Vulnerability Name
.env File Disclosure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-186 CWE-215 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-05
Vulnerability Name
.htaccess File Disclosure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-186 CWE-94 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-05
Vulnerability Name
/WEB-INF Source Code Exposure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-186 CWE-541 Subpart C, HIPAA-164.312 ISO27001-A.14.1.3 WASC-34 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INPV-15
Vulnerability Name
403 Forbidden Bypass
Classification
OWASP 2017-A5 OWASP 2021-A1 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-115 CWE-285 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L WSTG-ATHN-04
Vulnerability Name
74cms Sql Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05
Vulnerability Name
ACME mini_httpd arbitrary file read
Classification
CVE-2018-18778 OWASP 2013-A7 OWASP 2017-A5 CAPEC-213 CWE-22 WASC-33
Vulnerability Name
AEM QueryBuilder Internal Path Read
Classification
Vulnerability Name
ASP Code Injection
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-12 CWE-94 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-11
Vulnerability Name
ASP.NET ViewState Exposure
Classification
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.13 OWASP PC-C4 CAPEC-99 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-03
Vulnerability Name
ASP.NET ViewState Integrity Check
Classification
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.14 OWASP PC-C4 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-03
Vulnerability Name
Administration page exposure
Classification
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 OWASP 2019-API7 PCI v3.2-6.5.8 OWASP PC-C7 CAPEC-87 CWE-425 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.9.4.1 WASC-34 WSTG-CONF-05
Vulnerability Name
Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
Classification
OWASP 2013-A7 OWASP 2017-A5 CVE-2010-2861 CWE-22
Vulnerability Name
Adobe Cross-Domain Read Misconfiguration
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.5 OWASP PC-C5 CAPEC-160 CWE-264 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.6.1 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-08
Vulnerability Name
Adobe Cross-Domain Send Misconfiguration
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.5 OWASP PC-C5 CAPEC-160 CWE-264 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.6.1 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-08
Vulnerability Name
Advanced SQL Injection Vulnerability
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHZ-04
Vulnerability Name
Aem Groovy console enabled
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API7 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Vulnerability Name
Agilecrm Takeover Detection
Classification
WSTG-CONF-10
Vulnerability Name
Alerta Authentication Bypass
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 CWE-287 WSTG-SESS-08
Vulnerability Name
AnchorCMS Error Log Exposure
Classification
CWE-200 CVE-2018-7251 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Name
Anima Takeover Detection
Classification
WSTG-CONF-10
Vulnerability Name
Ansible Configuration Exposure
Classification
OWASP 2017-A3 OWASP 2017-A6 CWE-200 CVE-2020-14329
Vulnerability Name
Apache .htaccess LIMIT misconfiguration
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-732 WASC-13 WSTG-CONF-02
Vulnerability Name
Apache ActiveMQ XSS
Classification
CWE-79 CVE-2018-8006 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Apache Airflow Configuration Exposure
Classification
OWASP 2017-A3 OWASP 2017-A6 CWE-200 CVE-2020-14329
Vulnerability Name
Apache Arbitrary File Upload
Classification
OWASP 2013-A5 OWASP 2017-A6 CAPEC-17 WASC-42 CVE-2017-15715 CWE-20
Vulnerability Name
Apache Commons Text Vulnerability (Text4shell)
Classification
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-120 CWE-117 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
Vulnerability Name
Apache CouchDB Remote Privilege Escalation
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08 CVE-2017-12635 CWE-269
Vulnerability Name
Apache Druid RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-434 WSTG-INPV-08
Vulnerability Name
Apache Flink Unauth RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-CONF-05
Vulnerability Name
Apache Flink Upload Path Traversal
Classification
CAPEC-252 CWE-22 ISO27001-A.14.2.5 WASC-33 WSTG-ATHZ-01
Vulnerability Name
Apache Kylin Unauth
Classification
CWE-922 CVE-2020-13937 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Name
Apache OFBiz RMI deserializes Arbitrary Code Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-502 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Vulnerability Name
Apache OFBiz Reflected XSS
Classification
CWE-79 CVE-2020-1943 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Apache OFBiz XML-RPC Java Deserialization
Classification
CWE-79,CWE-502 CVE-2020-9496 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Apache Range Header Denial of Service
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.6 OWASP PC-C10 CAPEC-137 CWE-400 Subpart C, HIPAA-164.308(a)(1)(ii)(A) ISO27001-A.14.2.5 WASC-10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Name
Apache S2-032 Struts RCE
Classification
CVE-2016-3081 CWE-77
Vulnerability Name
Apache Solr 8.3.0 - Remote Code Execution via Velocity Template
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-20 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Vulnerability Name
Apache Solr gater than 8.8.1 Arbitrary File Read
Classification
Vulnerability Name
Apache Solr less than or equal 8.8.1 SSRF
Classification
CWE-918 CVE-2021-27905 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Name
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-20 ISO27001-A.14.2.5 WASC-04 WSTG-INPV-08
Vulnerability Name
Apache Struts 2 S2 –008 RCE1
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-264 ISO27001-A.14.2.5 WSTG-INPV-08
Vulnerability Name
Apache Struts RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Vulnerability Name
Apache Struts2 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N WSTG-INPV-08
Vulnerability Name
Apache Struts2 S2-001 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-20 ISO27001-A.14.2.5 CVSS:2/AV:N/AC:L/Au:N/C:P/I:N/A:N WSTG-INPV-08
Vulnerability Name
Apache Struts2 S2-012 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 CVSS:3.0/AV:N/AC:M/Au:N/C:C/I:C/A:C WSTG-INPV-08
Vulnerability Name
Apache Struts2 S2-052 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-94 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Vulnerability Name
Apache Struts2 S2-053 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Vulnerability Name
Apache Struts2 S2-057 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-917 ISO27001-A.14.2.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Vulnerability Name
Apache Tomcat JK Status Manager Access
Classification
CWE-22 CVE-2018-11759 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Name
Apache Tomcat Open Redirect
Classification
CWE-601 CVE-2018-11784 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Vulnerability Name
Apache Tomcat Remote Code Execution (RCE)
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-434 WSTG-INPV-08
Vulnerability Name
Apache mod_perl Status Page Exposure
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-16 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C CAPEC-347 ISO27001-A.18.1.3 WASC-14
Vulnerability Name
Apache mod_proxy HTML Injection / Partial XSS
Classification
CWE-79 CVE-2019-10092 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Apache tika 1.15-1.17 header command injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 WSTG-INPV-11
Vulnerability Name
AppServ Open Project 2.5.10 and earlier XSS
Classification
CWE-79 CVE-2008-2398
Vulnerability Name
Application error disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API7 OWASP PC-C10 CWE-200 WSTG-ERRH-01
Vulnerability Name
Artica Web Proxy 4.30 Authentication Bypass
Classification
CVE-2020-17506 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-89 OWASP 2013-A2 OWASP 2017-A2
Vulnerability Name
Artifactory Access-Admin Login Bypass
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7
Vulnerability Name
Aryanic HighMail (High CMS) XSS
Classification
CWE-79 CVE-2020-23517 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Atlassian Confluence Status-List XSS
Classification
CVE-2018-5230
Vulnerability Name
Atlassian Confluence configuration files read
Classification
CWE-200 CVE-2015-8399 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Name
Atlassian Crowd & Crowd Data Center - Unauthenticated RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 CAPEC-242 CWE-22 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N WSTG-INPV-08
Vulnerability Name
Atlassian Jira WallboardServlet XSS
Classification
CWE-79 CVE-2018-20824 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Atlassian Jira template injection vulnerabilities
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 WSTG-CLNT-03
Vulnerability Name
Authentication Bypass and Stored Cross Site Scripting
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 PCI v3.2-6.5.7 OWASP PC-C4 CWE-79 WASC-08 WSTG-INPV-02
Vulnerability Name
Auto complete not disabled
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-200 WASC-15
Vulnerability Name
Backup File Exposure
Classification
OWASP 2017-A3 OWASP 2021-A5 PCI v4.0-2.3 OWASP PC-C7 CAPEC-186 CWE-530 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-34 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-06
Vulnerability Name
Base64 Encoded Data Exposure
Classification
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.16 OWASP PC-C8 CAPEC-170 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-05
Vulnerability Name
Base64 Encoded Data Leak in WebSocket
Classification
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-202 CWE-319 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-07
Vulnerability Name
Bash command injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C3 PCI v3.2- CAPEC-88 CWE-78 HIPAA-78 ISO27001-A.14.2.5 WSTG-INPV-12 WASC-31
Vulnerability Name
Bigcartel Takeover Detection
Classification
WSTG-CONF-10
Vulnerability Name
Blind OS Command Injection Using Timing Attacks
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C5 CAPEC-88 CWE-78 HIPAA-164.306(a) & HIPAA-64.308(a) ISO27001-A.14.2.5 WASC-31 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
Vulnerability Name
Blind Server-Side Template Injection
Classification
PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-120 CWE-74 Subpart C, HIPAA-164.312(e)(2)(ii) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INFO-06
Vulnerability Name
Boolean based blind SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Vulnerability Name
Browser exploit against SSL/TLS (BEAST attack)
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-326 HIPAA-164.306 ISO27001-A.14.1.3 WASC-4 WSTG-CRYP-01
Vulnerability Name
Brute force in IIS
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 CAPEC-151 CWE-151 WASC-12
Vulnerability Name
Buffer Overflow Vulnerability
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-100 CWE-120 Subpart C, HIPAA-164.306(a)(2) ISO27001-A.13.8.5 WASC-7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-09
Vulnerability Name
Buffer overflow vulnerability
Classification
OWASP 2013-A9 OWASP 2017-A9 CAPEC-100 CWE-120 WASC-7 WSTG-INPV-13
Vulnerability Name
Bullwark Momentum Series JAWS 1.0 - Directory Traversal
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C4 CAPEC-213 CWE-22 WSTG-ATHZ-01 WASC-13
Vulnerability Name
Bypassing Authentication on NETGEAR Routers
Classification
CWE-200 CVE-2017-5521 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Name
CMSimple 3.1 - Local File Inclusion
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33 CVE-2008-2650
Vulnerability Name
CRLF Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C4 CWE-113 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001 A.14.2.5 WASC-24 {"CVSS:3.0"=>"AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H"} WSTG-INPV-15
Vulnerability Name
CRLF Injection - Sercomm VD625
Classification
CVE-2021-27132 CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Name
CRLF injection vulnerability
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-94 CWE-113 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.8.5 WASC-25 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-CONF-05
Vulnerability Name
CSRF Token Missing
Classification
OWASP 2017-A5 OWASP 2021-A1 PCI v4.0-6.5.6 OWASP PC-C5 CAPEC-62 CWE-352 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N WSTG-SESS-05
Vulnerability Name
CVE-2017-7615
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 CWE-94 HIPAA-94 ISO27001-A.14.2.5 WASC-04 WSTG-INPV-08 CVE-2017-7615 CWE-640
Vulnerability Name
CVE-2017-9841
Classification
CVE-2017-9841 CWE-94
Vulnerability Name
Cacheable and Storable Content
Classification
OWASP_2013_A5 OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-3.6 OWASP PC-C8 CAPEC-186 CWE-524 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.8.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-ATHN-06
Vulnerability Name
Cached Data Retrieved
Classification
OWASP_2013_A6 OWASP 2017-A3 OWASP 2021-A2 PCI v4.0-3.7 OWASP PC-C8 CAPEC-170 CWE-524 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.8.4 WASC-10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-ATHN-06
Vulnerability Name
Campaignmonitor Takeover Detection
Classification
WSTG-CONF-10
Vulnerability Name
Captcha image detected
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 CWE-804 WSTG-ATHN-03
Vulnerability Name
Cargo Takeover Detection
Classification
WSTG-CONF-10
Vulnerability Name
Character Set Mismatch
Classification
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-105 CWE-436 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-15 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N WSTG-INFO-09
Vulnerability Name
Charset Manipulation Vulnerability
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.2 OWASP PC-C5 CAPEC-98 CWE-20 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L WSTG-INFO-01
Vulnerability Name
ChromeLogger Data Leak
Classification
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.15 OWASP PC-C9 CAPEC-118 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-05
Vulnerability Name
Cisco ASA path traversal vulnerability
Classification
CWE-22 CVE-2018-0296 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Name
Cisco IOS 12.2(55)SE11 Remote Code Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Vulnerability Name
Citrix ADC Directory Traversal
Classification
OWASP 2013-A7 OWASP 2017-A5 CAPEC-213 CWE-22 WASC-33 CVE-2019-19781
Vulnerability Name
Clickjacking attack
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-103 CWE-1021 WASC-15 WSTG-CLNT-09
Vulnerability Name
Clockwork PHP Page Exposure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200
Vulnerability Name
Cloud Metadata Disclosure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-186 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-09
Vulnerability Name
Cobub Razor 0.8.0 Physical path Leakage Vulnerability
Classification
CWE-200 CVE-2018-8770 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Name
Cockpit prior to 0.12.0 NoSQL injection in /auth/check
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CWE-89 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N WSTG-INPV-11
Vulnerability Name
Cockpit prior to 0.12.0 NoSQL injection in /auth/newpassword
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
Vulnerability Name
Cockpit prior to 0.12.0 NoSQL injection in /auth/resetpassword
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Vulnerability Name
Code Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 OWASP PC-C3 CAPEC-242 CWE-94 WASC-31 WSTG-INPV-11
Vulnerability Name
Common Administration Interfaces
Classification
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 OWASP PC-C7 CAPEC-1 WASC-15
Vulnerability Name
Common Backdoors
Classification
OWASP 2013-A5 OWASP 2017-A10 OWASP 2021-A9 PCI v3.2-6.5.6 CAPEC-443 CWE-507 HIPAA-164.308(a) ISO27001-A.12.2.1 WASC-15 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Name
Common gateway interface vulnerability
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-200 WASC-14
Vulnerability Name
Comodo Unified Threat Management Web Console 2.7.0 - RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N WSTG-INPV-08
Vulnerability Name
Content Security Policy (CSP) header cannot be parsed successfully
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 WASC-15 WSTG-CONF-12
Vulnerability Name
Content Security Policy (CSP) header not implemented
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.2.5 WASC-15 WSTG-CONF-12
Vulnerability Name
Content Security Policy (CSP) implemented with insecure scheme
Classification
CONTENT SECURITY POLICY OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.2.5 WASC-15 WSTG-CONF-12
Vulnerability Name
Content Security Policy (CSP) implemented with the insecure scheme in passive content only
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 WASC-15 WSTG-CONF-12
Vulnerability Name
Content Security Policy (CSP) implemented with unsafe-eval
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.2.5 WASC-15 WSTG-CONF-12
Vulnerability Name
Content Security Policy implemented with unsafe inline
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-79 ISO27001-A.14.2.5 WASC-15 WSTG-CONF-12
Vulnerability Name
Content Type Header Missing
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.1.2 WASC-15
Vulnerability Name
Cookie Poisoning
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C6 CAPEC-151 CWE-565 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N WSTG-INFO-05
Vulnerability Name
Cookie session without 'HttpOnly' flag
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-104 WASC-14 WSTG-SESS-02
Vulnerability Name
Cookie set without 'Secure' flag
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CAPEC-102 CWE-614 ISO27001-A.14.1.2 WASC-15 WSTG-SESS-02
Vulnerability Name
Cookie without 'Secure' flag but protect by HSTS
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-614 WASC-15 WSTG-CONF-07
Vulnerability Name
Coremail Config Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200
Vulnerability Name
Create an Administrative User in SAP NetWeaver AS JAVA
Classification
CVE-2020-6287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CWE-287 OWASP 2013-A2 OWASP 2017-A2 OWASP PC-C4
Vulnerability Name
Credit card number disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API3 PCI v3.2-6.5.3 OWASP PC-C7 CAPEC-118 CWE-213 ISO27001-A.18.1.4 WASC-13 WSTG-ATHN-06
Vulnerability Name
Cross Domain JavaScript Source File Inclusion
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-829 WASC-13
Vulnerability Name
Cross Origin Resource Sharing Implemented With Restricted Access
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-346 WASC-13 WSTG-CLNT-07
Vulnerability Name
Cross Origin Resource Sharing Not Implemented
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-346 WASC-13 WSTG-CLNT-07
Vulnerability Name
Cross Site Scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 ISO27001-A.14.2.5 WASC-08 WSTG-INPV-02
Vulnerability Name
Cross Site Scripting (Persistent)
Classification
OWASP 2017-A7 OWASP 2021-A3 OWASP PC-C5 CAPEC-63 CWE-79 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.1 WASC-8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N WSTG-INPV-02
Vulnerability Name
Cross Site Scripting in Oracle Secure Global Desktop Administration Console
Classification
OWASP 2013-A3 OWASP 2013-A7 PCI v3.2- OWASP PC-C4 CAPEC-19 CWE-79 HIPAA-79 ISO27001-A.14.2.5 WASC-8 WSTG-CLNT-01
Vulnerability Name
Cross origin Resource Sharing Implemented With Public Access
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-346 WASC-13 WSTG-CLNT-07
Vulnerability Name
Cross-Domain Security Misconfiguration
Classification
OWASP 2017-A5 OWASP 2021-A1 PCI v4.0-6.5.5 OWASP PC-C5 CAPEC-160 CWE-264 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.6.1 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-03
Vulnerability Name
Cross-Origin Resource Sharing XML cannot be parsed
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-94 WASC-14 WSTG-CLNT-07
Vulnerability Name
Cross-Origin Resource Sharing implemented with universal access
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-942 WASC-14 WSTG-CLNT-07
Vulnerability Name
Cross-Origin-Opener-Policy Misconfiguration
Classification
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.4 OWASP PC-C10 CAPEC-222 CWE-693 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-14 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L WSTG-INFO-09
Vulnerability Name
Cross-site request forgery attack
Classification
OWASP 2013-A8 OWASP 2017-A5 OWASP 2021-A1 PCI v3.2-6.5.9 CAPEC-62 CWE-352 HIPAA-164.306(a) ISO27001-A.14.2.5 WASC-09 WSTG-SESS-05
Vulnerability Name
Cross-site tracing (XST) vulnerability
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 CAPEC-107 CWE-200 WASC-14 WSTG-CONF-06
Vulnerability Name
D-Link arbitrary file upload
Classification
OWASP 2013-A6 OWASP 2017-A6 OWASP PC-C8 CAPEC-37 CWE-200 WASC-13 WSTG-CRYP-03
Vulnerability Name
DLINK DSL 2888a RCE
Classification
CWE-287 CVE-2020-24579 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Name
DOM-Based XSS Vulnerability
Classification
OWASP 2017-A7 OWASP 2021-A3 PCI v4.0-6.5.12 OWASP PC-C5 CAPEC-114 CWE-79 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.1 WASC-8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-CLNT-01
Vulnerability Name
Database can be read without authentication
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 OWASP PC-C3 CWE-306 WASC-01
Vulnerability Name
DedeCMS 5.7 path disclosure
Classification
CWE-200 CVE-2018-6910 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Name
Default Credentials of WMT Server
Classification
CVE-2020-35338 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-798 OWASP 2013-A2 OWASP 2017-A2
Vulnerability Name
Dell iDRAC7 and iDRAC8 Devices Code Injection/RCE
Classification
CWE ID-74 OWASP 2013-A1 OWASP 2017-A1 CVE-2016-5685 CVSS Score 9.0
Vulnerability Name
Deltek Maconomy 2.2.5 LFI
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33 WSTG-INPV-11 CVE-2019-12314
Vulnerability Name
Deprecated ASP.NET Version
Classification
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-2.2.1 OWASP PC-C10 CAPEC-310 CWE-642 Subpart C, HIPAA-164.312(a)(2) ISO27001-A.12.6.1 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-06
Vulnerability Name
Detect Springboot Env Actuator
Classification
Vulnerability Name
Directory Indexing
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A5 PCI v4.0-6.5.1 OWASP PC-C4 CAPEC-104 CWE-538 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.11.2.1 WASC-7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CRYP-03
Vulnerability Name
Directory traversal attacks
Classification
CAPEC-213 CWE-22 WASC-33 WSTG-ATHZ-01
Vulnerability Name
Directory traversal in Cisco ASA & Cisco Firepower
Classification
CWE-20 CVE-2020-3452 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Name
Directory traversal vulnerability in SAP NetWeaver Application Server Java 7.5
Classification
CVE-2017-12637 CWE-22
Vulnerability Name
Django Debug Method Enabled
Classification
Vulnerability Name
Dl PHP cgi.force_redirect disabled
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-305 WASC-13 WSTG-INPV-08
Vulnerability Name
Dockerrun AWS configuration exposure
Classification
OWASP 2017-A3 OWASP 2017-A6 CWE-200 CVE-2020-14329
Vulnerability Name
Document Object Model Based Cross Site Scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-08 WSTG-CLNT-01
Vulnerability Name
Document Object Model Cross Site Scripting on WordPress
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-08 WSTG-CLNT-01
Vulnerability Name
Does not redirect to a HTTPS site from HTTP port
Classification
OWASP 2013-A10 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-818 WSTG-CLNT-04
Vulnerability Name
DrayTek pre-auth RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Vulnerability Name
Druid Monitor Unauthorized Access
Classification
Vulnerability Name
Drupal 8 core RESTful Web Services RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H WSTG-INPV-08
Vulnerability Name
Drupal Drupalgeddon 2 RCE
Classification
CVE-2018-7600 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Vulnerability Name
DuomiCMS SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C3 CAPEC-66 WASC-19 WSTG-INPV-05 CVE-2018-18084 CWE-89
Vulnerability Name
EEA Information Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200
Vulnerability Name
EL Injection (Expression Language Injection)
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-102 CWE-917 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-11
Vulnerability Name
ELMAH Log Disclosure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-186 CWE-94 Subpart C, HIPAA-164.306(a)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CONF-05
Vulnerability Name
EMerge E3 1.00-06 - Remote Code Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-798 WSTG-INPV-08
Vulnerability Name
EYou E-Mail system RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Vulnerability Name
Eclipse Jetty Remote Leakage
Classification
CWE-200 CVE-2015-2080 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Name
ElasticSearch 1.4.0/1.4.2 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE 284 WSTG-INPV-08
Vulnerability Name
ElasticSearch v1.1.1/1.2 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-78 ISO27001-A.14.2.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N WSTG-INPV-08
Vulnerability Name
Elasticsearch Head plugin LFI
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33 WSTG-INPV-11
Vulnerability Name
Email Addresses in ViewState
Classification
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-6.5.14 OWASP PC-C8 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-03
Vulnerability Name
Email Disclosure via WebSocket
Classification
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-202 CWE-200 Subpart C, HIPAA-164.312(c)(1) WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-07
Vulnerability Name
Email address disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API3 OWASP PC-C7 CAPEC-118 CWE-200 ISO27001-A.9.4.1 WASC-13 WSTG-IDNT-04
Vulnerability Name
Emby server SSRF
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.1 CWE-918 ISO27001-A.14.2.5 WASC-20 WSTG-INPV-19
Vulnerability Name
Error based SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Vulnerability Name
Etouch v2 SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05
Vulnerability Name
Eval injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CWE-95 WASC-20 WSTG-INPV-12
Vulnerability Name
Excessive Redirects Causing Sensitive Data Leakage
Classification
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.7 OWASP PC-C9 CAPEC-170 CWE-201 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.9.1.2 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-05
Vulnerability Name
Exchange Server SSRF Vulnerability
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A10 ISO27001-A.14.2.5 CVSS:3.0 9.1 / 8.4 WSTG-INPV-19
Vulnerability Name
Exposed SVN directory
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-527 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CAPEC-118 ISO 27001-A.9.4.1 WASC-13
Vulnerability Name
Exposed pprof
Classification
CVE-2019-11248 CWE-862 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Vulnerability Name
External redirection
Classification
OWASP 2013-A10 OWASP 2017-A1 OWASP 2021-A3 CWE-601 WASC-38 WSTG-CLNT-04
Vulnerability Name
F5 BIG-IP iControl REST unauthenticated RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Vulnerability Name
Feifeicms Local File Read
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33
Vulnerability Name
File Content Disclosure on Rails
Classification
CVE-2019-5418 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Name
File handling vulnerability
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP PC-C10 CAPEC-165 CWE-1219 WSTG-CONF-03
Vulnerability Name
Fingerprinting Web Application Framework using HTTP headers
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CAPEC-170 CWE-16
Vulnerability Name
Fingerprinting Web Server
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C7 CAPEC-224 CWE-200 ISO27001-A.18.1.3 WASC-45 WSTG-INFO-02
Vulnerability Name
Format String Vulnerability
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-97 CWE-134 Subpart C, HIPAA-164.312(d) ISO27001-A.13.8.5 WASC-6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INFO-09
Vulnerability Name
FortiLogger Unauthenticated Arbitrary File Upload
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-434 WSTG-CONF-03
Vulnerability Name
FortiWeb Unauthenticated XSSFortiWeb Unauthenticated XSS
Classification
CVE-2021-22122 CWE-79
Vulnerability Name
Fortinet FortiOS Cross-Site Scripting
Classification
CWE-79 CVE-2018-13380 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
FuelCMS 1.4.1 - Remote Code Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-74 ISO27001-A.14.2.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Vulnerability Name
Full Path Disclosure
Classification
OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-202 CWE-209 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-ERRH-01
Vulnerability Name
Full path disclosure (FPD) vulnerability
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API3 CAPEC-126 WASC-13 WSTG-INFO-09
Vulnerability Name
Full-read SSRF in Spring Cloud Netflix (Hystrix Dashboard)
Classification
CWE-610 CVE-2020-5412 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Name
Geddy before v13.0.8 LFI
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 HIPAA-22 ISO27001-A.14.2.5 WASC-33 CVE-2015-5688 CWE-22
Vulnerability Name
Getresponse Takeover Detection
Classification
WSTG-CONF-10
Vulnerability Name
Ghostcat Vulnerability (CVE-2020–1938)
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-434 WASC-13
Vulnerability Name
Git Repository Exposure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-188 CWE-541 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.12.6.1 WASC-34 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-04
Vulnerability Name
GlassFish LFI
Classification
OWASP 2013-A4 OWASP 2017-A5 WASC-33 ISO27001-A.14.2.5 HIPAA-22 CAPEC-252 PCI v3.2 CVE-2017-1000028 CWE-22
Vulnerability Name
Grafana unauthenticated API
Classification
CVE-2019-15043 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-306
Vulnerability Name
Guessable credentials found
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 OWASP PC-C8 CAPEC-560 CWE-287 WASC-18 WSTG-ATHN-02
Vulnerability Name
HA Proxy Statistics
Classification
CWE-16
Vulnerability Name
HTML Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C4 CAPEC-242 CWE-80 WASC-08 WSTG-CLNT-03
Vulnerability Name
HTTP Method Vulnerability Found
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2017-A6 OWASP 2019-API7 CWE-650 WASC-14 WSTG-CONF-06
Vulnerability Name
HTTP Only Website
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-4.1 OWASP PC-C2 CAPEC-315 CWE-311 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.14.1.3 WASC-4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-V42-SESS-02
Vulnerability Name
HTTP Parameter Manipulation
Classification
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-6.5.8 OWASP PC-C5 CAPEC-98 CWE-20 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N WSTG-ATHZ-04
Vulnerability Name
HTTP Public Key Pinning (HPKP) header cannot be recognised
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CONF-07
Vulnerability Name
HTTP Response Splitting Vulnerability
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 CAPEC-34 CWE-113 WASC-25 WSTG-INPV-15
Vulnerability Name
HTTP Strict Transport Security (HSTS) header cannot be recognised
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CONF-07
Vulnerability Name
HTTP Strict Transport Security (HSTS) header not implemented
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CAPEC-217 CWE-523 ISO27001-A.14.1.2 WASC-04 WSTG-CONF-07
Vulnerability Name
HTTP Strict Transport Security (HSTS) header on the invalid certificate chain
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CONF-07
Vulnerability Name
HTTP Strict Transport Security (HSTS) header set to less than six months
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CONF-07
Vulnerability Name
HTTP Strict Transport Security header not available over HTTPS
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C10 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CONF-07
Vulnerability Name
HTTPS Content Accessible via HTTP
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-4.1 OWASP PC-C8 CAPEC-170 CWE-311 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.14.1.3 WASC-4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CRYP-03
Vulnerability Name
Harbor Enables Privilege Escalation From Zero to admin
Classification
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 CWE-284 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N WSTG-ATHZ-03
Vulnerability Name
Hatenablog takeover detection
Classification
WSTG-CONF-10
Vulnerability Name
Heartbleed Vulnerability
Classification
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-2.3 OWASP PC-C2 CAPEC-310 CWE-119 Subpart C, HIPAA-164.308(a)(1)(ii)(A) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
Vulnerability Name
Heartbleed vulnerability
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.2 OWASP PC-C1 CAPEC-216 CWE-119 ISO27001-A.14.2.5 WASC-04 WSTG-CRYP-01
Vulnerability Name
Helpscout Takeover Detection
Classification
WSTG-CONF-10
Vulnerability Name
Hidden File Exposure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-186 CWE-538 Subpart C,HIPAA-164.312(a)(2)(iv) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N WSTG-CONF-05
Vulnerability Name
Hikvision Authentication Bypass
Classification
CVE-2017-7921
Vulnerability Name
Horde Groupware Unauthenticated
Classification
CVSS score 7.5 CWE 284 OWASP 2013-A1 OWASP 2017-A1 CVE-2015-1427
Vulnerability Name
Htaccess Bypass
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-250 WASC-14 WSTG-CONF-02
Vulnerability Name
Httpoxy - Unsafe Proxy Header Usage
Classification
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-6.5.9 OWASP PC-C5 CAPEC-111 CWE-20 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-V4.2-INFO-07
Vulnerability Name
IBM DB Boolean based blind sql injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C4 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05
Vulnerability Name
ILO4 Authentication bypass
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 OWASP PC-C4 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H WSTG-SESS-08
Vulnerability Name
IP Addresses in ViewState
Classification
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-6.5.13 OWASP PC-C8 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-03
Vulnerability Name
IceWarp Less Than 10.4.4 - Local File Inclusion
Classification
CVE-2019-8982 CWE-918
Vulnerability Name
IceWarp WebMail Reflected XSS
Classification
CVE-2020-27982 CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
IceWarp WebMail XSS
Classification
CWE-79 CVE-2020-8512 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Image Privacy Data Exposure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.8 OWASP PC-C8 CAPEC-169 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-08
Vulnerability Name
Improper Access Control
Classification
OWASP 2017-A5 OWASP 2021-A1 PCI v4.0-7.1 OWASP PC-C6 CAPEC-115 CWE-287 Subpart C, HIPAA-164.312(d) ISO27001-A.13.2.1 WASC-1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-ATHZ-01
Vulnerability Name
Improper Cache-Control Configuration
Classification
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-314 CWE-525 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-ATHN-06
Vulnerability Name
Information Leak in Page Banner
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.9 OWASP PC-C9 CAPEC-26 CWE-200 ISO27001-A.14.2.5 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N WSTG-INFO-02
Vulnerability Name
Information leakage in EXIF data of images
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP PC-C8 CAPEC-118 CWE-200 ISO27001-A.18.1.3 WASC-13 WSTG-INFO-05
Vulnerability Name
Information leakage of the web application's directory or folder path
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API3 OWASP PC-C10 CAPEC-118 CWE-22 ISO27001-A.18.1.4 WASC-13 WSTG-INFO-03
Vulnerability Name
Information leakage using meta tag
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 CWE-200 WASC-13 WSTG-INFO-05
Vulnerability Name
Inline queries SQL injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Vulnerability Name
Insecure Authentication Method
Classification
OWASP 2017-A2 OWASP 2021-A1 PCI v4.0-7.1 OWASP PC-C6 CAPEC-111 CWE-326 Subpart C, HIPAA-164.312(d) ISO27001-A.13.2.1 WASC-4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-ATHZ-01
Vulnerability Name
Insecure File Upload
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-17 CWE-434 WASC-42 WSTG-BUSL-09
Vulnerability Name
Insecure FrontPage extension configuration
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-16 HIPAA-164.306(a) WASC-13
Vulnerability Name
Insecure HTTP to HTTPS Form Transition
Classification
OWASP 2017-A6 OWASP 2021-A2 PCI v4.0-4.1 OWASP PC-C2 CAPEC-63 CWE-319 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.14.1.3 WASC-15 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CRYP-03
Vulnerability Name
Insecure HTTPS to HTTP Form Transition
Classification
OWASP 2017-A6 OWASP 2021-A2 PCI v4.0-4.1 OWASP PC-C2 CAPEC-63 CWE-319 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.14.1.3 WASC-15 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CRYP-03
Vulnerability Name
Insecure JavaServer Faces ViewState
Classification
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-6.5.4 OWASP PC-C4 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHZ-04
Vulnerability Name
Insecure RIA cross domain policy
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-942 WASC-15 WSTG-CONF-08
Vulnerability Name
Insecure Redirection
Classification
OWASP 2013-A10 OWASP 2017-A5 OWASP 2021-A1 CWE-601 WASC-38 WSTG-CLNT-04
Vulnerability Name
Insecurely Scoped Cookie
Classification
OWASP 2017-A6 OWASP 2021-A8 PCI v4.0-6.5.4 OWASP PC-C6 CAPEC-118 CWE-565 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-15 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-SESS-02
Vulnerability Name
Inspur ClusterEngine V4.0 RCE
Classification
CVE-2020-21224 CWE-88 CVSS:AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Name
Inspur ClusterEngine V4.0 RCE
Classification
CVE-2020-21224 CWE-88 CVSS:AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Name
Integer Overflow Vulnerability
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-128 CWE-190 Subpart C, HIPAA-164.306(a)(2) ISO27001-A.13.8.5 WASC-3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-09
Vulnerability Name
Intercom Takeover Detection
Classification
WSTG-CONF-10
Vulnerability Name
Intermediate TLS compatibility
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 PCI v3.2-6.5.4 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 WSTG-CRYP-01
Vulnerability Name
Invalid certificate chain encountered during redirection
Classification
OWASP 2013-A10 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-297 WSTG-CLNT-04
Vulnerability Name
JIRA Directory Traversal
Classification
CVE-2019-8442 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Name
JIRA SSRF
Classification
CWE-918 CVE-2019-8451 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Name
JIRA Unauthenticated Sensitive Information Disclosure
Classification
CVE-2019-8449 CWE-306 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Name
JSON Web Token (JWT) Vulnerability
Classification
OWASP 2017-A2 OWASP 2021-A7 PCI v4.0-6.5.4 OWASP PC-C6 CAPEC-234 CWE-347 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-05
Vulnerability Name
Java Deserialization Vulnerability
Classification
OWASP 2017-A8 OWASP 2021-A4 PCI v4.0-6.5.4 OWASP PC-C4 CAPEC-120 CWE-502 Subpart C, HIPAA-164.312(e)(2)(i) ISO27001-A.13.8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHZ-04
Vulnerability Name
Jellyfin prior to 10.7.0 Unauthenticated Arbitrary File Read
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200 WSTG-CRYP-03 CVE-2021-21402
Vulnerability Name
Jenkin Audit Trail Plugin XSS
Classification
CWE-79 CVE-2020-2140 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Jenkins 2.138 Remote Command Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 WSTG-INPV-08
Vulnerability Name
Jenkins Gitlab Hook XSS
Classification
CWE-79 CVE-2020-2096 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Jenkins build-metrics plugin 1.3 - label Cross-Site Scripting
Classification
CWE-79 CVE-2010-4240
Vulnerability Name
Jenzabar v9.20-v9.2.2 XSS
Classification
CWE-79 CVE-2021-26723 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Jira - Reflected XSS using searchOwnerUserName parameter.
Classification
CWE-79 CVE-2019-3402 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Jira IconURIServlet SSRF
Classification
OWASP 2013-A5 OWASP 2017-A6 ISO27001-A.14.2.5 WASC-20 WSTG-INPV-19
Vulnerability Name
Jira Subversion ALM for enterprise XSS
Classification
CWE-79 CVE-2020-9344 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Jnoj Directory Traversal for file reading(LFI)
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CVE-2019-17538 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33
Vulnerability Name
Jolokia XSS
Classification
CVE-2018-1000129 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Joomla Core SQL Injection
Classification
CVE-2015-7297 CWE-89
Vulnerability Name
Joomla Core vulnerability
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-79
Vulnerability Name
Joomla Debug Mode status
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 WASC-13
Vulnerability Name
Joomla SQL Injection
Classification
CVE-2017-8917 CWE-89
Vulnerability Name
Joomla User Registration Process
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 WASC-13
Vulnerability Name
Joomla admin page
Classification
OWASP 2013-A7 OWASP 2017-A4 OWASP 2021-A1 PCI v3.2-6.5.8 OWASP PC-C6 CAPEC-87 CWE-425 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.9.4.1 WASC-34
Vulnerability Name
Joomla common log files
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-532 WASC-20
Vulnerability Name
Kentico CMS Insecure Deserialization RCE
Classification
OWASP 2013-A1 OWASP 2017-A8 OWASP 2021-A8 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-502
Vulnerability Name
Kibana Timelion Arbitrary Code Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-94 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Vulnerability Name
Klog Server Unauthenticated Command Injection
Classification
CVE-2020-35729 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2020-35749 CWE-22 OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C7 CAPEC-118 ISO27001-A.18.1.4 WASC-13
Vulnerability Name
LARAVEL less than or equal to V8.4.2 DEBUG MODE - REMOTE CODE EXECUTION
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CVE-2021-3129
Vulnerability Name
LDAP Injection Attack
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-255 CWE-90 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-29 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-06
Vulnerability Name
Lack of wildcard DNS entry found
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-155
Vulnerability Name
Lanproxy Directory Traversal
Classification
CWE-22 CVE-2021-3019 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Name
Laravel Debug Enabled
Classification
CWE-16 PCI v3.1-6.5.5 PCI v3.2-6.5.5; CAPEC-214 ISO27001-A.14.1.2 WASC-14 OWASP 2013-A5 OWASP 2017-A6
Vulnerability Name
Laravel Telescope Disclosure
Classification
CVSS-5.0 CVSS-AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Name
Laravel log file publicly accessible
Classification
OWASP 2013-A6 OWASP 2017-A3 CWE-538 OWASP PC-C8 WSTG-CRYP-03
Vulnerability Name
Liferay Portal Unauthenticated RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-502 ISO 27001-A.14.2.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Vulnerability Name
Lightweight Directory Access Protocol (LDAP) injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 CAPEC-136 CWE-20 WASC-29 WSTG-INPV-06
Vulnerability Name
LinkedIn Oncall 1.4.0 XSS
Classification
CWE-79 CVE-2021-26722 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
LinuxKI Toolset 6.01 Remote Command Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 ISO 27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Vulnerability Name
Local File Inclusion
Classification
OWASP 2013-A4 OWASP 2017-A5 OWASP 2021-A1 PCI v3.2-6.5.8 CAPEC-252 CWE-22 HIPAA-164.306(a) ISO27001-A.14.2.5 WASC-33 WSTG-INPV-11
Vulnerability Name
Log4j Vulnerability
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 OWASP PC-C2 WSTG-INPV-08
Vulnerability Name
Log4j Vulnerability (CVE-2021-44228)
Classification
OWAS _2017-A9 OWASP 2021-A6 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-120 CWE-117 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
Vulnerability Name
Log4j Vulnerability (CVE-2021-45046)
Classification
OWASP 2017_A09 OWASP 2021-A6 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-120 CWE-117 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
Vulnerability Name
Logjam attack against the TLS protocol
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-757 HIPAA-164.306 ISO27001-A.14.1.2 WASC-04 WSTG-CRYP-01
Vulnerability Name
Loose Cookie Security Detection
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C6 CAPEC-151 CWE-205 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-45 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-SESS-02
Vulnerability Name
MD4/MD5 Hash Exposure
Classification
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-2.3 OWASP PC-C8 CAPEC-310 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-04
Vulnerability Name
MX injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C4 CAPEC-183 CWE-77 WASC-30 WSTG-INPV-10
Vulnerability Name
Magento Config Disclosure
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 PCI v3.2-6.5.8 CWE-284 ISO27001-A.18.1.3 WSTG-CONF-02
Vulnerability Name
Magmi – Cross-Site Scripting v.0.7.22
Classification
CWE-79 CVE-2017-7391 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Majordomo2 - SMTP/HTTP Directory Traversal
Classification
OWASP 2013-A7 OWASP 2017-A5 CVE-2011-0049 CWE-22 CAPEC-213
Vulnerability Name
Mara CMS 7.5 - Reflected Cross-Site Scripting
Classification
CWE-79 CVE-2020-24223 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
McAfee ePolicy Orchestrator RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08 CWE-94
Vulnerability Name
McAfee ePolicy Orchestrator Reflected XSS
Classification
CWE-79 CVE-2020-7318 CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Memcached Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C4 CWE-502 WASC-07
Vulnerability Name
Meridian Integrated Personal Call Director Password Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP PC-C8 CWE-200 WASC-13 WSTG-ATHN-03
Vulnerability Name
MetInfo 6.0.0/6.1.0 LFI
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33
Vulnerability Name
Micro Focus UCMDB RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Vulnerability Name
MicroStrategy tinyurl - BSSRF
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-918 ISO 27001-A.14.2.5 WASC-20 WSTG-INPV-19
Vulnerability Name
Microsoft RDS Arbitrary Remote Command Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C5 CWE-78 WASC-31
Vulnerability Name
Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CAPEC-242 CWE-346 ISO27001-A.14.2.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-08
Vulnerability Name
Microsoft Site Server Information Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 PCI v3.2-6.5.5 OWASP PC-C8 CWE-200 WASC-14 WSTG-INFO-09
Vulnerability Name
Misconfigured Docker on Default Port
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 WASC-15
Vulnerability Name
Missing Fallback Signaling Cipher Suite Value
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-757 WASC-13
Vulnerability Name
Missing Subresource Integrity (SRI) Attribute
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-109 CWE-345 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-15 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-CONF-02
Vulnerability Name
Modern Events Calendar Lite less than 5.16.5 - Unauthenticated Events Export
Classification
OWASP 2013-A7 OWASP 2017-A5 CVE-2021-24146 CWE-284
Vulnerability Name
Modern TLS compatibility
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 HIPAA-164.306 WASC-13 WSTG-CRYP-01
Vulnerability Name
Moodle filter_jmol - LFI
Classification
OWASP 2013-A4 OWASP 2017-A5 WASC-33 ISO27001-A.14.2.5 HIPAA-22 CAPEC-252 PCI v3.2 CVE-2017-1000028
Vulnerability Name
Multiple Redirects Detected (Potential Info Leak)
Classification
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.7 OWASP PC-C9 CAPEC-170 CWE-201 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.9.1.2 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-05
Vulnerability Name
MySQL Dump Files
Classification
CWE-530 CWE-89 CWE-200 CVE-2016-5483
Vulnerability Name
NUUO NVRmini 2 3.0.8 Local File Disclosure
Classification
Vulnerability Name
NeDi 1.9C XSS
Classification
CWE-79 CVE-2020-14413 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Neon Dashboard - XSS Reflected
Classification
CWE-79 CVE-2019-20141 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Netrc Config File
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-538 WSTG-CRYP-03
Vulnerability Name
Netsweeper WebAdmin unixlogin.php Python Code Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
Vulnerability Name
Next.js .next/ limited path traversal
Classification
CWE-22 CVE-2020-5284 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Name
Nextjs v2.4.1 LFI
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33 WSTG-INPV-11
Vulnerability Name
Nginx off-by-slash exposes Git config
Classification
CVSS-5.0 CVSS-AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Name
Nginx virtual host traffic status module XSS
Classification
CWE-79
Vulnerability Name
NoSQL Injection (MongoDB)
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-210 CWE-943 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-05
Vulnerability Name
Node.js 8.5.0 gater than equal and less than 8.6.0 Directory Traversal
Classification
OWASP 2013-A7 OWASP 2017-A5 CVE-2017-14849 CWE-22
Vulnerability Name
Node.js Systeminformation Command Injection
Classification
CVE-2021-21315
Vulnerability Name
Non-Cachable Content
Classification
OWASP_2013_A5 OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-3.4 OWASP PC-C8 CAPEC-168 CWE-524 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.8.1 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-ATHN-06
Vulnerability Name
Nostromo 1.9.6 - Remote Code Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-22 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Vulnerability Name
Nuxeo Authentication Bypass Remote Code Execution
Classification
CVE-2018-16341
Vulnerability Name
OA TongDa Path Traversal
Classification
OWASP 2013-A7 OWASP 2017-A5 CWE-22
Vulnerability Name
OOB XSS Vulnerability
Classification
OWASP 2017-A7 OWASP 2021-A3 PCI v4.0-6.5.12 OWASP PC-C9 CAPEC-174 CWE-79 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.1 WASC-8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H WSTG-INPV-01
Vulnerability Name
Obtain plaintext by observing length differences
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-326 ISO27001-A.14.1.2 WSTG-CRYP-01
Vulnerability Name
Odoo 12.0 - Local File Inclusion
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33 WSTG-INPV-11
Vulnerability Name
Old Backup and Unreferenced files
Classification
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A5 OWASP 2019-API9 CWE-530 WASC-34
Vulnerability Name
Old TLS backward compatibility
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 WSTG-CRYP-01
Vulnerability Name
Open Redirect
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.7 OWASP PC-C2 CAPEC-601 CWE-601 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.9.1.2 WASC-38 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N WSTG-CLNT-04
Vulnerability Name
Open Redirect in EpiServer
Classification
CWE-601 CVE-2020-24550 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Open WebSocket
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-352 WASC-13
Vulnerability Name
Open-School 3.0/Community Edition 2.3 - Cross Site Scripting
Classification
CWE-79 CVE-2019-14696 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Open-redirect in Traefik
Classification
CWE-601 CVE-2020-15129 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Openfire Full Read SSRF
Classification
CVE-2019-18394 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Name
Openfire LFI
Classification
CVE-2019-18394 CWE-918
Vulnerability Name
Oracle Business Intelligence Path Traversal
Classification
OWASP 2013-A7 OWASP 2017-A5 CAPEC-213 CWE-22 WASC-33 WSTG-ATHZ-01
Vulnerability Name
Oracle Content Server XSS
Classification
CWE-79 CVE-2017-10075 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Vulnerability Name
Oracle WebCenter Sites XSS
Classification
CVE-2018-2791 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Vulnerability Name
Oracle WebLogic RCE
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Vulnerability Name
Oracle WebLogic Server Administration Console Handle RCE
Classification
CVE-2020-14882 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-78 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08
Vulnerability Name
Oracle WebLogic Server Administration Console Handle RCE
Classification
CVE-2020-14882 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-78 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08
Vulnerability Name
Oracle Weblogic Server Unauthenticated RCE
Classification
CVE-2019-2725 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Vulnerability Name
Origin Spoof Access Restriction Bypass
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-732 WASC-15
Vulnerability Name
PDF Signer 3.0 - SSTI to RCE via CSRF Cookie Vulnerability
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08
Vulnerability Name
PHP Config contain database IDs and passwords
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP PC-C8 CAPEC-118 CWE-213 ISO27001-A.18.1.4 WASC-13
Vulnerability Name
PHP Source Code Exposure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-186 CWE-540 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-06
Vulnerability Name
PHP code injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 CAPEC-242 CWE-94 HIPAA-164.306(a) ISO27001-A.14.2.5 WASC-20 WSTG-INPV-11
Vulnerability Name
PHP post_max_size show phpinfo()
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-346 CWE-16 ISO27001-A.18.1.3 WASC-13
Vulnerability Name
PHP session.use_trans_sid Session Hijacking
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 CAPEC-593 CWE-16 WASC-15 WSTG-SESS-09
Vulnerability Name
PHP-FPM Vulnerability (CVE-2019-11043) with NGINX
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-787
Vulnerability Name
PII Disclosure via WebSocket
Classification
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-202 CWE-359 Subpart C, HIPAA-164.312(c)(1) WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-07
Vulnerability Name
PMB 5.6 - 'chemin' Local File Disclosure
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 HIPAA-22 ISO27001-A.14.2.5 WASC-33 CWE-22
Vulnerability Name
POODLE Attack
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-326 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 WSTG-CRYP-01
Vulnerability Name
PUT method enabled
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-650 WASC-14
Vulnerability Name
PacsOne Server XSS
Classification
CWE-79 CVE-2020-29164 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Padding Oracle Attack
Classification
OWASP 2017-A6 OWASP 2021-A2 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-166 CWE-209 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-CRYP-02
Vulnerability Name
Palo Alto Networks Reflected XSS
Classification
CWE-79 CVE-2020-2036 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Name
Parameter Pollution Attack
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.2 OWASP PC-C5 CAPEC-460 CWE-20 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N WSTG-INFO-07
Vulnerability Name
Parameter tampering attack
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API1 OWASP PC-C5 CAPEC-460 CWE-233 WASC-20 WSTG-INPV-04
Vulnerability Name
Password Autocomplete in Browser
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP PC-C1 CAPEC-464 CWE-16 ISO27001-A.14.1.2 WASC-15
Vulnerability Name
Path Traversal Vulnerability
Classification
OWASP_2013_A4 OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.3 OWASP PC-C5 CAPEC-166 CWE-20 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Name
Personally Identifiable Information Disclosure
Classification
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-3.3 OWASP PC-C8 CAPEC-202 CWE-359 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.8.2.1 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-08
Vulnerability Name
PhpMyAdmin 4.8.1 Remote File Inclusion
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-287 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
Vulnerability Name
PhpMyAdmin Scripts/setup.php Deserialization Vulnerability
Classification
OWASP 2013-A1 OWASP 2017-A8 CWE-502
Vulnerability Name
PhpMyExplorer Directory traversal
Classification
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 CAPEC-213 CWE-22 WASC-33 WSTG-ATHZ-01
Vulnerability Name
Phpinfo() Memory Limit
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-346 CWE-213 ISO27001-A.18.1.3 WASC-13
Vulnerability Name
Phpinfo() Open Base Directory Is Disabled
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-346 CWE-213 ISO27001-A.18.1.3 WASC-13
Vulnerability Name
Phpinfo() PHP Magic Quotes Gpc is On
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-346 CWE-213 ISO27001-A.18.1.3 WASC-13
Vulnerability Name
Phpinfo() Upload Max Filesize
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-346 CWE-213 ISO27001-A.18.1.3 WASC-13
Vulnerability Name
Potential Heartbleed Vulnerability
Classification
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-2.3 OWASP PC-C2 CAPEC-310 CWE-119 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.12.6.1 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
Vulnerability Name
Potential Username Enumeration
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.6 OWASP PC-C6 CAPEC-124 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.9.1.2 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-IDNT-04
Vulnerability Name
Potential web backdoor
Classification
OWASP 2013-A10 OWASP 2017-A10 OWASP 2021-A9 PCI v3.2-6.5.6 CAPEC-443 CWE-912 HIPAA-164.308(a) ISO27001-A.12.2.1 WASC-15 WSTG-INFO-09
Vulnerability Name
Potentially dangerous file
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 CAPEC-17 CWE-434 HIPAA-164.306(a)
Vulnerability Name
Private IP Disclosure
Classification
OWASP 2017-A3 OWASP 2021-A1 PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-202 CWE-200 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-08
Vulnerability Name
Private IP address disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API3 PCI v3.2-6.5.5 OWASP PC-C8 CWE-200 ISO27001-A.18.1.4 WASC-13 WSTG-CRYP-03
Vulnerability Name
ProFTPd RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08 CVE-2015-3306 CWE-284
Vulnerability Name
Processing of Change Cipher Spec
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-326 ISO27001-A.14.1.2 WSTG-CRYP-01
Vulnerability Name
Properties File Exposure in /WEB-INF
Classification
OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-188 CWE-541 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-34 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CONF-05
Vulnerability Name
Proposify Takeover Detection
Classification
WSTG-CONF-10
Vulnerability Name
Proxy Information Disclosure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-118 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-45 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-07
Vulnerability Name
Publicly Writable Directory
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP PC-C7 CWE-379 WASC-13
Vulnerability Name
Pulse Connect Secure SSL VPN arbitrary file read vulnerability
Classification
OWASP 2013-A7 OWASP 2017-A5 CVE-2019-11510 CWE-22
Vulnerability Name
Qi anxin Netkang Next Generation Firewall RCE
Classification
CWE-94 OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Vulnerability Name
Query hashed password via QueryBuilder Servlet
Classification
Vulnerability Name
RCE in MobileIron Core & Connector
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-78 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Vulnerability Name
ROBOT Attack (Breitenbacher RSA)
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-203 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C WSTG-CRYP-01
Vulnerability Name
Rack-Mini-Profiler Environment Information Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-287
Vulnerability Name
Rails Asset Pipeline Directory Traversal Vulnerability
Classification
CVE-2018-3760 CWE-200 OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 WSTG-CRYP-03
Vulnerability Name
Rails Debug Mode Enabled
Classification
OWASP 2013-A5 OWASP 2017-A6- CWE-16 CAPEC-214 PCI v3.1-6.5.5 PCI v3.2-6.5.5 ISO 27001-A.14.1.1 WASC-14
Vulnerability Name
Redirection from HTTP to HTTPS to a different host preventing HSTS
Classification
OWASP 2013-A10 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CLNT-04
Vulnerability Name
Redirects to HTTPS eventually, but initial redirection is to another HTTP URL
Classification
OWASP 2013-A10 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-601 WASC-38 WSTG-CLNT-04
Vulnerability Name
Redirects, but final destination is not an HTTPS URL
Classification
OWASP 2013-A10 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-601 WASC-38 WSTG-CLNT-04
Vulnerability Name
Redwood v4.3.4.5-v4.5.3 XSS
Classification
CWE-79 CVE-2021-26710 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Referrer-Policy header unsafely
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-200
Vulnerability Name
Referrer-policy header cannot be recognized
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-200 ISO27001-A.14.2.5 WASC-20
Vulnerability Name
Reflected Cross Site Scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-591 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-08 WSTG-INPV-01
Vulnerability Name
Reflected File Download vulnerability
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 CAPEC-375 CWE-840 ISO27001-A.14.2.5 WASC-42
Vulnerability Name
Regular expression Denial of Service vulnerability (ReDoS)
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 CAPEC-492 CWE-400 ISO27001-A.14.1.2 WASC-10
Vulnerability Name
Remote Code Execution (CVE-2012-1823)
Classification
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-6.5.4 OWASP PC-C10 CAPEC-120 CWE-20 Subpart C, HIPAA-164.312(e)(2)(ii) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-12
Vulnerability Name
Remote OS Command injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C5 CAPEC-88 CWE-78 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-31 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
Vulnerability Name
Remote access code
Classification
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 OWASP 2019-API5 CWE-287 WASC-01
Vulnerability Name
Remote file inclusion
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C4 CAPEC-193 CWE-98 HIPAA-164.306(a) ISO27001-A.14.2.5 WASC-05 WSTG-INPV-11
Vulnerability Name
Renegotiation allowing to insert data into HTTPS sessions
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-757 HIPAA-164.306(a) ISO27001-A.14.1.2 WASC-04 WSTG-CRYP-01
Vulnerability Name
Revealing phpinfo()
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 CAPEC-346 CWE-213 ISO27001-A.18.1.3 WASC-13
Vulnerability Name
Revive Adserver XSS
Classification
CWE-79 CVE-2020-8115 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
RockMongo V1.1.8 XSS
Classification
CWE-79
Vulnerability Name
RocketChat Unauthenticated Email enumeration
Classification
CWE-203 CVE-2020-28208 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Name
RocketChat Unauthenticated Read Access
Classification
Vulnerability Name
Rosetta flash vunerability
Classification
OWASP 2013-A5 OWASP 2017-A1 OWASP 2021-A3 CWE-352 WASC-15 WSTG-CLNT-08
Vulnerability Name
Rstudio Shiny Server Directory Traversal
Classification
CWE-22 CVE-2021-3374 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Name
Ruijie Information Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200
Vulnerability Name
Ruijie Networks Switch eWeb S29_RGOS 11.4 LFI
Classification
CWE-22 OWASP 2013-A4 OWASP 2017-A5 WASC-33 ISO27001-A.14.2.5 HIPAA-22 CAPEC-252 PCI v3.2
Vulnerability Name
Ruijie Smartweb Management System Password Information Disclosure
Classification
OWASP 2017-A3 OWASP 2017-A6 CWE-200 CVE-2020-14329
Vulnerability Name
Rumpus FTP Web File Manager 8.2.9.1 XSS
Classification
CWE-79 CVE-2019-19368 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
SFTP credentials exposure
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-16 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N ISO27001-A.18.1.3 WASC-15
Vulnerability Name
SMBGhost Vulnerability (CVE-2020-0796)
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-119
Vulnerability Name
SOAP Action Header Spoofing
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-109 CWE-209 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N WSTG-VATHZ-04
Vulnerability Name
SOAP XML Injection Vulnerability
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-126 CWE-91 Subpart C, HIPAA-164.306(a)(1) ISO27001-A.13.8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHZ-04
Vulnerability Name
SQL Injection (Hypersonic SQL)
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Vulnerability Name
SQL Injection (MySQL)
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.306(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-05
Vulnerability Name
SQL Injection (Oracle)
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Vulnerability Name
SQL Injection (PostgreSQL)
Classification
OWASP 2017-A1 OWASP 2021--A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Vulnerability Name
SQL Injection (SQLite)
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-05
Vulnerability Name
SQL Injection Vulnerability
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.306(a)(1) SO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-05
Vulnerability Name
SQL injection(SQLi)
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Vulnerability Name
SRI HTML not parsable
Classification
OWASP 2013-A5 OWASP 2017 A6 OWASP 2021-A5 WASC-14
Vulnerability Name
SSL compression methods
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-310 HIPAA-164.306 ISO27001-A.14.1.2 WASC-13 WSTG-CRYP-01
Vulnerability Name
SSL(Secure Sockets Layer) protocol version outdated
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-310 HIPAA-164.306 ISO27001-A.14.1.2 WASC-13 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N WSTG-CRYP-01
Vulnerability Name
SSRF Vulnerability
Classification
OWASP 2017-A5 OWASP 2021-A10 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-152 CWE-918 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-19
Vulnerability Name
SVN Repository Exposure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.5 OWASP PC-C7 CAPEC-188 CWE-541 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.12.6.1 WASC-34 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-05
Vulnerability Name
SaltStack Shell Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CAPEC-88 CWE-78 WASC- 31
Vulnerability Name
SaltStack wheel async unauth access
Classification
OWASP 2013-A2 OWASP 2017-A2 CVE-2020-11651 CVSS Score 7.5 CWE ID 20
Vulnerability Name
Samsung Wlan AP (WEA453e)RCE
Classification
CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Vulnerability Name
Sangfor EDR 3.2.17R1/3.2.21 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 OWASP PC-C1 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Vulnerability Name
Sensitive Data in URL
Classification
OWASP 2017-A3 OWASP 2021-A1 PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-312 CWE-200 Subpart C, HIPAA-164.312(a)(2)(i) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N WSTG-INFO-08
Vulnerability Name
Sensitive data exposure via insecure Jira endpoint
Classification
CWE-200 CVE-2020-14179 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Name
Server Certificate Validation Through OCSP Stapling
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-299 WASC-13
Vulnerability Name
Server vulnerabilities and misconfiguration for sensitive information
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C8 CAPEC-21 CWE-200 CWE-200 WASC-14 WSTG-CONF-02
Vulnerability Name
Server-Side Include Vulnerability
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-110 CWE-97 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.8.5 WASC-31 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
Vulnerability Name
Server-Side Includes (SSI) injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 CAPEC-101 CWE-97 WASC- 31 WSTG-INPV-08
Vulnerability Name
Server-Side Template Injection
Classification
PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-120 CWE-94 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INFO-06
Vulnerability Name
Session Cookie set without 'Secure' Flag but protected by HSTS
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 PCI v3.2-6.5.10 CAPEC-102 CWE-614 HIPAA-164.306(a) ISO27001-A.14.1.2 WASC-15 WSTG-CONF-03
Vulnerability Name
Session Fixation Attack
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 OWASP 2019-API2 OWASP PC-C6 CWE-384 WASC-37
Vulnerability Name
Session ID Leakage via Referer Header
Classification
OWASP 2017-A3 OWASP 2021-A1 PCI v4.0-6.5.11 OWASP PC-C8 CAPEC-127 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N WSTG-SESS-04
Vulnerability Name
Session ID in URL Parameters
Classification
OWASP 2017-A3 OWASP 2021-A1 PCI v4.0-6.5.10 OWASP PC-C6 CAPEC-25 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-13 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-SESS-04
Vulnerability Name
Shellshock Remote Code Execution
Classification
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-6.5.10 OWASP PC-C10 CAPEC-125 CWE-78 Subpart C, HIPAA-164.308(a)(1) ISO27001-A.14.2 WASC-31 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-12
Vulnerability Name
Silverlight Cross-Domain Misconfiguration
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.5 OWASP PC-C5 CAPEC-160 CWE-264 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.6.1 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-08
Vulnerability Name
Simple Employee Records System 1.0 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94, HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Vulnerability Name
Site did not return a status code of 200
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-393 WASC-14 WSTG-IDNT-04
Vulnerability Name
Smugmug Takeover Detection
Classification
WSTG-CONF-10
Vulnerability Name
SolarWinds Database Performance Analyzer 11.1. 457 - Cross-Site Scripting
Classification
CWE-79 CVE-2018-19386 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
SonarQube unauth
Classification
CWE-312 CWE-306 CVE-2020-27986 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Name
Sonicwall SSL VPN ShellShock RCE
Classification
CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Vulnerability Name
Source Code Exposure (CVE-2012-1823)
Classification
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-186 CWE-20 Subpart C, HIPAA-164.312(e)(2)(ii) ISO27001-A.14.1.3 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-06
Vulnerability Name
Source Code Exposure via File Inclusion
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.6 OWASP PC-C7 CAPEC-188 CWE-541 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.2.5 WASC-33 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-08
Vulnerability Name
Source code disclosure
Classification
OWASP 2013-A5 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API3 CAPEC-118 CWE-540 HIPAA-164.306(a) ISO27001-A.18.1.3 WASC-13
Vulnerability Name
Split ViewState Configuration
Classification
OWASP 2017-A6 OWASP 2021-A4 OWASP PC-C5 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L WSTG-INFO-03
Vulnerability Name
Splunk Sensitive Information Disclosure
Classification
CWE-200 CVE-2018-11409 CVE-2018-11409
Vulnerability Name
Spring Actuator Endpoint Exposure
Classification
OWASP 2017-A5 OWASP 2021-A1 PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-186 CWE-215 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-05
Vulnerability Name
Spring Boot Actuators (Jolokia) XXE
Classification
OWASP 2013-A1 OWASP 2017-A4 PCI v3.2- OWASP PC-C3 CAPEC-376 CWE-611 HIPAA-611 ISO27001-A.14.2.5 WASC-43 WSTG-INPV-07
Vulnerability Name
Spring Boot H2 Database RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C1 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Vulnerability Name
Spring Data Commons Unauthenticated RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-20 WSTG-INPV-11
Vulnerability Name
Spring Framework Vulnerability (Spring4Shell)
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-120 CWE-78 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-78 WSTG-NPV-12
Vulnerability Name
Stacked Queries SQL Injection (SQLi)
Classification
CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Vulnerability Name
Stored cross site scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-592 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-08 WSTG-INPV-02
Vulnerability Name
Strikingly Takeover Detection
Classification
WSTG-CONF-10
Vulnerability Name
Sub resource Integrity (SRI) not implemented but all external scripts are loaded securely
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-345 WASC-15 WSTG-INFO-05
Vulnerability Name
Subresource Integrity (SRI) implemented, but external scripts are loaded over http
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CAPEC-310 CWE-829 ISO27001-A.14.1.2 WSTG-INFO-05
Vulnerability Name
Subresource Integrity (SRI) is not implemented, and external scripts are not loaded securely
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 PCI v3.2-11.5.1 OWASP PC-C1 CWE-1214 ISO27001-A.14.2.5 WASC-15
Vulnerability Name
Subrion CMS SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05 CVE-2017-7615
Vulnerability Name
Suspicious Comments Leak
Classification
OWASP 2017-A3 OWASP 2021-A1 PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-202 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-05
Vulnerability Name
Suspicious Comments in XML Leak via WebSocket
Classification
PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-202 CWE-200 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-07
Vulnerability Name
Symantec SSL/TLS check
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C8 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
Vulnerability Name
Symfony Debug Mode
Classification
OWASP 2013-A5 OWASP 2017-A6 WASC-13 CWE-200
Vulnerability Name
Symfony Profiler information leakage
Classification
OWASP 2017-A3 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Name
Symfony database configuratin exposure
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 PCI v3.2-6.5.8 CWE-284 ISO27001-A.18.1.3 WSTG-CONF-02
Vulnerability Name
TLS Android compatibility
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
Vulnerability Name
TLS Edge compatibility
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
Vulnerability Name
TLS Firefox compatibility
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
Vulnerability Name
TLS Internet Explorer compatibility
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
Vulnerability Name
TLS OpenSSL compatability
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
Vulnerability Name
TLS Safari compatibility
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
Vulnerability Name
TLS(Transport Layer Security) protocol version outdated
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP PC-C1 CAPEC-217 CWE-326 HIPAA-164.306 WSTG-CRYP-01
Vulnerability Name
Tabnabbing Attack
Classification
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-6.5.11 OWASP PC-C4 CAPEC-138 CWE-693 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.1 WASC-11 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N WSTG-ATHZ-06
Vulnerability Name
TerraMaster TOS v4.1.24 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Vulnerability Name
Test For Checking Magic Quotes Gpc is On
Classification
OWASP 2013-A1 OWASP 2017-A1 WASC-13
Vulnerability Name
Test For Oracle Application Server
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C3 WASC-14
Vulnerability Name
Test for checking file uploads
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CAPEC-17 CWE-434 WASC-14 WSTG-BUSL-09
Vulnerability Name
The DROWN attack
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-310 WASC-14
Vulnerability Name
The Logjam common primes
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-757 ISO27001-A.14.1.2 WSTG-CRYP-01
Vulnerability Name
The SWEET32 attack
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-326 ISO27001-A.14.1.3 WASC-04 WSTG-CRYP-01
Vulnerability Name
The unseen Drupal
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C1 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2
Vulnerability Name
ThinkAdmin 6 - Arbitrarily File Read
Classification
CWE-22 CVE-2020-25540 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Name
ThinkCMF-LFI vulnerability
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- HIPAA-22 ISO27001-A.14.2.5 WASC-33 WSTG-INPV-11
Vulnerability Name
ThinkPHP 5.0.22 RCE
Classification
OWASP 2013-A4 OWASP 2017-A5 OWASP 2021-A1 OWASP 2019-API8 OWASP PC-C2 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Vulnerability Name
ThinkPHP 5.0.23 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 OWASP PC-C2 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Vulnerability Name
ThinkPHP 5.0.9 Information Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API8 OWASP PC-C2 CWE-200 WSTG-CRYP-03
Vulnerability Name
Thinkcmf RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Vulnerability Name
Tickets option leak uninitialised memory
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 OWASP PC-C1 CAPEC-310 CWE-829 ISO27001-A.14.1.2 WSTG-CRYP-01
Vulnerability Name
TileServer GL Reflected XSS
Classification
CWE-79 CVE-2020-15500 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Time based blind SQL injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Vulnerability Name
Time-Based NoSQL Injection (MongoDB)
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-210 CWE-943 Subpart C, HIPAA-164.306(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHZ-04
Vulnerability Name
Timesheet 1.5.3 - Cross Site Scripting
Classification
CVE-2019-1010287 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Totaljs - Unauthenticated Directory Traversal
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C4 CAPEC-213 CWE-22 WASC-13 WSTG-ATHZ-01
Vulnerability Name
Tpshop Directory Traversal
Classification
OWASP 2013-A7 OWASP 2017-A5 CAPEC-213 CWE-22 WASC-33 WSTG-ATHZ-01
Vulnerability Name
Trace.axd Information Disclosure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 CAPEC-186 CWE-215 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 WSTG-CONF-05
Vulnerability Name
Transport Layer Security
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C1 PCI v3.2- CAPEC-217 CWE-311 HIPAA-311 ISO27001-A.14.1.3 WASC-4 WSTG-CRYP-01
Vulnerability Name
Trend Micro Threat Discovery Appliance Auth Bypass via Directory Traversal
Classification
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 CWE-22 WASC-33 WSTG-ATHZ-01
Vulnerability Name
Triconsole 3.75 XSS
Classification
CWE-79 CVE-2021-27330 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Twig PHP less than 2.4.4 template engine - SSTI
Classification
Vulnerability Name
US Social Security Number disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API3 PCI v3.2-6.5.5 OWASP PC-C8 CAPEC-37 CWE-200 WASC-13 WSTG-CRYP-03
Vulnerability Name
Ultimate PHP Board Data Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP PC-C8 CAPEC-37 CWE-200 WASC-13 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Name
Unauthenticated Cisco Small Business WAN VPN Routers Sensitive Info Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200 WSTG-CRYP-03 CVE-2019-1653
Vulnerability Name
Unauthenticated Jenkin Dashboard
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08 CVE-2020-9047 CWE-94
Vulnerability Name
Unauthenticated Multiple D-Link Routers RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CAPEC-88 CWE-78 WASC- 31 WSTG-INPV-08
Vulnerability Name
Unauthenticated Oracle WebLogic Server RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-502 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Vulnerability Name
Unauthenticated RCE at Mida eFramework on ‘PDC/ajaxreq.php’
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-78 ISO 27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Vulnerability Name
Unhandled error in web application
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-209 WASC-13 WSTG-ERRH-01
Vulnerability Name
Union Query SQL Injection (SQLi)
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Vulnerability Name
Unix Timestamp Exposure
Classification
OWASP 2017-A3 OWASP 2021-A1 PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-168 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-04
Vulnerability Name
Unrestricted File Upload Vulnerability
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-125 CWE-434 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H WSTG-INFO-06
Vulnerability Name
Unsafe HTTP Method
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-94 CWE-200 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.8.5 WASC-45 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L WSTG-CONF-06
Vulnerability Name
Unsafe preg_replace usage
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-661 WASC-13
Vulnerability Name
Unsecured HTTPS cookies
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 PCI v3.2-6.5.10 CWE-311 WASC-13 WSTG-SESS-02
Vulnerability Name
Unsecured ViewState (Confirmed MAC Signature Absence)
Classification
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-6.5.13 OWASP PC-C4 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-03
Vulnerability Name
Unsecured ViewState (Possible MAC Signature Absence)
Classification
OWASP 2017-A6 OWASP 2021-A4 OWASP PC-C4 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L WSTG-\INFO-03
Vulnerability Name
Unvalidated Document Object Model redirection
Classification
OWASP 2013-A10 OWASP 2017-A6 OWASP 2021-A5 OWASP PC-C1 CWE-601 WASC-38
Vulnerability Name
Unvalidated Redirects and Forwards
Classification
OWASP 2013-A10 OWASP 2017-A6 CWE-601 ISO27001-A.14.2.5 WASC-38
Vulnerability Name
Upload Temp Directory is Everyone
Classification
OWASP 2013-A1 OWASP 2017-A1
Vulnerability Name
Use of Vulnerable JavaScript Functions
Classification
OWASP 2017-A7 OWASP 2021-A4 PCI v4.0-6.5.1 OWASP PC-C5 CAPEC-138 CWE-749 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.1 WASC-2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N WSTG-CLNT-02
Vulnerability Name
User Agent Header Fuzzing
Classification
PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-94 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L WSTG-INFO-07
Vulnerability Name
User enumeration via an incorrect authorisation in Jira
Classification
CWE-863 CVE-2019-3403 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Name
User enumeration via insecure Jira endpoint
Classification
CWE-200 CVE-2020-14181 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Name
User information disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API3 PCI v3.2-6.5.5 OWASP PC-C8 CAPEC-37 CWE-200 WASC-13 WSTG-CRYP-03
Vulnerability Name
User-Controlled HTML Attribute (XSS Risk)
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.12 OWASP PC-C5 CAPEC-94 CWE-20 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.13.8.1 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHZ-07
Vulnerability Name
Username Hash Detected
Classification
OWASP 2017-A5 OWASP 2021-A1 PCI v4.0-2.3 OWASP PC-C8 CAPEC-118 CWE-284 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.9.1.2 WASC-2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-ATHZ-04
Vulnerability Name
Username Hash Leak via WebSocket
Classification
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-202 CWE-284 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-07
Vulnerability Name
VBulletin Pre-Auth RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-74 ISO 27001-A.14.2.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Vulnerability Name
VBulletin SQLI
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-94 ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H WSTG-INPV-05
Vulnerability Name
VMware View Planner Unauthenticated RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Vulnerability Name
VMware vCenter Unauthenticated Arbitrary File Read
Classification
Vulnerability Name
VMware vCenter Unauthenticated RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Vulnerability Name
VRealize Operations Manager API SSRF
Classification
OWASP 2013-A6 OWASP 2017-A5 OWASP 2021-A10 PCI v3.2-6.5.1 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INPV-19
Vulnerability Name
Vehicle Parking Management System 1.0 - Authentication Bypass
Classification
CVE-2020-23936
Vulnerability Name
Vignette Content Management Vulnerabilty
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 WASC-45
Vulnerability Name
Vmware Vcenter LFI for Linux appliances
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08 CWE-94
Vulnerability Name
WSDL Exposure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-161 CWE-548 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N WSTG-INFO-06
Vulnerability Name
WSO2 Carbon Management Console - XSS
Classification
CWE-79 CVE-2020-17453 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
Wavemaker Studio 6.6 LFI/SSRF
Classification
CVE-2019-8982 CWE-918
Vulnerability Name
Web Cache Poisoning
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-314 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHN-06
Vulnerability Name
WebDAV 'ScStoragePathFromUrl' Remote Buffer Overflow
Classification
CAPEC-100 CWE-119 WASC-07 WSTG-INPV-13
Vulnerability Name
WebDAV detection
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-16 ISO27001-A.9.4.4 WASC-15
Vulnerability Name
WebPort 1.19.1 - Reflected Cross-Site Scripting
Classification
CWE-79 CVE-2019-12461 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
WebSocket Debug Message Leak
Classification
PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-202 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-07
Vulnerability Name
WebSocket Error Information Leak
Classification
PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-218 CWE-209 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-07
Vulnerability Name
WebSocket via Private IP Leak
Classification
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-202 CWE-200 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-07
Vulnerability Name
Webflow subdomain takeover detection
Classification
WSTG-CONF-10
Vulnerability Name
Weblogic SSRF in SearchPublicRegistries.jsp
Classification
CWE-918 CVE-2014-4210
Vulnerability Name
Webmin less than or equal to 1.920 Unauthenticated Remote Command Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C5 CAPEC-88 CWE-78 HIPAA-78 ISO 27001-A.14.2.5 WASC-31 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
Vulnerability Name
Website contains Mercurial metadata directory
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-1230 WASC-13 WSTG-INFO-05
Vulnerability Name
Website contains SVN metadata directory
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 WSTG-INFO-05
Vulnerability Name
Website contains git metadata directory
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 WSTG-INFO-05
Vulnerability Name
WeiPHP 5.0 Path Traversal
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C2 CWE-22 WASC-33 WSTG-ATHZ-01
Vulnerability Name
What is HTTP Response Header Injection?
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 CAPEC-105 CWE-93 HIPAA-164.306(a) ISO27001-A.14.2.5 WASC-24 WSTG-INFO-08
Vulnerability Name
What is Shellshock vulnerability?
Classification
OWASP 2013-A1 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.1 CAPEC-88 CWE-78 HIPAA-164.306(a) ISO27001-A.14.2.5 WASC-31
Vulnerability Name
WordPress Authenticated JavaScript File Upload
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.1 CWE-434 WSTG-INFO-08
Vulnerability Name
WordPress Authenticated SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Vulnerability Name
WordPress Authentication Bypass
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 OWASP PC-C7 CAPEC-115 CWE-287 WASC-01 WSTG-ATHN-04
Vulnerability Name
WordPress Cross-Site Scripting
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-08 WSTG-INPV-01
Vulnerability Name
WordPress Default localhost vulnerability
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 WSTG-INFO-08 CWE-601
Vulnerability Name
WordPress Directory traversal
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CAPEC-213 CWE-22 WASC-33 WSTG-ATHZ-01
Vulnerability Name
WordPress Escape Version in Generator Tag
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-79 WSTG-INFO-08
Vulnerability Name
WordPress Filesystem Credentials Dialog CSRF
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-352 WASC-09 HIPAA-164.306(a) WSTG-SESS-05
Vulnerability Name
WordPress HTML Language Attribute Escaping
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-79 WSTG-INFO-08
Vulnerability Name
WordPress Host header attack
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 WASC-24 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N WSTG-INPV-17
Vulnerability Name
WordPress Improper handling of post metadata check
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 OWASP PC-C1 CAPEC-310 CWE-352 ISO27001-A.14.1.2 WASC-15 WSTG-INFO-03
Vulnerability Name
WordPress Insufficient redirect validation
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 WSTG-CLNT-04 WASC-38 CWE-918
Vulnerability Name
WordPress Key Weak Hashing
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 WSTG-CRYP-04 WASC-04 CWE-330
Vulnerability Name
WordPress MediaElement Cross-Site Scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-8
Vulnerability Name
WordPress Multiple Themes Privilege Escalation
Classification
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 OWASP PC-C6 WASC-17 WSTG-ATHZ-03 CAPEC-233 CWE-250
Vulnerability Name
WordPress Open Redirect
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-601 WASC-38 WSTG-CLNT-04
Vulnerability Name
WordPress PHP Object Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C3 WSTG-INPV-05
Vulnerability Name
WordPress Plugin Reflected Cross Site Scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 OWASP PC-C4 CAPEC-591 CWE-79 WASC-08 WSTG-INPV-01
Vulnerability Name
WordPress Plugin VideoJS and Cross Site Scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 OWASP PC-C4 CWE-79 WASC-08
Vulnerability Name
WordPress Plugin Vulnerabilities
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C2 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2 WSTG-INFO-09
Vulnerability Name
WordPress RSS and Atom Feed Escaping
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 CWE-79 WASC-08
Vulnerability Name
WordPress Reflected Cross-Site Scripting
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-591 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-08 WSTG-INPV-01
Vulnerability Name
WordPress Refraction Theme Multiple Vulnerabilities
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6
Vulnerability Name
WordPress SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Vulnerability Name
WordPress Server Side Request Forgery (SSRF)
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A10 CWE-918 ISO27001-A.14.2.5 WASC-20 WSTG-INPV-19
Vulnerability Name
WordPress Slider Revolution Local File Disclosure
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.8 CAPEC-87 CWE-22 ISO27001-A.14.2.5 WASC-33
Vulnerability Name
WordPress Slider Revolution Shell Upload
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-434 WASC-31
Vulnerability Name
WordPress Stored Cross-Site Scripting (XSS)
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 ISO27001-A.14.2.5 WASC-08 WSTG-INPV-02
Vulnerability Name
WordPress Theme 'Elegant' Privilege Escalation
Classification
OWASP 2013-A7 OWASP 2017-A5 OWASP 2017-A5 OWASP PC-C7 CWE-250 WASC-17 WSTG-ATHZ-03
Vulnerability Name
WordPress Themes
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C2 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2 WSTG-INFO-09
Vulnerability Name
WordPress Themes Information Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP PC-C8 CAPEC-37 CWE-200 WASC-13
Vulnerability Name
WordPress Versions
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C2 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 WSTG-INFO-09 ISO27001-A.14.1.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Vulnerability Name
WordPress VideoJS plugins Cross-site Scripting (XSS)
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 ISO27001-A.14.2.5 WASC-08 WSTG-INPV-05
Vulnerability Name
WordPress WPDB SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 WASC-19
Vulnerability Name
WordPress arbitrary file upload
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 CWE-434 WSTG-CONF-03
Vulnerability Name
WordPress blind SQL injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-88 CWE-89 ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05
Vulnerability Name
WordPress unpatched Denial Of Service (DoS)
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C10 CAPEC-469 CWE-400 WASC-10
Vulnerability Name
WordPress unsafe redirect for login
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-601 WASC-38
Vulnerability Name
WordPress user enumeration
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP PC-C1 CAPEC-310 CWE-200 ISO27001-A.14.1.2 WASC-15 WSTG-INFO-09
Vulnerability Name
Wordpress Themes Email Spoofing
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-151 WASC-12
Vulnerability Name
X-Content-Type-Options header cannot be recognized
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-16
Vulnerability Name
X-Content-Type-Options header not implemented
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CONF-03
Vulnerability Name
X-Frame options header not implemented
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CAPEC-103 CWE-693 ISO27001-A.14.2.5 WASC-14 WSTG-CLNT-09
Vulnerability Name
X-XSS-Protection Not Implemented
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-15
Vulnerability Name
X-XSS-Protection header invalid
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-15
Vulnerability Name
X-XSS-protection header disabled
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-16 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-15
Vulnerability Name
X-frames options header cannot be recognized
Classification
OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CAPEC-103 CWE-693 ISO27001-A.14.2.5 WASC-14 WSTG-CLNT-09
Vulnerability Name
XML Entity Expansion Attack
Classification
OWASP 2017-A4 OWASP 2021-A4 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-121 CWE-776 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-44 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H WSTG-BUSL-09
Vulnerability Name
XML external entity injection
Classification
OWASP 2013-A1 OWASP 2017-A4 OWASP 2021-A5 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-376 CWE-611 ISO27001-A.14.2.5 WASC-43 WSTG-INPV-07
Vulnerability Name
XML-RPC (Remote Procedure Call)
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-307 WASC-11
Vulnerability Name
XPath Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 CAPEC-83 CWE-643 WASC-39 WSTG-INPV-09
Vulnerability Name
XPath Injection Attack
Classification
OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C5 CAPEC-126 CWE-643 Subpart C, HIPAA-164.306(a)(1) ISO27001-A.13.8.5 WASC-39 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-09
Vulnerability Name
XSLT Injection Attack
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-126 CWE-91 Subpart C,HIPAA-164.312(c)(1) ISO27001-A.13.8.5 WASC-23 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INFO-09
Vulnerability Name
XSS in Fortigates SSL VPN login page
Classification
CVE-2015-1880 CWE-79
Vulnerability Name
XSS via User Controllable JavaScript Event
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.12 OWASP PC-C5 CAPEC-86 CWE-20 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Name
XXE Vulnerability
Classification
OWASP 2017-A4 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-90 CWE-611 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-43 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-07
Vulnerability Name
XdCMS SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05
Vulnerability Name
Yachtcontrol Web application 1.0 - Unauthenticated RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08 CVE-2019-17270 CWE-78
Vulnerability Name
YouPHPTube Encoder RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-78 CVSS:AV:N/AC:L/Au:N/C:P/I:P/A:P WSTG-INPV-08
Vulnerability Name
ZZZCMS 1.6.1 RCE
Classification
CVE-2019-9041 CWE-94
Vulnerability Name
Zabbix Authentication Bypass
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 CWE-639 WSTG-SESS-08
Vulnerability Name
Zenphoto Installation Sensitive Information
Classification
CWE-200
Vulnerability Name
Zeroshell 3.9.0 Remote Command Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Vulnerability Name
Zimbra Collaboration XXE
Classification
OWASP 2013-A1 OWASP 2017-A4 OWASP 2021-A5 OWASP 2019-API8 OWASP PC-C3 CAPEC-376 CWE-611 ISO27001-A.14.2.5 WASC-43 WSTG-INPV-07
Vulnerability Name
atlassian confluence path traversal
Classification
CVE-2019-3396
Vulnerability Name
docker-compose.yml exposure
Classification
OWASP 2017-A5 OWASP 2017-A6 CWE-16 CWE-200 CVSS-4.6
Vulnerability Name
elmah.axd Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A5 OWASP 2019-API7
Vulnerability Name
etcd Unauthenticated HTTP API Leak
Classification
Vulnerability Name
oday RCE in vBulletin v5.0.0-v5.5.4 fix bypass
Classification
CVE-2019-16759
Vulnerability Name
phpMyAdmin setup page
Classification
CWE-16
Vulnerability Name
rConfig 3.9.5 - Remote Code Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08 CVE-2019-16662
Vulnerability Name
simplebooklet takeover detection
Classification
WSTG-CONF-10
Vulnerability Name
trixbox 2.8.0 - directory-traversal
Classification
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2017-14537 CWE-22
Vulnerability Name
worksites takeover detection
Classification
WSTG-CONF-10