Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Citrix Gateway Open Redirect And XSS Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Amazon S3 public bucket CWE-264 CWE-264 Medium Apache 2.x version older than 2.0.48 CVE-2003-0542 CVE-2003-0789 CWE-119 CWE-119 Medium Apache Axis2 information disclosure CWE-200 CWE-200 Medium Apache balancer-manager application publicly accessible CWE-200 CWE-200 Medium Apache httpOnly cookie disclosure CVE-2012-0053 CWE-264 CWE-264 Medium Apache perl-status enabled CWE-200 CWE-200 Medium Apache Server-Info Detected CWE-200 CWE-200 Medium Apache Server-Status Detected CWE-200 CWE-200 Medium Apache Tomcat examples directory vulnerabilities CWE-264 CWE-264 Medium Apache Tomcat sample files CWE-538 CWE-538 Medium Apache Tomcat version older than 4.1.37 CVE-2005-3164 CVE-2007-1355 CVE-2007-2449 CVE-2007-2450 CVE-2007-3382 CVE-2007-3383 CVE-2007-3385 CVE-2007-5333 CVE-2007-5461 CWE-79 CWE-79 Medium Apache Tomcat version older than 5.5.26 CVE-2007-5333 CVE-2007-5342 CVE-2007-5461 CVE-2007-6286 CWE-264 CWE-264 Medium Apache Tomcat version older than 6.0.11 CVE-2005-2090 CVE-2007-1355 CWE-79 CWE-79 Medium apc.php page found CWE-538 CWE-538 Medium Arbitrary file existence disclosure in Action Pack CVE-2014-7829 CWE-200 CWE-200 Medium ASP.NET application-level tracing enabled CWE-215 CWE-215 Medium ASP.NET Core Development Mode enabled CWE-200 CWE-200 Medium ASP.NET CustomErrors Is Disabled CWE-12 CWE-12 Medium ASP.NET diagnostic page CWE-200 CWE-200 Medium ASP.NET error message CWE-12 CWE-12 Medium ASP.NET viewstate encryption disabled CWE-16 CWE-16 Medium ASP.NET WCF service include exception details CWE-16 CWE-16 Medium Atlassian Confluence Access Restriction Bypass CVE-2017-9505 Medium Atlassian Confluence Stored Cross Site Scripting CVE-2016-6283 Medium Bitrix server test script publicly accessible CWE-200 CWE-200 Medium Chrome Logger information disclosure CWE-200 CWE-200 Medium Citrix ADC NetScaler Local File Inclusion (CVE-2020-8193) CVE-2020-8193 CWE-284 CWE-284 Medium Clockwork PHP dev tool enabled CWE-200 CWE-200 Medium CodeIgniter development mode enabled CWE-16 CWE-16 Medium ColdFusion Request Debugging information disclosure CWE-200 CWE-200 Medium ColdFusion Robust Exception enabled CWE-200 CWE-200 Medium Core dump checker PHP script CWE-200 CWE-200 Medium Credit card number disclosed CWE-200 CWE-200 Medium CVS Detected CWE-527 CWE-527 Medium Development configuration files CWE-538 CWE-538 Medium Directory listings CWE-538 CWE-538 Medium Django Debug Mode Enabled CWE-200 CWE-200 Medium Django Debug Toolbar CWE-200 CWE-200 Medium Drupal Views module information disclosure vulnerability CWE-200 CWE-200 Medium Express running in development mode CWE-200 CWE-200 Medium Frontpage authors.pwd available CWE-538 CWE-538 Medium Full public read access Azure blob storage CWE-264 CWE-264 Medium GIT Detected CWE-527 CWE-527 Medium Global.asa backup file found CWE-538 CWE-538 Medium Golang runtime profiling data CWE-200 CWE-200 Medium Go web application binary disclosure CWE-540 CWE-540 Medium Grails database console CWE-200 CWE-200 Medium GraphiQL Explorer/Playground Enabled CWE-200 CWE-200 Medium GraphQL Field Suggestions Enabled CWE-200 CWE-200 Medium GraphQL Introspection Query Enabled CWE-200 CWE-200 Medium GraphQL Unhandled Error Leakage CWE-209 CWE-209 Medium InfluxDB Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Insecure transition from HTTP to HTTPS in form post CWE-200 CWE-200 Medium JBoss status servlet information leak CVE-2010-1429 CWE-200 CWE-200 Medium Jenkins dashboard CWE-200 CWE-200 Medium JetBrains .idea project directory CWE-538 CWE-538 Medium Jetty ConcatServlet Information Disclosure (CVE-2021-28169) CVE-2021-28169 CWE-200 CWE-200 Medium Jetty Information Disclosure (CVE-2021-34429) CVE-2021-34429 CWE-200 CWE-200 Medium Jira Unauthorized User Enumeration (CVE-2020-14181) CVE-2020-14181 CWE-200 CWE-200 Medium Joomla! Core improper access check in webservice endpoints CVE-2023-23752 CWE-200 CWE-200 Medium Joomla Debug Console enabled CWE-200 CWE-200 Medium Joomla J!Dump extension enabled CWE-200 CWE-200 Medium JSONP enabled by default in MappingJackson2JsonView CVE-2018-11040 CWE-538 CWE-538 Medium Laravel log file publicly accessible CWE-538 CWE-538 Medium Laravel LogViewer open CWE-200 CWE-200 Medium Laravel Telescope open CWE-200 CWE-200 Medium Magento Config File Disclosure CWE-200 CWE-200 Medium Microsoft Access Database File Detected CWE-538 CWE-538 Medium MongoDB HTTP status interface CWE-200 CWE-200 Medium nginx range filter integer overflow CVE-2017-7529 CWE-200 CWE-200 Medium Node.js Running in Development Mode CWE-215 CWE-215 Medium NodeBB Arbitrary JSON File Read (CVE-2021-43788) CVE-2021-43788 CWE-22 CWE-22 Medium npm log file publicly accessible (npm-debug.log) CWE-200 CWE-200 Medium Oracle applications logs publicy available CWE-200 CWE-200 Medium Oracle E-Business Suite iStore open user registration CWE-200 CWE-200 Medium Password found in server response CWE-312 CWE-312 Medium Payara Micro File Read (CVE-2021-41381) CVE-2021-41381 CWE-22 CWE-22 Medium PHP-CS-Fixer cache file publicly accessible (.php_cs.cache) CWE-200 CWE-200 Medium PHP-FPM Status Page CWE-200 CWE-200 Medium PHP Console addon enabled CWE-200 CWE-200 Medium PHP curl_exec() url is controlled by user CVE-2009-0037 CWE-352 CWE-352 Medium PHP Debug Bar enabled CWE-200 CWE-200 Medium Phpfastcache phpinfo publicly accessible (CVE-2021-37704) CVE-2021-37704 CWE-200 CWE-200 Medium phpinfo() Output Detected CWE-200 CWE-200 Medium PHPinfo pages CWE-200 CWE-200 Medium PHP opcache-gui publicly accessible CWE-200 CWE-200 Medium PHP opcache-status page publicly accessible CWE-200 CWE-200 Medium PHP upload arbitrary file disclosure vulnerability CVE-2000-0860 CWE-538 CWE-538 Medium PHP X Prober publicly accessible CWE-200 CWE-200 Medium Pyramid DebugToolbar enabled CWE-200 CWE-200 Medium rack-mini-profiler environment variables disclosure CWE-287 CWE-287 Medium Rails controller possible sensitive information disclosure CWE-200 CWE-200 Medium Ruby on Rails Running in Development Mode CWE-200 CWE-200 Medium SAP ICF /sap/public/info sensitive information disclosure CWE-200 CWE-200 Medium SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability CWE-200 CWE-200 Medium SAP NetWeaver server info information disclosure CWE-200 CWE-200 Medium SAP NetWeaver server info information disclosure BCB CWE-200 CWE-200 Medium Sensitive Data Exposure CWE-200 CWE-200 Medium Server-based source code disclosures CWE-538 CWE-538 Medium SharePoint exposed web services CWE-200 CWE-200 Medium Social Security Number Disclosure CWE-200 CWE-200 Medium Source code disclosures CWE-538 CWE-538 Medium Spring Boot Actuator CWE-489 CWE-489 Medium Spring Boot Actuator v2 CWE-489 CWE-489 Medium SQLite Database File Found CWE-538 CWE-538 Medium Stack Trace Disclosure (ColdFusion) CWE-209 CWE-209 Medium Stack Trace Disclosure (Java) CWE-209 CWE-209 Medium Stack Trace Disclosure (Laravel) CWE-209 CWE-209 Medium Stack Trace Disclosure (Python) CWE-209 CWE-209 Medium Stack Trace Disclosure (RoR) CWE-209 CWE-209 Medium Struts 2 Config Browser plugin enabled CWE-16 CWE-16 Medium Symfony debug mode enabled (AcuSensor) CWE-16 CWE-16 Medium Symfony Profiler open CWE-200 CWE-200 Medium Symfony running in dev mode CWE-16 CWE-16 Medium Symfony web debug toolbar CWE-489 CWE-489 Medium Test CGI script leaking environment variables Medium Tornado debug mode CWE-489 CWE-489 Medium Tracy debugging tool enabled CWE-200 CWE-200 Medium Unencrypted __VIEWSTATE parameter CWE-200 CWE-200 Medium Unprotected JSON file leaking secrets CWE-200 CWE-200 Medium Unrestricted access to NGINX+ API interface (read only) CWE-200 CWE-200 Medium Unrestricted access to NGINX+ Dashboard CWE-200 CWE-200 Medium Unrestricted access to NGINX+ Upstream HTTP interface CWE-200 CWE-200 Medium Virtual host directory listing CWE-538 CWE-538 Medium W3 total cache debug mode CWE-489 CWE-489 Medium Webalizer script CWE-538 CWE-538 Medium WebDAV directory listing CWE-538 CWE-538 Medium WebPageTest Unauthorized Access Vulnerability CWE-200 CWE-200 Medium WordPress database credentials disclosure CWE-538 CWE-538 Medium WordPress pingback scanner CVE-2013-0235 CWE-918 CWE-918 Medium WordPress username enumeration CWE-200 CWE-200 Medium Yii2 debug toolkit CWE-200 CWE-200 Medium Yii debug mode enabled CWE-16 CWE-16 Medium Zabbix Guest Access CWE-200 CWE-200 Medium [Possible] AWStats Detected CWE-538 CWE-538 Medium [Possible] Backup Folder CWE-538 CWE-538 Medium [Possible] Database Connection String Detected CWE-200 CWE-200 Medium [Possible] Password Transmitted over Query String CWE-200 CWE-200 Medium
