Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Arbitrary File Read Arbitrary File Write Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Owasp Api Bfla Owasp Api Bola Owasp Api Broken Auth Owasp Api Broken Object Prop Auth Owasp Api Dos Owasp Api Improper Inventory Management Owasp Api Misconfiguration Owasp Api Ssrf Path Traversal Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Cookie signed with weak secret key CWE-693 CWE-693 Medium Express cookie-session weak secret key CWE-693 CWE-693 Medium Flask weak secret key CWE-693 CWE-693 Medium JWT Signature Bypass via kid Path Traversal CWE-287 CWE-287 High JWT Signature Bypass via kid SQL injection CWE-287 CWE-287 High JWT Signature Bypass via None Algorithm CWE-345 CWE-345 High JWT Signature Bypass via unvalidated jku parameter CWE-287 CWE-287 High JWT Signature Bypass via unvalidated jwk parameter CWE-287 CWE-287 High JWT Signature Bypass via unvalidated x5c parameter CWE-287 CWE-287 High JWT Signature Bypass via unvalidated x5u parameter CWE-287 CWE-287 High JWT Signature is not Verified CWE-287 CWE-287 High Mojolicious weak secret key CWE-693 CWE-693 Medium No SAML Respose signature check CWE-16 CWE-16 High Play framework weak secret key CWE-693 CWE-693 Medium Pyramid framework weak secret key CWE-693 CWE-693 Medium Retired hash function in SAML Response CWE-16 CWE-16 Informational Ruby framework weak secret key CWE-693 CWE-693 High SAML Response without signature CWE-16 CWE-16 High SAML Respose signature exclusion CWE-16 CWE-16 High Tornado weak secret key CWE-693 CWE-693 Medium Unvalidated JWT jku parameter CWE-287 CWE-287 High Weak Secret is Used to Sign JWT CWE-345 CWE-345 High Web2py weak secret key CWE-693 CWE-693 Medium Yii2 weak secret key CWE-693 CWE-693 Medium
