CWE-20
|
CWE-20
|
High
|
PHP upload arbitrary file disclosure vulnerability
|
CVE-2000-0860
CWE-538
|
CWE-538
|
Medium
|
PHP X Prober publicly accessible
|
CWE-200
|
CWE-200
|
Medium
|
Possible database backup
|
CWE-538
|
CWE-538
|
High
|
Possible sensitive directories
|
CWE-200
|
CWE-200
|
Low
|
Possible sensitive files
|
CWE-200
|
CWE-200
|
Low
|
Possible SQL Statement in comment
|
CWE-200
|
CWE-200
|
Low
|
Possible username or password disclosure
|
CWE-200
|
CWE-200
|
Low
|
Possible virtual host found
|
CWE-200
|
CWE-200
|
Low
|
Programming Error Messages
|
CWE-209
|
CWE-209
|
Low
|
Pyramid DebugToolbar enabled
|
CWE-200
|
CWE-200
|
Medium
|
qdPM Information Disclosure
|
CWE-260
|
CWE-260
|
High
|
rack-mini-profiler environment variables disclosure
|
CWE-287
|
CWE-287
|
Medium
|
Rails controller possible sensitive information disclosure
|
CWE-200
|
CWE-200
|
Medium
|
Reachable SharePoint interface
|
CWE-200
|
CWE-200
|
High
|
RoR Database Configuration File Detected
|
CWE-538
|
CWE-538
|
High
|
RSA Private Key Detected
|
CWE-200
|
CWE-200
|
High
|
Ruby on Rails Running in Development Mode
|
CWE-200
|
CWE-200
|
Medium
|
SAP ICF /sap/public/info sensitive information disclosure
|
CWE-200
|
CWE-200
|
Medium
|
SAP Management Console get user list
|
CWE-200
|
CWE-200
|
High
|
SAP Management Console list logfiles
|
CWE-200
|
CWE-200
|
High
|
SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability
|
CWE-200
|
CWE-200
|
Medium
|
SAP NetWeaver server info information disclosure
|
CWE-200
|
CWE-200
|
Medium
|
SAP NetWeaver server info information disclosure BCB
|
CWE-200
|
CWE-200
|
Medium
|
SAP weak/predictable user credentials
|
CWE-200
|
CWE-200
|
High
|
Sensitive Data Exposure
|
CWE-200
|
CWE-200
|
Medium
|
Sensitive pages could be cached
|
CWE-200
|
CWE-200
|
Low
|
Server-based source code disclosures
|
CWE-538
|
CWE-538
|
Medium
|
Session ID in URL
|
CWE-200
|
CWE-200
|
Low
|
SharePoint exposed web services
|
CWE-200
|
CWE-200
|
Medium
|
SharePoint user enumeration
|
CWE-200
|
CWE-200
|
High
|
Snoop Servlet information disclosure
|
CWE-200
|
CWE-200
|
Low
|
Social Security Number Disclosure
|
CWE-200
|
CWE-200
|
Medium
|
Source code disclosures
|
CWE-538
|
CWE-538
|
Medium
|
Spring Boot Actuator
|
CWE-489
|
CWE-489
|
Medium
|
Spring Boot Actuator v2
|
CWE-489
|
CWE-489
|
Medium
|
SQLite Database File Found
|
CWE-538
|
CWE-538
|
Medium
|
Stack Trace Disclosure (Apache MyFaces)
|
CWE-209
|
CWE-209
|
Low
|
Stack Trace Disclosure (ASP.NET)
|
CWE-209
|
CWE-209
|
Low
|
Stack Trace Disclosure (CakePHP)
|
CWE-209
|
CWE-209
|
Low
|
Stack Trace Disclosure (CherryPy)
|
CWE-209
|
CWE-209
|
Low
|
Stack Trace Disclosure (ColdFusion)
|
CWE-209
|
CWE-209
|
Medium
|
Stack Trace Disclosure (Grails)
|
CWE-209
|
CWE-209
|
Low
|
Stack Trace Disclosure (GWT)
|
CWE-209
|
CWE-209
|
Low
|
Stack Trace Disclosure (Java)
|
CWE-209
|
CWE-209
|
Medium
|
Stack Trace Disclosure (Laravel)
|
CWE-209
|
CWE-209
|
Medium
|
Stack Trace Disclosure (NodeJS)
|
CWE-209
|
CWE-209
|
Low
|
Stack Trace Disclosure (Python)
|
CWE-209
|
CWE-209
|
Medium
|
Stack Trace Disclosure (RoR)
|
CWE-209
|
CWE-209
|
Medium
|
Stack Trace Disclosure (Ruby-Sinatra Framework)
|
CWE-209
|
CWE-209
|
Low
|
Stack Trace Disclosure (Tomcat)
|
CWE-209
|
CWE-209
|
Low
|
Struts 2 Config Browser plugin enabled
|
CWE-16
|
CWE-16
|
Medium
|
Struts2 Development Mode Enabled
|
CWE-16
|
CWE-16
|
High
|
SVN Detected
|
CWE-538
|
CWE-538
|
High
|
Symfony databases.yml configuration file
|
CWE-538
|
CWE-538
|
High
|
Symfony debug mode enabled
|
CWE-200
|
CWE-200
|
Low
|
Symfony debug mode enabled (AcuSensor)
|
CWE-16
|
CWE-16
|
Medium
|
Symfony Profiler open
|
CWE-200
|
CWE-200
|
Medium
|
Symfony running in dev mode
|
CWE-16
|
CWE-16
|
Medium
|
Symfony web debug toolbar
|
CWE-489
|
CWE-489
|
Medium
|
Test CGI script leaking environment variables
|
|
|
Medium
|
TestRail Information Disclosure (CVE-2021-40875)
|
CVE-2021-40875
CWE-425
|
CWE-425
|
Medium
|
The Heartbleed Bug
|
CVE-2014-0160
CWE-200
|
CWE-200
|
High
|
Tiki Wiki CMS: Arbitrary Code Execution
|
|
|
High
|
Tiki Wiki CMS: Arbitrary File Download
|
|
|
High
|
Tiki Wiki CMS: Remote Code Execution via Calendar Module
|
|
|
High
|
Tomcat status page
|
CWE-200
|
CWE-200
|
Low
|
TorchServe Management API publicly exposed
|
CWE-200
|
CWE-200
|
High
|
Tornado debug mode
|
CWE-489
|
CWE-489
|
Medium
|
Trace.axd Detected
|
CWE-215
|
CWE-215
|
High
|
TRACE/TRACK Method Detected
|
CWE-489
|
CWE-489
|
Low
|
Tracy debugging tool enabled
|
CWE-200
|
CWE-200
|
Medium
|
Typo3 debug mode enabled
|
CWE-200
|
CWE-200
|
Low
|
Typo3 sensitive files
|
CWE-200
|
CWE-200
|
Low
|
Ubiquiti Unifi Log4Shell RCE
|
CVE-2021-44228
CWE-78
|
CWE-78
|
High
|
Unencrypted __VIEWSTATE parameter
|
CWE-200
|
CWE-200
|
Medium
|
Unprotected JSON file leaking secrets
|
CWE-200
|
CWE-200
|
Medium
|
Unprotected phpMyAdmin interface
|
CWE-205
|
CWE-205
|
High
|
Unrestricted access to a monitoring system
|
CWE-200
|
CWE-200
|
Low
|
Unrestricted access to Caddy API interface
|
CWE-200
|
CWE-200
|
High
|
Unrestricted access to NGINX+ API interface (read only)
|
CWE-200
|
CWE-200
|
Medium
|
Unrestricted access to NGINX+ API interface (read write)
|
CWE-200
|
CWE-200
|
High
|
Unrestricted access to NGINX+ Dashboard
|
CWE-200
|
CWE-200
|
Medium
|
Unrestricted access to NGINX+ Status module
|
CWE-200
|
CWE-200
|
Low
|
Unrestricted access to NGINX+ Upstream HTTP interface
|
CWE-200
|
CWE-200
|
Medium
|
Unrestricted access to Prometheus
|
CWE-200
|
CWE-200
|
Low
|
Unrestricted access to Prometheus Metrics
|
CWE-200
|
CWE-200
|
Low
|
vBulletin customer number disclosure
|
CVE-2013-6129
CWE-264
|
CWE-264
|
High
|
Version Disclosure (ASP.NET)
|
CWE-200
|
CWE-200
|
Low
|
Version Disclosure (ASP.NET MVC)
|
CWE-200
|
CWE-200
|
Low
|
Version Disclosure (IIS)
|
CWE-200
|
CWE-200
|
Informational
|
Version Disclosure (PHP)
|
|
|
Low
|
Virtual host directory listing
|
CWE-538
|
CWE-538
|
Medium
|
VMware Horizon Log4Shell RCE
|
CVE-2021-44228
CWE-78
|
CWE-78
|
High
|
VMware vCenter Log4Shell RCE
|
CVE-2021-44228
CWE-78
|
CWE-78
|
High
|
VMware vCenter vcavbootstrap Arbitrary File Read
|
|
|
High
|
W3 total cache debug mode
|
CWE-489
|
CWE-489
|
Medium
|
Weak password
|
CWE-200
|
CWE-200
|
High
|
web.xml configuration file disclosure
|
CWE-538
|
CWE-538
|
High
|
webadmin.php script
|
CWE-552
|
CWE-552
|
High
|
Webalizer script
|
CWE-538
|
CWE-538
|
Medium
|
Web application default/weak credentials
|
CWE-200
|
CWE-200
|
High
|
WebDAV directory listing
|
CWE-538
|
CWE-538
|
Medium
|
WebLogic admin console weak credentials
|
CWE-693
|
CWE-693
|
High
|
Webmail weak password
|
CWE-200
|
CWE-200
|
High
|
WebPageTest Unauthorized Access Vulnerability
|
CWE-200
|
CWE-200
|
Medium
|
Whoops error handler component detected
|
CWE-200
|
CWE-200
|
Low
|
WordPress database credentials disclosure
|
CWE-538
|
CWE-538
|
Medium
|
WordPress debug mode
|
CWE-200
|
CWE-200
|
High
|
WordPress full path disclosure
|
CWE-200
|
CWE-200
|
Low
|
WordPress pingback scanner
|
CVE-2013-0235
CWE-918
|
CWE-918
|
Medium
|
WordPress Pingback Source URI Denial of Service and Information Disclosure Vulnerabilities (0.6.2 - 2.1.3)
|
CVE-2007-0540
CWE-200
CWE-400
|
CWE-200
CWE-400
|
High
|
WordPress Plugin A2 Optimized WP Information Disclosure (2.0.10.8)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Academy LMS-eLearning and online course solution for WordPress Information Disclosure (1.9.25)
|
CVE-2024-35171
CWE-200
|
CWE-200
|
High
|
WordPress Plugin AccessAlly Information Disclosure (3.5.6)
|
CVE-2021-24226
CWE-200
|
CWE-200
|
High
|
WordPress Plugin ACF to REST API Information Disclosure (3.2.0)
|
CVE-2020-13700
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Activity Log Information Disclosure (2.2.12)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Acumbamail Information Disclosure (1.0.4)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.6.2)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Advanced Custom Fields (ACF) Information Disclosure (6.0.2)
|
CVE-2022-40696
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Advanced Custom Fields PRO Information Disclosure (6.0.2)
|
CVE-2022-40696
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Advanced File Manager Information Disclosure (5.2.4)
|
CVE-2024-5598
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Advanced Woo Search Information Disclosure (1.99)
|
CVE-2020-12070
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Advanced XML Reader XML External Entity Information Disclosure (0.3.4)
|
CWE-611
|
CWE-611
|
High
|
WordPress Plugin AI ChatBot Information Disclosure (4.8.9)
|
CVE-2023-5254
CWE-200
|
CWE-200
|
High
|
WordPress Plugin AlertWire Information Disclosure (1.1.1)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Information Disclosure (5.1.2)
|
CVE-2022-4346
CWE-200
|
CWE-200
|
High
|
WordPress Plugin All-in-One WP Migration Information Disclosure (7.0)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Information Disclosure (2.2.5.1)
|
CVE-2015-0902
CWE-200
|
CWE-200
|
High
|
WordPress Plugin ApplyOnline-Application Form Builder and Manager Arbitrary File Disclosure (1.9.92)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Aspose Cloud eBook Generator Arbitrary File Download (1.0)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Aspose DOC Exporter Arbitrary File Download (1.0)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Aspose Importer & Exporter Arbitrary File Download (2.0)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Aspose PDF Exporter Arbitrary File Download (1.0)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin BackupBuddy Arbitrary File Download (8.7.4.1)
|
CVE-2022-31474
CWE-22
|
CWE-22
|
High
|
WordPress Plugin BackupBuddy Information Disclosure (2.2.28)
|
CVE-2013-2743
CVE-2013-2744
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Backup Migration Arbitrary File Download (1.3.6)
|
CVE-2023-6266
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Backup Migration Information Disclosure (1.2.8)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Backup Migration Information Disclosure (1.3.5)
|
CVE-2023-6271
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Be POPIA Compliant Information Disclosure (1.1.5)
|
CVE-2022-1186
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Better WordPress Minify Arbitrary File Disclosure (1.2.2)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Breadcrumb NavXT Information Disclosure (6.1.0)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin BuddyPress Information Disclosure (5.1.1)
|
CVE-2020-5244
CWE-200
|
CWE-200
|
High
|
WordPress Plugin BulletProof Security Information Disclosure (5.1)
|
CVE-2021-39327
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Caldera Forms-More Than Contact Forms Arbitrary File Disclosure (1.8.1)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Caldera Forms-More Than Contact Forms Information Disclosure (1.3.5.2)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Candidate Application Form Arbitrary File Disclosure (1.6)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Candidate Application Form Arbitrary File Download (1.0)
|
CVE-2015-1000005
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Cart66 Pro Arbitrary File Disclosure (1.5.3)
|
CVE-2014-9461
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Cherry Services List Information Disclosure (1.4.1)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Cherry Team Members Information Disclosure (1.4.1)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Child Theme Configurator Arbitrary File Disclosure (1.7.4)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Clone Information Disclosure (2.4.2)
|
CVE-2023-6750
CWE-200
|
CWE-200
|
High
|
WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin CodeArt-Google MP3 Player Arbitrary File Disclosure (1.0.11)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Contact Form 7 Database Information Disclosure (1.3)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Contact Form Email Information Disclosure (1.2.66)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Correos Woocommerce Arbitrary File Download (1.3.0.0)
|
CVE-2023-0331
CWE-552
|
CWE-552
|
High
|
WordPress Plugin Count per Day Arbitrary File Download and Cross-Site Scripting Vulnerabilities (3.1)
|
CVE-2012-0896
CWE-22
CWE-79
|
CWE-22
CWE-79
|
High
|
WordPress Plugin Count per Day Information Disclosure (3.2.5)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin CP Image Store with Slideshow Arbitrary File Download (1.0.5)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Crayon Syntax Highlighter Local File Disclosure (2.6.10)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Credova_Financial Information Disclosure (1.4.8)
|
CVE-2021-39342
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Customize WordPress Emails and Alerts-Better Notifications for WP Information Disclosure (1.8.6)
|
CVE-2022-0345
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Debug Log Manager Information Disclosure (2.2.2)
|
CVE-2023-6383
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Direct Download for Woocommerce Arbitrary File Download (1.15)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Doneren met Mollie Information Disclosure (2.8.4)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Download Monitor Information Disclosure (1.6.3)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Download Shortcode Arbitrary File Disclosure (0.1)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Download Zip Attachments Arbitrary File Download (1.0.0)
|
CVE-2015-4704
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Duplicator-WordPress Migration Arbitrary File Download (1.3.26)
|
CVE-2020-11738
CWE-538
|
CWE-538
|
High
|
WordPress Plugin DZS Video Gallery Information Disclosure (3.1.3)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Easy Author Image Information Disclosure (1.5)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Information Disclosure (2.7.6)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Email Log Information Disclosure (1.9)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Email newsletter 'option' Parameter Information Disclosure (8.0)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce Information Disclosure (3.4.7)
|
CVE-2018-6015
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Eshop Magic Arbitrary File Disclosure (0.1)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Fast Velocity Minify Information Disclosure (2.7.6)
|
CVE-2019-19983
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Filedownload 'download.php' Local File Disclosure (0.1)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin File Manager Information Disclosure (6.4)
|
CVE-2020-24312
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Find My Blocks Information Disclosure (3.3.2)
|
CVE-2021-24677
CWE-200
|
CWE-200
|
High
|
WordPress Plugin FireStats Arbitrary File Download (1.6.5)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Font Awesome Information Disclosure (4.0.0-rc16)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Information Disclosure (2.0.07)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Forums 'url' Parameter Arbitrary File Disclosure (1.4.3)
|
CVE-2012-4920
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Fusion Engage Local File Disclosure (1.0.5)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Gallery-Flagallery Photo Portfolio Information Disclosure (4.24)
|
CVE-2014-8491
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Gallery-Flagallery Photo Portfolio SQL Injection and Information Disclosure Vulnerabilities (0.59)
|
CWE-22
CWE-89
|
CWE-22
CWE-89
|
High
|
WordPress Plugin Gallery by BestWebSoft Arbitrary File Disclosure (3.8.3)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Ghost Arbitrary File Download (0.5.5)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin GiveWP-Donation and Fundraising Platform Information Disclosure (2.20.2)
|
CVE-2022-2117
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1)
|
CWE-95
CWE-200
|
CWE-95
CWE-200
|
High
|
WordPress Plugin GlotPress Information Disclosure (2.2.1)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Gmail SMTP Arbitrary File Disclosure (1.1.0)
|
CVE-2017-5223
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Google Doc Embedder Arbitrary File Disclosure (2.4.6)
|
CVE-2012-4915
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Google Drive for WordPress Information Disclosure (2.2)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Gravity Forms Information Disclosure (2.4.8)
|
CVE-2020-13764
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Groundhogg-Marketing Automation & CRM for WordPress Arbitrary File Disclosure (2.0.9.4)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin HB AUDIO GALLERY LITE Arbitrary File Download (1.0.0)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Health Check & Troubleshooting Arbitrary File Disclosure (1.2.3)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Helpful Information Disclosure (4.5.25)
|
CVE-2022-2834
CWE-200
|
CWE-200
|
High
|
WordPress Plugin History Collection Arbitrary File Download (1.1.1)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin HTML5 MP3 Player with Playlist Free Information Disclosure (2.6)
|
CVE-2014-9177
CWE-200
|
CWE-200
|
High
|
WordPress Plugin IBS Mappro Arbitrary File Download (0.6)
|
CVE-2015-5472
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Image Export Arbitrary File Download (1.1.0)
|
CVE-2015-5609
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Import all XML, CSV & TXT into WordPress Arbitrary File Disclosure (3.7)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Import all XML, CSV & TXT into WordPress Information Disclosure (3.6.74)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin IP Blacklist Cloud Arbitrary File Disclosure (3.42)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Information Disclosure (9.7.1)
|
CVE-2021-24374
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Jigoshop Information Disclosure (1.17.9)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin JM Twitter Cards Information Disclosure (6.1)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin LearnDash LMS Multiple Information Disclosure Vulnerabilities (4.10.2)
|
CVE-2024-1208
CVE-2024-1209
CVE-2024-1210
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Log Emails Information Disclosure (1.0.6)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure (2.8)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin MAC PHOTO GALLERY Arbitrary File Download (3.0)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Mailing List 'dl.php' Arbitrary File Download (1.4.1)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin MapSVG Lite Arbitrary File Disclosure (4.2.3.1)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Mashshare-Social Media Icons SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure (2.3.0)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin MasterStudy LMS-for Online Courses and Education Information Disclosure (3.2.10)
|
CVE-2024-2106
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Media Library Assistant Information Disclosure (3.00)
|
CVE-2022-41618
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Membership Simplified Arbitrary File Download (1.58)
|
CVE-2017-1002008
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Memphis Documents Library Arbitrary File Download (3.1.5)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin MetaSlider Information Disclosure (3.3.1)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Information Disclosure (2.1.3)
|
CVE-2022-1442
CWE-200
|
CWE-200
|
High
|
WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Disclosure (1.0.4)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Download (1.0.5)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin MP3-jPlayer Information Disclosure (2.3.2)
|
CVE-2015-1000008
CWE-200
|
CWE-200
|
High
|
WordPress Plugin MP3-jPlayer Local File Disclosure (2.3)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Multi Plugin Installer Arbitrary File Disclosure (1.1.0)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin NextGEN Gallery-WordPress Gallery Information Disclosure (1.9.11)
|
CVE-2013-0291
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Organizer Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (1.2.1)
|
CVE-2012-6511
CVE-2012-6512
CWE-79
CWE-200
|
CWE-79
CWE-200
|
High
|
WordPress Plugin Page and Post Clone Information Disclosure (1.1)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2)
|
CVE-2008-5752
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions 'memberslist-csv.php' Information Disclosure (1.4.9)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Information Disclosure (2.5.2)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin PAYPAL CURRENCY CONVERTER BASIC FOR WOOCOMMERCE Arbitrary File Disclosure (1.3)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin PICA Photo Gallery 'imgname' Parameter Information Disclosure (1.0)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Pike Firewall Information Disclosure (1.4)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Plugin:Newsletter 'data' Parameter Information Disclosure (1.5)
|
CVE-2012-3588
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Information Disclosure (1.8.11)
|
CVE-2019-17574
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Product Input Fields for WooCommerce Arbitrary File Download (1.2.6)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Product Subtitle For WooCommerce Arbitrary File Disclosure (4.1)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Quick Buy For Woocommerce Arbitrary File Disclosure (2.0)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin RB Agency Local File Disclosure (2.4.7)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Recent Backups Arbitrary File Download (0.7)
|
CVE-2015-1000006
CWE-22
|
CWE-22
|
High
|
WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics Arbitrary File Download (0.7)
|
CVE-2015-9464
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Salon Booking System Multiple Information Disclosure Vulnerabilities (7.6.2)
|
CVE-2022-0919
CVE-2022-0920
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Save Contact Form 7 Information Disclosure (2.0)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.1)
|
CVE-2014-9511
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.17)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Service Finder-Provider and Business Listing Local File Disclosure (3.0)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Share Drafts Publicly Information Disclosure (1.1.4)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin ShareYourCart Information Disclosure (1.6.1)
|
CVE-2012-4332
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Shopping Cart & eCommerce Store Information Disclosure (2.0.5)
|
CVE-2014-4942
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Simple Backup Arbitrary File Download (2.7.10)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Simple File Downloader Cross-Site Scripting (1.0.4)
|
CVE-2022-4764
CWE-79
|
CWE-79
|
High
|
WordPress Plugin Simple File List Arbitrary File Download (3.2.7)
|
CVE-2022-1119
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3)
|
CVE-2012-6313
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Simple History Information Disclosure (1.0.7)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Simple History Information Disclosure (2.7.4)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Simple Image Manipulator Arbitrary File Download (1.0)
|
CVE-2015-1000010
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Simply Static Arbitrary File Download (1.6.2)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin SiteGuard WP Information Disclosure (1.7.6)
|
CVE-2024-37881
CWE-201
|
CWE-201
|
High
|
WordPress Plugin SKU Shortlink For WooCommerce Arbitrary File Disclosure (1.3.4)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Slack-Chat Information Disclosure (1.5.5)
|
CVE-2019-14367
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Slideshow Information Disclosure (2.2.21)
|
CVE-2015-3634
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (2.1.12)
|
CWE-79
CWE-200
|
CWE-79
CWE-200
|
High
|
WordPress Plugin SL User Create Information Disclosure (0.2.4)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Social Discussions Remote File Include and Information Disclosure Vulnerabilities (6.1.1)
|
CWE-94
CWE-200
|
CWE-94
CWE-200
|
High
|
WordPress Plugin Social Network Tabs Information Disclosure (1.7.1)
|
CVE-2018-20555
CWE-200
|
CWE-200
|
High
|
WordPress Plugin SS Downloads Cross-Site Request Forgery and Information Disclosure Vulnerabilities (1.4.3)
|
CWE-352
CWE-538
|
CWE-352
CWE-538
|
High
|
WordPress Plugin SSL Insecure Content Fixer Information Disclosure (2.0.0)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Stop User Enumeration Cross-Site Scripting (1.3.7)
|
CVE-2017-18536
CWE-79
|
CWE-79
|
High
|
WordPress Plugin Stop User Enumeration Security Bypass (1.3.18)
|
CWE-264
|
CWE-264
|
High
|
WordPress Plugin Stop User Enumeration User Enumeration (1.2.4)
|
CWE-203
|
CWE-203
|
High
|
WordPress Plugin Stop User Enumeration User Enumeration (1.3.4)
|
CWE-203
|
CWE-203
|
High
|
WordPress Plugin Stop User Enumeration User Enumeration (1.3.8)
|
CWE-203
|
CWE-203
|
High
|
WordPress Plugin Subscribe to Comments Unsubscribe Challenge Information Disclosure (2.0.2)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Super Refer A Friend Information Disclosure (1.0)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Swim Team Arbitrary File Download (1.44.1077)
|
CVE-2015-5471
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Theme Editor Arbitrary File Download (2.5)
|
CVE-2021-24154
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Thinkun Remind 'dirPath' Parameter Information Disclosure (1.1.3)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Timetable and Event Schedule by MotoPress Information Disclosure (2.3.19)
|
CVE-2021-24585
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Total Upkeep-WordPress Backup plus Restore & Migrate by BoldGrid Information Disclosure (1.14.9)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin TRADIES Information Disclosure (2.2.6)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Information Disclosure (1.2.5)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin UnGallery Local File Disclosure (1.5.8)
|
CWE-22
|
CWE-22
|
High
|
WordPress Plugin Unyson Information Disclosure (2.7.18)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin UpiCRM-Free WordPress CRM and Lead Management Information Disclosure (2.1.8.5)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin User Meta Manager Information Disclosure (3.4.7)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor Information Disclosure (3.9.0)
|
CVE-2023-0814
CWE-200
|
CWE-200
|
High
|
WordPress Plugin User Profile Picture Information Disclosure (2.4.0)
|
CVE-2021-24170
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Video Conferencing with Zoom Information Disclosure (3.8.16)
|
CVE-2022-0384
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Video Embed & Thumbnail Generator Information Disclosure (1.1)
|
CVE-2012-1786
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Vitamin Multiple Arbitrary File Disclosure Vulnerabilities (1.0.0)
|
CVE-2012-6651
CWE-22
|
CWE-22
|
High
|
WordPress Plugin W3 Total Cache Arbitrary File Disclosure (0.9.3)
|
CVE-2019-6715
CWE-538
|
CWE-538
|
High
|
WordPress Plugin W3 Total Cache Information Disclosure (0.9.2.4)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin WebP Express Arbitrary File Disclosure (0.14.10)
|
CVE-2019-15330
CWE-538
|
CWE-538
|
High
|
WordPress Plugin Welcart e-Commerce Information Disclosure (2.2.7)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin Wholesale Market Arbitrary File Download (2.2.0)
|
CVE-2022-4298
CWE-552
|
CWE-552
|
High
|
WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.6)
|
CVE-2022-4106
CWE-552
|
CWE-552
|
High
|
WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.7)
|
CVE-2022-4108
CWE-552
|
CWE-552
|
High
|
WordPress Plugin WooCommerce Arbitrary File Download (3.4.5)
|
CWE-538
|
CWE-538
|
High
|
WordPress Plugin WooCommerce Email Test Information Disclosure (1.5)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin WooCommerce Information Disclosure (4.5.2)
|
CVE-2020-29156
CWE-200
|
CWE-200
|
High
|
WordPress Plugin WordPress Backup to Dropbox Information Disclosure (4.7.1)
|
CWE-200
|
CWE-200
|
High
|
WordPress Plugin WordPress Mobile Pack Information Disclosure (2.0.1)
|
CVE-2014-5337
CWE-264
|
CWE-264
|
High
|
WordPress Plugin WordPress Mobile Pack Information Disclosure (2.1.2)
|
CVE-2015-9269
CWE-200
|
CWE-200
|
High
|
WordPress Plugin WordPress renaming tool by Vlajo Arbitrary File Download (1.0)
|
CVE-2015-4703
CWE-538
|
CWE-538
|
High
|
WordPress Plugin WordPress Social Stream Information Disclosure (1.6)
|