Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Arbitrary File Read Arbitrary File Write Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Owasp Api Bfla Owasp Api Bola Owasp Api Broken Auth Owasp Api Broken Object Prop Auth Owasp Api Dos Owasp Api Improper Inventory Management Owasp Api Misconfiguration Owasp Api Ssrf Path Traversal Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Access-Control-Allow-Origin header with wildcard (*) value CWE-284 CWE-284 Informational Content Security Policy (CSP) Not Implemented CWE-16 CWE-16 Informational GraphiQL Explorer/Playground Enabled CWE-200 CWE-200 Medium GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability CWE-770 CWE-770 Medium GraphQL Field Suggestions Enabled CWE-200 CWE-200 Medium GraphQL Introspection Query Enabled CWE-200 CWE-200 Medium GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Unhandled Error Leakage CWE-209 CWE-209 Medium HTTP Strict Transport Security (HSTS) Policy Not Enabled CWE-16 CWE-16 Medium Insecure Referrer Policy CWE-16 CWE-16 Informational JWT Signature Bypass via kid Path Traversal CWE-287 CWE-287 High JWT Signature Bypass via kid SQL injection CWE-287 CWE-287 High JWT Signature Bypass via unvalidated jku parameter CWE-287 CWE-287 High JWT Signature Bypass via unvalidated jwk parameter CWE-287 CWE-287 High JWT Signature Bypass via unvalidated x5c parameter CWE-287 CWE-287 High JWT Signature Bypass via unvalidated x5u parameter CWE-287 CWE-287 High Microservice Directory Traversal CWE-22 CWE-22 High Missing Content-Type Header CWE-16 CWE-16 Low No SAML Respose signature check CWE-16 CWE-16 High Permissions-Policy header not implemented CWE-1021 CWE-1021 Informational SAML Consumer Service XSS vulnerability CWE-80 CWE-80 High SAML Response without signature CWE-16 CWE-16 High SAML Respose signature exclusion CWE-16 CWE-16 High Sensitive Data Exposure CWE-200 CWE-200 Medium Sensitive pages could be cached CWE-200 CWE-200 Low Spring Boot Actuator CWE-489 CWE-489 Medium Spring Boot Actuator v2 CWE-489 CWE-489 Medium SSL/TLS Not Implemented CWE-319 CWE-319 Medium Struts 2 development mode CWE-489 CWE-489 High Unvalidated JWT jku parameter CWE-287 CWE-287 High Weak password CWE-200 CWE-200 High Web application default/weak credentials CWE-200 CWE-200 High X-Forwarded-For HTTP header security bypass CWE-287 CWE-287 High
