Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Citrix Gateway Open Redirect And XSS Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Apache 2.x version equal to 2.0.51 CVE-2004-0811 CWE-264 CWE-264 Medium Apache ActiveMQ default administrative credentials High Apache Airflow Exposed configuration CWE-200 CWE-200 Medium Apache Airflow Unauthorized Access Vulnerability CWE-200 CWE-200 High Apache APISIX default token (CVE-2020-13945/CVE-2022-24112) CVE-2020-13945 CWE-259 CWE-259 Medium Apache balancer-manager application publicly accessible CWE-200 CWE-200 Medium Apache Geronimo default administrative credentials CWE-693 CWE-693 High Apache Tomcat insecure default administrative password CWE-284 CWE-284 High ColdFusion administrator login page publicly available CWE-200 CWE-200 Low Database User Has Admin Privileges CWE-267 CWE-267 High Ektron CMS Account Hijack CWE-264 CWE-264 High Fortinet Authentication bypass on administrative interface CVE-2022-40684 CWE-288 CWE-288 High Jupyter Notebook publicly accessible CWE-78 CWE-78 High Kentico CMS RCE CVE-2017-17736 CWE-425 CWE-425 High OSGi Management Console Default Credentials CWE-521 CWE-521 High RethinkDB administrative interface publicly exposed CWE-200 CWE-200 High SAP NetWeaver RECON CVE-2020-6287 CWE-287 CWE-287 High Typo3 Admin publicly accessible CWE-200 CWE-200 Informational Typo3 Install Tool publicly accessible CWE-200 CWE-200 Medium Unauthorized Access to a web app installer CWE-200 CWE-200 Medium Unprotected Apache NiFi API interface CWE-287 CWE-287 Medium Unprotected Kong Gateway Admin API interface CWE-287 CWE-287 Medium Unprotected phpMyAdmin interface CWE-205 CWE-205 High Unrestricted access to Odoo DB manager CWE-200 CWE-200 High VirtueMart access control bypass CWE-287 CWE-287 High WordPress admin accessible without HTTP authentication CWE-16 CWE-16 Low
