Web Application Vulnerabilities Index
The web application vulnerabilities index lists vulnerabilities according to its severity
and is classified by the compliance standard it falls under.
Search Vulnerability
All Vulnerability Category
Critical
High
Medium
Low
Info
.env File Disclosure
- Medium
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-186 CWE-215 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-05
.htaccess File Disclosure
- Medium
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-186 CWE-94 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-05
/WEB-INF Source Code Exposure
- High
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-186 CWE-541 Subpart C, HIPAA-164.312 ISO27001-A.14.1.3 WASC-34 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INPV-15
403 Forbidden Bypass
- Medium
OWASP 2017-A5 OWASP 2021-A1 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-115 CWE-285 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L WSTG-ATHN-04
74cms Sql Injection
- High
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05
ACME mini_httpd arbitrary file read
- High
CVE-2018-18778 OWASP 2013-A7 OWASP 2017-A5 CAPEC-213 CWE-22 WASC-33
AEM QueryBuilder Internal Path Read
- Medium
ASP Code Injection
- High
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-12 CWE-94 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-11
ASP.NET ViewState Exposure
- Low
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.13 OWASP PC-C4 CAPEC-99 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-03
ASP.NET ViewState Integrity Check
- High
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.14 OWASP PC-C4 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-03
Administration page exposure
- Critical
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 OWASP 2019-API7 PCI v3.2-6.5.8 OWASP PC-C7 CAPEC-87 CWE-425 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.9.4.1 WASC-34 WSTG-CONF-05
Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
- High
OWASP 2013-A7 OWASP 2017-A5 CVE-2010-2861 CWE-22
Adobe Cross-Domain Read Misconfiguration
- High
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.5 OWASP PC-C5 CAPEC-160 CWE-264 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.6.1 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-08
Adobe Cross-Domain Send Misconfiguration
- High
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.5 OWASP PC-C5 CAPEC-160 CWE-264 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.6.1 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-08
Advanced SQL Injection Vulnerability
- High
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHZ-04
Aem Groovy console enabled
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API7 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Agilecrm Takeover Detection
- High
WSTG-CONF-10
Alerta Authentication Bypass
- Critical
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 CWE-287 WSTG-SESS-08
AnchorCMS Error Log Exposure
- Medium
CWE-200 CVE-2018-7251 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Anima Takeover Detection
- High
WSTG-CONF-10
Ansible Configuration Exposure
- High
OWASP 2017-A3 OWASP 2017-A6 CWE-200 CVE-2020-14329
Apache .htaccess LIMIT misconfiguration
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-732 WASC-13 WSTG-CONF-02
Apache ActiveMQ XSS
- Medium
CWE-79 CVE-2018-8006 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Apache Airflow Configuration Exposure
- High
OWASP 2017-A3 OWASP 2017-A6 CWE-200 CVE-2020-14329
Apache Arbitrary File Upload
- High
OWASP 2013-A5 OWASP 2017-A6 CAPEC-17 WASC-42 CVE-2017-15715 CWE-20
Apache Commons Text Vulnerability (Text4shell)
- High
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-120 CWE-117 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
Apache CouchDB Remote Privilege Escalation
- High
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08 CVE-2017-12635 CWE-269
Apache Druid RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-434 WSTG-INPV-08
Apache Flink Unauth RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-CONF-05
Apache Flink Upload Path Traversal
- Critical
CAPEC-252 CWE-22 ISO27001-A.14.2.5 WASC-33 WSTG-ATHZ-01
Apache Kylin Unauth
- Medium
CWE-922 CVE-2020-13937 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Apache OFBiz RMI deserializes Arbitrary Code Execution
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-502 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Apache OFBiz Reflected XSS
- Medium
CWE-79 CVE-2020-1943 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Apache OFBiz XML-RPC Java Deserialization
- Medium
CWE-79,CWE-502 CVE-2020-9496 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Apache Range Header Denial of Service
- Medium
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.6 OWASP PC-C10 CAPEC-137 CWE-400 Subpart C, HIPAA-164.308(a)(1)(ii)(A) ISO27001-A.14.2.5 WASC-10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Apache S2-032 Struts RCE
- High
CVE-2016-3081 CWE-77
Apache Solr 8.3.0 - Remote Code Execution via Velocity Template
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-20 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Apache Solr gater than 8.8.1 Arbitrary File Read
- High
Apache Solr less than or equal 8.8.1 SSRF
- Medium
CWE-918 CVE-2021-27905 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-20 ISO27001-A.14.2.5 WASC-04 WSTG-INPV-08
Apache Struts 2 S2 –008 RCE1
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-264 ISO27001-A.14.2.5 WSTG-INPV-08
Apache Struts RCE
- High
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Apache Struts2 RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N WSTG-INPV-08
Apache Struts2 S2-001 RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-20 ISO27001-A.14.2.5 CVSS:2/AV:N/AC:L/Au:N/C:P/I:N/A:N WSTG-INPV-08
Apache Struts2 S2-012 RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 CVSS:3.0/AV:N/AC:M/Au:N/C:C/I:C/A:C WSTG-INPV-08
Apache Struts2 S2-052 RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-94 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Apache Struts2 S2-053 RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Apache Struts2 S2-057 RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-917 ISO27001-A.14.2.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Apache Tomcat JK Status Manager Access
- Medium
CWE-22 CVE-2018-11759 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Apache Tomcat Open Redirect
- Medium
CWE-601 CVE-2018-11784 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Apache Tomcat Remote Code Execution (RCE)
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-434 WSTG-INPV-08
Apache mod_perl Status Page Exposure
- Medium
OWASP 2013-A5 OWASP 2017-A6 CWE-16 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C CAPEC-347 ISO27001-A.18.1.3 WASC-14
Apache mod_proxy HTML Injection / Partial XSS
- Medium
CWE-79 CVE-2019-10092 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Apache tika 1.15-1.17 header command injection
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 WSTG-INPV-11
AppServ Open Project 2.5.10 and earlier XSS
- Medium
CWE-79 CVE-2008-2398
Application error disclosure
- Medium
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API7 OWASP PC-C10 CWE-200 WSTG-ERRH-01
Artica Web Proxy 4.30 Authentication Bypass
- Critical
CVE-2020-17506 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-89 OWASP 2013-A2 OWASP 2017-A2
Artifactory Access-Admin Login Bypass
- Critical
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7
Aryanic HighMail (High CMS) XSS
- Medium
CWE-79 CVE-2020-23517 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Atlassian Confluence Status-List XSS
- Medium
CVE-2018-5230
Atlassian Confluence configuration files read
- Medium
CWE-200 CVE-2015-8399 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Atlassian Crowd & Crowd Data Center - Unauthenticated RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 CAPEC-242 CWE-22 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N WSTG-INPV-08
Atlassian Jira WallboardServlet XSS
- Medium
CWE-79 CVE-2018-20824 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Atlassian Jira template injection vulnerabilities
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 WSTG-CLNT-03
Authentication bypass and stored cross site scripting
- Critical
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 PCI v3.2-6.5.7 OWASP PC-C4 CWE-79 WASC-08 WSTG-INPV-02
Auto complete not disabled
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-200 WASC-15
Backup File Exposure
- Medium
OWASP 2017-A3 OWASP 2021-A5 PCI v4.0-2.3 OWASP PC-C7 CAPEC-186 CWE-530 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-34 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-06
Base64 Encoded Data Exposure
- Low
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.16 OWASP PC-C8 CAPEC-170 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-05
Base64 Encoded Data Leak in WebSocket
- Low
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-202 CWE-319 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-07
Bash command injection
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C3 PCI v3.2- CAPEC-88 CWE-78 HIPAA-78 ISO27001-A.14.2.5 WSTG-INPV-12 WASC-31
Bigcartel Takeover Detection
- High
WSTG-CONF-10
Blind OS command injection using timing attack
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C5 CAPEC-88 CWE-78 HIPAA-164.306(a) & HIPAA-64.308(a) ISO27001-A.14.2.5 WASC-31 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
Blind Server-Side Template Injection
- High
PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-120 CWE-74 Subpart C, HIPAA-164.312(e)(2)(ii) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INFO-06
Boolean based blind SQL Injection
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Browser exploit against SSL/TLS (BEAST attack)
- Info
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-326 HIPAA-164.306 ISO27001-A.14.1.3 WASC-4 WSTG-CRYP-01
Brute force in IIS
- Info
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 CAPEC-151 CWE-151 WASC-12
Buffer Overflow Vulnerability
- Medium
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-100 CWE-120 Subpart C, HIPAA-164.306(a)(2) ISO27001-A.13.8.5 WASC-7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-09
Buffer overflow vulnerability
- High
OWASP 2013-A9 OWASP 2017-A9 CAPEC-100 CWE-120 WASC-7 WSTG-INPV-13
Bullwark Momentum Series JAWS 1.0 - Directory Traversal
- High
OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C4 CAPEC-213 CWE-22 WSTG-ATHZ-01 WASC-13
Bypassing Authentication on NETGEAR Routers
- Medium
CWE-200 CVE-2017-5521 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CMSimple 3.1 - Local File Inclusion
- High
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33 CVE-2008-2650
CRLF Injection
- Low
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C4 CWE-113 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001 A.14.2.5 WASC-24 {"CVSS:3.0"=>"AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H"} WSTG-INPV-15
CRLF Injection - Sercomm VD625
- Medium
CVE-2021-27132 CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CRLF injection vulnerability
- Medium
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-94 CWE-113 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.8.5 WASC-25 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-CONF-05
CSRF Token Missing
- Medium
OWASP 2017-A5 OWASP 2021-A1 PCI v4.0-6.5.6 OWASP PC-C5 CAPEC-62 CWE-352 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N WSTG-SESS-05
CVE-2017-7615
- High
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 CWE-94 HIPAA-94 ISO27001-A.14.2.5 WASC-04 WSTG-INPV-08 CVE-2017-7615 CWE-640
CVE-2017-9841
- High
CVE-2017-9841 CWE-94
Cacheable and Storable Content
- Low
OWASP_2013_A5 OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-3.6 OWASP PC-C8 CAPEC-186 CWE-524 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.8.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-ATHN-06
Cached Data Retrieved
- Low
OWASP_2013_A6 OWASP 2017-A3 OWASP 2021-A2 PCI v4.0-3.7 OWASP PC-C8 CAPEC-170 CWE-524 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.8.4 WASC-10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-ATHN-06
Campaignmonitor Takeover Detection
- High
WSTG-CONF-10
Captcha image detected
- Critical
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 CWE-804 WSTG-ATHN-03
Cargo Takeover Detection
- High
WSTG-CONF-10
Character Set Mismatch
- Low
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-105 CWE-436 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-15 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N WSTG-INFO-09
Charset Manipulation Vulnerability
- Low
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.2 OWASP PC-C5 CAPEC-98 CWE-20 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L WSTG-INFO-01
ChromeLogger Data Leak
- Medium
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.15 OWASP PC-C9 CAPEC-118 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-05
Cisco ASA path traversal vulnerability
- Medium
CWE-22 CVE-2018-0296 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Cisco IOS 12.2(55)SE11 Remote Code Execution
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Citrix ADC Directory Traversal
- High
OWASP 2013-A7 OWASP 2017-A5 CAPEC-213 CWE-22 WASC-33 CVE-2019-19781
Clickjacking attack
- Critical
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-103 CWE-1021 WASC-15 WSTG-CLNT-09
Clockwork PHP Page Exposure
- High
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200
Cloud Metadata Disclosure
- High
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-186 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-09
Cobub Razor 0.8.0 Physical path Leakage Vulnerability
- Medium
CWE-200 CVE-2018-8770 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Cockpit prior to 0.12.0 NoSQL injection in /auth/check
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CWE-89 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N WSTG-INPV-11
Cockpit prior to 0.12.0 NoSQL injection in /auth/newpassword
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
Cockpit prior to 0.12.0 NoSQL injection in /auth/resetpassword
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Code Injection
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 OWASP PC-C3 CAPEC-242 CWE-94 WASC-31 WSTG-INPV-11
Common Administration Interfaces
- High
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 OWASP PC-C7 CAPEC-1 WASC-15
Common backdoors
- Critical
OWASP 2013-A5 OWASP 2017-A10 OWASP 2021-A9 PCI v3.2-6.5.6 CAPEC-443 CWE-507 HIPAA-164.308(a) ISO27001-A.12.2.1 WASC-15 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Common gateway interface vulnerability
- Critical
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-200 WASC-14
Comodo Unified Threat Management Web Console 2.7.0 - RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N WSTG-INPV-08
Content Security Policy (CSP) header cannot be parsed successfully
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 WASC-15 WSTG-CONF-12
Content Security Policy (CSP) header not implemented
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.2.5 WASC-15 WSTG-CONF-12
Content Security Policy (CSP) implemented with insecure scheme
- Low
CONTENT SECURITY POLICY OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.2.5 WASC-15 WSTG-CONF-12
Content Security Policy (CSP) implemented with the insecure scheme in passive content only
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 WASC-15 WSTG-CONF-12
Content Security Policy (CSP) implemented with unsafe-eval
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.2.5 WASC-15 WSTG-CONF-12
Content Security Policy implemented with unsafe inline
- Low
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-79 ISO27001-A.14.2.5 WASC-15 WSTG-CONF-12
Content Type Header Missing
- Low
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.1.2 WASC-15
Cookie Poisoning
- Low
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C6 CAPEC-151 CWE-565 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N WSTG-INFO-05
Cookie session without 'HttpOnly' flag
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-104 WASC-14 WSTG-SESS-02
Cookie set without 'Secure' flag
- Low
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CAPEC-102 CWE-614 ISO27001-A.14.1.2 WASC-15 WSTG-SESS-02
Cookie without 'Secure' flag but protect by HSTS
- Low
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-614 WASC-15 WSTG-CONF-07
Coremail Config Disclosure
- High
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200
Create an Administrative User in SAP NetWeaver AS JAVA
- Critical
CVE-2020-6287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CWE-287 OWASP 2013-A2 OWASP 2017-A2 OWASP PC-C4
Credit card number disclosure
- Critical
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API3 PCI v3.2-6.5.3 OWASP PC-C7 CAPEC-118 CWE-213 ISO27001-A.18.1.4 WASC-13 WSTG-ATHN-06
Cross Domain JavaScript Source File Inclusion
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-829 WASC-13
Cross Origin Resource Sharing Implemented With Restricted Access
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-346 WASC-13 WSTG-CLNT-07
Cross Origin Resource Sharing Not Implemented
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-346 WASC-13 WSTG-CLNT-07
Cross Site Scripting (Persistent)
- High
OWASP 2017-A7 OWASP 2021-A3 OWASP PC-C5 CAPEC-63 CWE-79 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.1 WASC-8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N WSTG-INPV-02
Cross Site Scripting in Oracle Secure Global Desktop Administration Console
- High
OWASP 2013-A3 OWASP 2013-A7 PCI v3.2- OWASP PC-C4 CAPEC-19 CWE-79 HIPAA-79 ISO27001-A.14.2.5 WASC-8 WSTG-CLNT-01
Cross origin Resource Sharing Implemented With Public Access
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-346 WASC-13 WSTG-CLNT-07
Cross-Domain Security Misconfiguration
- Medium
OWASP 2017-A5 OWASP 2021-A1 PCI v4.0-6.5.5 OWASP PC-C5 CAPEC-160 CWE-264 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.6.1 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-03
Cross-Origin Resource Sharing XML cannot be parsed
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-94 WASC-14 WSTG-CLNT-07
Cross-Origin Resource Sharing implemented with universal access
- Critical
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-942 WASC-14 WSTG-CLNT-07
Cross-Origin-Opener-Policy Misconfiguration
- Low
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.4 OWASP PC-C10 CAPEC-222 CWE-693 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-14 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L WSTG-INFO-09
Cross-Site Scripting (XSS)
- Critical
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 ISO27001-A.14.2.5 WASC-08 WSTG-INPV-02
Cross-site request forgery attack
- Medium
OWASP 2013-A8 OWASP 2017-A5 OWASP 2021-A1 PCI v3.2-6.5.9 CAPEC-62 CWE-352 HIPAA-164.306(a) ISO27001-A.14.2.5 WASC-09 WSTG-SESS-05
Cross-site tracing (XST) vulnerability
- Info
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 CAPEC-107 CWE-200 WASC-14 WSTG-CONF-06
D-Link arbitrary file upload
- High
OWASP 2013-A6 OWASP 2017-A6 OWASP PC-C8 CAPEC-37 CWE-200 WASC-13 WSTG-CRYP-03
DLINK DSL 2888a RCE
- Medium
CWE-287 CVE-2020-24579 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
DOM-Based XSS Vulnerability
- High
OWASP 2017-A7 OWASP 2021-A3 PCI v4.0-6.5.12 OWASP PC-C5 CAPEC-114 CWE-79 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.1 WASC-8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-CLNT-01
Database can be read without authentication
- Critical
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 OWASP PC-C3 CWE-306 WASC-01
DedeCMS 5.7 path disclosure
- Medium
CWE-200 CVE-2018-6910 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Default Credentials of WMT Server
- Critical
CVE-2020-35338 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-798 OWASP 2013-A2 OWASP 2017-A2
Dell iDRAC7 and iDRAC8 Devices Code Injection/RCE
- Critical
CWE ID-74 OWASP 2013-A1 OWASP 2017-A1 CVE-2016-5685 CVSS Score 9.0
Deltek Maconomy 2.2.5 LFI
- High
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33 WSTG-INPV-11 CVE-2019-12314
Deprecated ASP.NET Version
- Low
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-2.2.1 OWASP PC-C10 CAPEC-310 CWE-642 Subpart C, HIPAA-164.312(a)(2) ISO27001-A.12.6.1 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-06
Detect Springboot Env Actuator
- High
Directory Indexing
- High
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A5 PCI v4.0-6.5.1 OWASP PC-C4 CAPEC-104 CWE-538 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.11.2.1 WASC-7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CRYP-03
Directory traversal attacks
- Critical
CAPEC-213 CWE-22 WASC-33 WSTG-ATHZ-01
Directory traversal in Cisco ASA & Cisco Firepower
- Medium
CWE-20 CVE-2020-3452 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Directory traversal vulnerability in SAP NetWeaver Application Server Java 7.5
- High
CVE-2017-12637 CWE-22
Django Debug Method Enabled
- Medium
Dl PHP cgi.force_redirect disabled
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-305 WASC-13 WSTG-INPV-08
Dockerrun AWS configuration exposure
- High
OWASP 2017-A3 OWASP 2017-A6 CWE-200 CVE-2020-14329
Document Object Model Based Cross Site Scripting
- Critical
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-08 WSTG-CLNT-01
Document Object Model Cross Site Scripting on WordPress
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-08 WSTG-CLNT-01
Does not redirect to a HTTPS site from HTTP port
- Info
OWASP 2013-A10 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-818 WSTG-CLNT-04
DrayTek pre-auth RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Druid Monitor Unauthorized Access
- High
Drupal 8 core RESTful Web Services RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H WSTG-INPV-08
Drupal Drupalgeddon 2 RCE
- Critical
CVE-2018-7600 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
DuomiCMS SQL Injection
- High
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C3 CAPEC-66 WASC-19 WSTG-INPV-05 CVE-2018-18084 CWE-89
EEA Information Disclosure
- High
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200
EL Injection (Expression Language Injection)
- High
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-102 CWE-917 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-11
ELMAH Log Disclosure
- Medium
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-186 CWE-94 Subpart C, HIPAA-164.306(a)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CONF-05
EMerge E3 1.00-06 - Remote Code Execution
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-798 WSTG-INPV-08
EYou E-Mail system RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Eclipse Jetty Remote Leakage
- Medium
CWE-200 CVE-2015-2080 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ElasticSearch 1.4.0/1.4.2 RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE 284 WSTG-INPV-08
ElasticSearch v1.1.1/1.2 RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-78 ISO27001-A.14.2.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N WSTG-INPV-08
Elasticsearch Head plugin LFI
- High
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33 WSTG-INPV-11
Email Addresses in ViewState
- Medium
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-6.5.14 OWASP PC-C8 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-03
Email Disclosure via WebSocket
- Low
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-202 CWE-200 Subpart C, HIPAA-164.312(c)(1) WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-07
Email address disclosure
- Info
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API3 OWASP PC-C7 CAPEC-118 CWE-200 ISO27001-A.9.4.1 WASC-13 WSTG-IDNT-04
Emby server SSRF
- Critical
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.1 CWE-918 ISO27001-A.14.2.5 WASC-20 WSTG-INPV-19
Error based SQL Injection
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Etouch v2 SQL Injection
- High
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05
Eval injection
- High
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CWE-95 WASC-20 WSTG-INPV-12
Excessive Redirects Causing Sensitive Data Leakage
- Low
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.7 OWASP PC-C9 CAPEC-170 CWE-201 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.9.1.2 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-05
Exchange Server SSRF Vulnerability
- Critical
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A10 ISO27001-A.14.2.5 CVSS:3.0 9.1 / 8.4 WSTG-INPV-19
Exposed SVN directory
- High
OWASP 2013-A5 OWASP 2017-A6 CWE-527 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CAPEC-118 ISO 27001-A.9.4.1 WASC-13
Exposed pprof
- Medium
CVE-2019-11248 CWE-862 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
External redirection
- Info
OWASP 2013-A10 OWASP 2017-A1 OWASP 2021-A3 CWE-601 WASC-38 WSTG-CLNT-04
F5 BIG-IP iControl REST unauthenticated RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Feifeicms Local File Read
- High
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33
File Content Disclosure on Rails
- Medium
CVE-2019-5418 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
File handling vulnerability
- Low
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP PC-C10 CAPEC-165 CWE-1219 WSTG-CONF-03
Fingerprinting Web Application Framework using HTTP headers
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CAPEC-170 CWE-16
Fingerprinting Web Server
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C7 CAPEC-224 CWE-200 ISO27001-A.18.1.3 WASC-45 WSTG-INFO-02
Format String Vulnerability
- Critical
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-97 CWE-134 Subpart C, HIPAA-164.312(d) ISO27001-A.13.8.5 WASC-6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INFO-09
FortiLogger Unauthenticated Arbitrary File Upload
- Critical
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-434 WSTG-CONF-03
FortiWeb Unauthenticated XSSFortiWeb Unauthenticated XSS
- Medium
CVE-2021-22122 CWE-79
Fortinet FortiOS Cross-Site Scripting
- Medium
CWE-79 CVE-2018-13380 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
FuelCMS 1.4.1 - Remote Code Execution
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-74 ISO27001-A.14.2.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Full Path Disclosure
- Low
OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-202 CWE-209 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-ERRH-01
Full path disclosure (FPD) vulnerability
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API3 CAPEC-126 WASC-​13 WSTG-INFO-09
Full-read SSRF in Spring Cloud Netflix (Hystrix Dashboard)
- Medium
CWE-610 CVE-2020-5412 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Geddy before v13.0.8 LFI
- High
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 HIPAA-22 ISO27001-A.14.2.5 WASC-33 CVE-2015-5688 CWE-22
Getresponse Takeover Detection
- High
WSTG-CONF-10
Ghostcat Vulnerability (CVE-2020–1938)
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-434 WASC-13
Git Repository Exposure
- High
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-188 CWE-541 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.12.6.1 WASC-34 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-04
GlassFish LFI
- High
OWASP 2013-A4 OWASP 2017-A5 WASC-33 ISO27001-A.14.2.5 HIPAA-22 CAPEC-252 PCI v3.2 CVE-2017-1000028 CWE-22
Grafana unauthenticated API
- Medium
CVE-2019-15043 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-306
Guessable credentials found
- Info
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 OWASP PC-C8 CAPEC-560 CWE-287 WASC-18 WSTG-ATHN-02
HA Proxy Statistics
- Medium
CWE-16
HTML injection
- Medium
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C4 CAPEC-242 CWE-80 WASC-08 WSTG-CLNT-03
HTTP Method Vulnerability Found
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2017-A6 OWASP 2019-API7 CWE-650 WASC-14 WSTG-CONF-06
HTTP Only Website
- Medium
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-4.1 OWASP PC-C2 CAPEC-315 CWE-311 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.14.1.3 WASC-4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-V42-SESS-02
HTTP Parameter Manipulation
- Medium
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-6.5.8 OWASP PC-C5 CAPEC-98 CWE-20 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N WSTG-ATHZ-04
HTTP Public Key Pinning (HPKP) header cannot be recognised
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CONF-07
HTTP Response Splitting Vulnerability
- Medium
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 CAPEC-34 CWE-113 WASC-25 WSTG-INPV-15
HTTP Strict Transport Security (HSTS) header cannot be recognised
- Low
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CONF-07
HTTP Strict Transport Security (HSTS) header not implemented
- Low
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CAPEC-217 CWE-523 ISO27001-A.14.1.2 WASC-04 WSTG-CONF-07
HTTP Strict Transport Security (HSTS) header on the invalid certificate chain
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CONF-07
HTTP Strict Transport Security (HSTS) header set to less than six months
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CONF-07
HTTP Strict Transport Security header not available over HTTPS
- Low
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C10 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CONF-07
HTTPS Content Accessible via HTTP
- Low
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-4.1 OWASP PC-C8 CAPEC-170 CWE-311 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.14.1.3 WASC-4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CRYP-03
Harbor Enables Privilege Escalation From Zero to admin
- Critical
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 CWE-284 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N WSTG-ATHZ-03
Hatenablog takeover detection
- High
WSTG-CONF-10
Heartbleed Vulnerability
- High
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-2.3 OWASP PC-C2 CAPEC-310 CWE-119 Subpart C, HIPAA-164.308(a)(1)(ii)(A) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
Heartbleed vulnerability
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.2 OWASP PC-C1 CAPEC-216 CWE-119 ISO27001-A.14.2.5 WASC-04 WSTG-CRYP-01
Helpscout Takeover Detection
- High
WSTG-CONF-10
Hidden File Exposure
- Medium
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-186 CWE-538 Subpart C,HIPAA-164.312(a)(2)(iv) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N WSTG-CONF-05
Hikvision Authentication Bypass
- High
CVE-2017-7921
Horde Groupware Unauthenticated
- Critical
CVSS score 7.5 CWE 284 OWASP 2013-A1 OWASP 2017-A1 CVE-2015-1427
Htaccess Bypass
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-250 WASC-14 WSTG-CONF-02
Httpoxy - Unsafe Proxy Header Usage
- High
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-6.5.9 OWASP PC-C5 CAPEC-111 CWE-20 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-V4.2-INFO-07
IBM DB Boolean based blind sql injection
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C4 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05
ILO4 Authentication bypass
- Critical
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 OWASP PC-C4 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H WSTG-SESS-08
IP Addresses in ViewState
- Medium
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-6.5.13 OWASP PC-C8 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-03
IceWarp Less Than 10.4.4 - Local File Inclusion
- High
CVE-2019-8982 CWE-918
IceWarp WebMail Reflected XSS
- Medium
CVE-2020-27982 CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
IceWarp WebMail XSS
- Medium
CWE-79 CVE-2020-8512 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Image Privacy Data Exposure
- Low
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.8 OWASP PC-C8 CAPEC-169 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-08
Improper Access Control
- High
OWASP 2017-A5 OWASP 2021-A1 PCI v4.0-7.1 OWASP PC-C6 CAPEC-115 CWE-287 Subpart C, HIPAA-164.312(d) ISO27001-A.13.2.1 WASC-1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-ATHZ-01
Improper Cache-Control Configuration
- Low
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-314 CWE-525 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-ATHN-06
Information Leak in Page Banner
- Low
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.9 OWASP PC-C9 CAPEC-26 CWE-200 ISO27001-A.14.2.5 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N WSTG-INFO-02
Information leakage in EXIF data of images
- Info
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP PC-C8 CAPEC-118 CWE-200 ISO27001-A.18.1.3 WASC-13 WSTG-INFO-05
Information leakage of the web application's directory or folder path
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API3 OWASP PC-C10 CAPEC-118 CWE-22 ISO27001-A.18.1.4 WASC-13 WSTG-INFO-03
Information leakage using meta tag
- Info
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 CWE-200 WASC-13 WSTG-INFO-05
Inline queries SQL injection
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Insecure Authentication Method
- Medium
OWASP 2017-A2 OWASP 2021-A1 PCI v4.0-7.1 OWASP PC-C6 CAPEC-111 CWE-326 Subpart C, HIPAA-164.312(d) ISO27001-A.13.2.1 WASC-4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-ATHZ-01
Insecure File Upload
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-17 CWE-434 WASC-42 WSTG-BUSL-09
Insecure FrontPage extension configuration
- Low
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-16 HIPAA-164.306(a) WASC-13
Insecure HTTP to HTTPS Form Transition
- Medium
OWASP 2017-A6 OWASP 2021-A2 PCI v4.0-4.1 OWASP PC-C2 CAPEC-63 CWE-319 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.14.1.3 WASC-15 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CRYP-03
Insecure HTTPS to HTTP Form Transition
- Medium
OWASP 2017-A6 OWASP 2021-A2 PCI v4.0-4.1 OWASP PC-C2 CAPEC-63 CWE-319 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.14.1.3 WASC-15 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CRYP-03
Insecure JavaServer Faces ViewState
- Medium
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-6.5.4 OWASP PC-C4 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHZ-04
Insecure RIA cross domain policy
- High
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-942 WASC-15 WSTG-CONF-08
Insecure Redirection
- Medium
OWASP 2013-A10 OWASP 2017-A5 OWASP 2021-A1 CWE-601 WASC-38 WSTG-CLNT-04
Insecurely Scoped Cookie
- Low
OWASP 2017-A6 OWASP 2021-A8 PCI v4.0-6.5.4 OWASP PC-C6 CAPEC-118 CWE-565 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-15 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-SESS-02
Inspur ClusterEngine V4.0 RCE
- Critical
CVE-2020-21224 CWE-88 CVSS:AV:N/AC:L/Au:N/C:C/I:C/A:C
Inspur ClusterEngine V4.0 RCE
- Critical
CVE-2020-21224 CWE-88 CVSS:AV:N/AC:L/Au:N/C:C/I:C/A:C
Integer Overflow Vulnerability
- Medium
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-128 CWE-190 Subpart C, HIPAA-164.306(a)(2) ISO27001-A.13.8.5 WASC-3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-09
Intercom Takeover Detection
- High
WSTG-CONF-10
Intermediate TLS compatibility
- Info
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 PCI v3.2-6.5.4 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 WSTG-CRYP-01
Invalid certificate chain encountered during redirection
- Low
OWASP 2013-A10 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-297 WSTG-CLNT-04
JIRA Directory Traversal
- Medium
CVE-2019-8442 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
JIRA SSRF
- Medium
CWE-918 CVE-2019-8451 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
JIRA Unauthenticated Sensitive Information Disclosure
- Medium
CVE-2019-8449 CWE-306 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
JSON Web Token (JWT) Vulnerability
- Medium
OWASP 2017-A2 OWASP 2021-A7 PCI v4.0-6.5.4 OWASP PC-C6 CAPEC-234 CWE-347 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-05
Java Deserialization Vulnerability
- Medium
OWASP 2017-A8 OWASP 2021-A4 PCI v4.0-6.5.4 OWASP PC-C4 CAPEC-120 CWE-502 Subpart C, HIPAA-164.312(e)(2)(i) ISO27001-A.13.8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHZ-04
Jellyfin prior to 10.7.0 Unauthenticated Arbitrary File Read
- High
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200 WSTG-CRYP-03 CVE-2021-21402
Jenkin Audit Trail Plugin XSS
- Medium
CWE-79 CVE-2020-2140 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Jenkins 2.138 Remote Command Execution
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 WSTG-INPV-08
Jenkins Gitlab Hook XSS
- Medium
CWE-79 CVE-2020-2096 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Jenkins build-metrics plugin 1.3 - label Cross-Site Scripting
- Medium
CWE-79 CVE-2010-4240
Jenzabar v9.20-v9.2.2 XSS
- Medium
CWE-79 CVE-2021-26723 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Jira - Reflected XSS using searchOwnerUserName parameter.
- Medium
CWE-79 CVE-2019-3402 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Jira IconURIServlet SSRF
- High
OWASP 2013-A5 OWASP 2017-A6 ISO27001-A.14.2.5 WASC-20 WSTG-INPV-19
Jira Subversion ALM for enterprise XSS
- Medium
CWE-79 CVE-2020-9344 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Jnoj Directory Traversal for file reading(LFI)
- High
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CVE-2019-17538 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33
Jolokia XSS
- High
CVE-2018-1000129 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Joomla Core SQL Injection
- High
CVE-2015-7297 CWE-89
Joomla Core vulnerability
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-79
Joomla Debug Mode status
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 WASC-13
Joomla SQL Injection
- High
CVE-2017-8917 CWE-89
Joomla User Registration Process
- Critical
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 WASC-13
Joomla admin page
- Low
OWASP 2013-A7 OWASP 2017-A4 OWASP 2021-A1 PCI v3.2-6.5.8 OWASP PC-C6 CAPEC-87 CWE-425 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.9.4.1 WASC-34
Joomla common log files
- High
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-532 WASC-20
Kentico CMS Insecure Deserialization RCE
- Critical
OWASP 2013-A1 OWASP 2017-A8 OWASP 2021-A8 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-502
Kibana Timelion Arbitrary Code Execution
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-94 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Klog Server Unauthenticated Command Injection
- Critical
CVE-2020-35729 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2020-35749 CWE-22 OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C7 CAPEC-118 ISO27001-A.18.1.4 WASC-13
LARAVEL less than or equal to V8.4.2 DEBUG MODE - REMOTE CODE EXECUTION
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CVE-2021-3129
LDAP Injection Attack
- High
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-255 CWE-90 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-29 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-06
Lack of wildcard DNS entry found
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-155
Lanproxy Directory Traversal
- Medium
CWE-22 CVE-2021-3019 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Laravel Debug Enabled
- Medium
CWE-16 PCI v3.1-6.5.5 PCI v3.2-6.5.5; CAPEC-214 ISO27001-A.14.1.2 WASC-14 OWASP 2013-A5 OWASP 2017-A6
Laravel Telescope Disclosure
- Medium
CVSS-5.0 CVSS-AV:N/AC:L/Au:N/C:P/I:N/A:N
Laravel log file publicly accessible
- High
OWASP 2013-A6 OWASP 2017-A3 CWE-538 OWASP PC-C8 WSTG-CRYP-03
Liferay Portal Unauthenticated RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-502 ISO 27001-A.14.2.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Lightweight Directory Access Protocol (LDAP) injection
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 CAPEC-136 CWE-20 WASC-29 WSTG-INPV-06
LinkedIn Oncall 1.4.0 XSS
- Medium
CWE-79 CVE-2021-26722 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
LinuxKI Toolset 6.01 Remote Command Execution
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 ISO 27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Local File Inclusion
- High
OWASP 2013-A4 OWASP 2017-A5 OWASP 2021-A1 PCI v3.2-6.5.8 CAPEC-252 CWE-22 HIPAA-164.306(a) ISO27001-A.14.2.5 WASC-33 WSTG-INPV-11
Log4j Vulnerability
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 OWASP PC-C2 WSTG-INPV-08
Log4j Vulnerability (CVE-2021-44228)
- High
OWAS _2017-A9 OWASP 2021-A6 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-120 CWE-117 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
Log4j Vulnerability (CVE-2021-45046)
- High
OWASP 2017_A09 OWASP 2021-A6 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-120 CWE-117 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
Logjam attack against the TLS protocol
- Info
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-757 HIPAA-164.306 ISO27001-A.14.1.2 WASC-04 WSTG-CRYP-01
Loose Cookie Security Detection
- Low
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C6 CAPEC-151 CWE-205 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-45 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-SESS-02
MD4/MD5 Hash Exposure
- Low
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-2.3 OWASP PC-C8 CAPEC-310 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-04
MX injection
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C4 CAPEC-183 CWE-77 WASC-30 WSTG-INPV-10
Magento Config Disclosure
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 PCI v3.2-6.5.8 CWE-284 ISO27001-A.18.1.3 WSTG-CONF-02
Magmi – Cross-Site Scripting v.0.7.22
- Medium
CWE-79 CVE-2017-7391 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Majordomo2 - SMTP/HTTP Directory Traversal
- High
OWASP 2013-A7 OWASP 2017-A5 CVE-2011-0049 CWE-22 CAPEC-213
Mara CMS 7.5 - Reflected Cross-Site Scripting
- Medium
CWE-79 CVE-2020-24223 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
McAfee ePolicy Orchestrator RCE
- High
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08 CWE-94
McAfee ePolicy Orchestrator Reflected XSS
- Medium
CWE-79 CVE-2020-7318 CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Memcached Injection
- High
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C4 CWE-502 WASC-07
Meridian Integrated Personal Call Director Password Disclosure
- Critical
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP PC-C8 CWE-200 WASC-13 WSTG-ATHN-03
MetInfo 6.0.0/6.1.0 LFI
- High
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33
Micro Focus UCMDB RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
MicroStrategy tinyurl - BSSRF
- High
OWASP 2013-A5 OWASP 2017-A6 CWE-918 ISO 27001-A.14.2.5 WASC-20 WSTG-INPV-19
Microsoft RDS Arbitrary Remote Command Execution
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C5 CWE-78 WASC-31
Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CAPEC-242 CWE-346 ISO27001-A.14.2.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-08
Microsoft Site Server Information Disclosure
- High
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 PCI v3.2-6.5.5 OWASP PC-C8 CWE-200 WASC-14 WSTG-INFO-09
Misconfigured Docker on Default Port
- Critical
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 WASC-15
Missing Fallback Signaling Cipher Suite Value
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-757 WASC-13
Missing Subresource Integrity (SRI) Attribute
- Medium
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-109 CWE-345 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-15 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-CONF-02
Modern Events Calendar Lite less than 5.16.5 - Unauthenticated Events Export
- High
OWASP 2013-A7 OWASP 2017-A5 CVE-2021-24146 CWE-284
Modern TLS compatibility
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 HIPAA-164.306 WASC-13 WSTG-CRYP-01
Moodle filter_jmol - LFI
- High
OWASP 2013-A4 OWASP 2017-A5 WASC-33 ISO27001-A.14.2.5 HIPAA-22 CAPEC-252 PCI v3.2 CVE-2017-1000028
Multiple Redirects Detected (Potential Info Leak)
- Low
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.7 OWASP PC-C9 CAPEC-170 CWE-201 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.9.1.2 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-05
MySQL Dump Files
- Medium
CWE-530 CWE-89 CWE-200 CVE-2016-5483
NUUO NVRmini 2 3.0.8 Local File Disclosure
- High
NeDi 1.9C XSS
- Medium
CWE-79 CVE-2020-14413 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Neon Dashboard - XSS Reflected
- Medium
CWE-79 CVE-2019-20141 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Netrc Config File
- High
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-538 WSTG-CRYP-03
Netsweeper WebAdmin unixlogin.php Python Code Injection
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
Next.js .next/ limited path traversal
- Medium
CWE-22 CVE-2020-5284 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Nextjs v2.4.1 LFI
- High
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33 WSTG-INPV-11
Nginx off-by-slash exposes Git config
- Medium
CVSS-5.0 CVSS-AV:N/AC:L/Au:N/C:P/I:N/A:N
Nginx virtual host traffic status module XSS
- Medium
CWE-79
NoSQL Injection (MongoDB)
- High
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-210 CWE-943 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-05
Node.js 8.5.0 gater than equal and less than 8.6.0 Directory Traversal
- High
OWASP 2013-A7 OWASP 2017-A5 CVE-2017-14849 CWE-22
Node.js Systeminformation Command Injection
- High
CVE-2021-21315
Non-Cachable Content
- Low
OWASP_2013_A5 OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-3.4 OWASP PC-C8 CAPEC-168 CWE-524 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.8.1 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-ATHN-06
Nostromo 1.9.6 - Remote Code Execution
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-22 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Nuxeo Authentication Bypass Remote Code Execution
- High
CVE-2018-16341
OA TongDa Path Traversal
- Critical
OWASP 2013-A7 OWASP 2017-A5 CWE-22
OOB XSS Vulnerability
- High
OWASP 2017-A7 OWASP 2021-A3 PCI v4.0-6.5.12 OWASP PC-C9 CAPEC-174 CWE-79 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.1 WASC-8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H WSTG-INPV-01
Obtain plaintext by observing length differences
- Info
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-326 ISO27001-A.14.1.2 WSTG-CRYP-01
Odoo 12.0 - Local File Inclusion
- High
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33 WSTG-INPV-11
Old Backup and Unreferenced files
- Medium
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A5 OWASP 2019-API9 CWE-530 WASC-34
Old TLS backward compatibility
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 WSTG-CRYP-01
Open Redirect
- High
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.7 OWASP PC-C2 CAPEC-601 CWE-601 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.9.1.2 WASC-38 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N WSTG-CLNT-04
Open Redirect in EpiServer
- Medium
CWE-601 CVE-2020-24550 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Open WebSocket
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-352 WASC-13
Open-School 3.0/Community Edition 2.3 - Cross Site Scripting
- Medium
CWE-79 CVE-2019-14696 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Open-redirect in Traefik
- Medium
CWE-601 CVE-2020-15129 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Openfire Full Read SSRF
- Critical
CVE-2019-18394 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Openfire LFI
- High
CVE-2019-18394 CWE-918
Oracle Business Intelligence Path Traversal
- High
OWASP 2013-A7 OWASP 2017-A5 CAPEC-213 CWE-22 WASC-33 WSTG-ATHZ-01
Oracle Content Server XSS
- Medium
CWE-79 CVE-2017-10075 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Oracle WebCenter Sites XSS
- Medium
CVE-2018-2791 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Oracle WebLogic RCE
- Critical
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Oracle WebLogic Server Administration Console Handle RCE
- Critical
CVE-2020-14882 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-78 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08
Oracle WebLogic Server Administration Console Handle RCE
- Critical
CVE-2020-14882 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-78 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08
Oracle Weblogic Server Unauthenticated RCE
- Critical
CVE-2019-2725 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Origin Spoof Access Restriction Bypass
- Critical
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-732 WASC-15
PDF Signer 3.0 - SSTI to RCE via CSRF Cookie Vulnerability
- High
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08
PHP Config contain database IDs and passwords
- Critical
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP PC-C8 CAPEC-118 CWE-213 ISO27001-A.18.1.4 WASC-13
PHP Source Code Exposure
- Medium
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-186 CWE-540 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-06
PHP code injection
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 CAPEC-242 CWE-94 HIPAA-164.306(a) ISO27001-A.14.2.5 WASC-20 WSTG-INPV-11
PHP post_max_size show phpinfo()
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-346 CWE-16 ISO27001-A.18.1.3 WASC-13
PHP session.use_trans_sid Session Hijacking
- Medium
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 CAPEC-593 CWE-16 WASC-15 WSTG-SESS-09
PHP-FPM Vulnerability (CVE-2019-11043) with NGINX
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-787
PII Disclosure via WebSocket
- High
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-202 CWE-359 Subpart C, HIPAA-164.312(c)(1) WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-07
PMB 5.6 - 'chemin' Local File Disclosure
- High
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 HIPAA-22 ISO27001-A.14.2.5 WASC-33 CWE-22
POODLE Attack
- High
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-326 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 WSTG-CRYP-01
PUT method enabled
- High
OWASP 2013-A5 OWASP 2017-A6 CWE-650 WASC-14
PacsOne Server XSS
- Medium
CWE-79 CVE-2020-29164 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Padding Oracle Attack
- High
OWASP 2017-A6 OWASP 2021-A2 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-166 CWE-209 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-CRYP-02
Palo Alto Networks Reflected XSS
- Medium
CWE-79 CVE-2020-2036 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Parameter Pollution Attack
- Low
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.2 OWASP PC-C5 CAPEC-460 CWE-20 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N WSTG-INFO-07
Parameter tampering attack
- Critical
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API1 OWASP PC-C5 CAPEC-460 CWE-233 WASC-20 WSTG-INPV-04
Password Autocomplete in Browser
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP PC-C1 CAPEC-464 CWE-16 ISO27001-A.14.1.2 WASC-15
Path Traversal Vulnerability
- Medium
OWASP_2013_A4 OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.3 OWASP PC-C5 CAPEC-166 CWE-20 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Personally Identifiable Information Disclosure
- High
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-3.3 OWASP PC-C8 CAPEC-202 CWE-359 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.8.2.1 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-08
PhpMyAdmin 4.8.1 Remote File Inclusion
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-287 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
PhpMyAdmin Scripts/setup.php Deserialization Vulnerability
- High
OWASP 2013-A1 OWASP 2017-A8 CWE-502
PhpMyExplorer Directory traversal
- Critical
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 CAPEC-213 CWE-22 WASC-33 WSTG-ATHZ-01
Phpinfo() Memory Limit
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-346 CWE-213 ISO27001-A.18.1.3 WASC-13
Phpinfo() Open Base Directory Is Disabled
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-346 CWE-213 ISO27001-A.18.1.3 WASC-13
Phpinfo() PHP Magic Quotes Gpc is On
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-346 CWE-213 ISO27001-A.18.1.3 WASC-13
Phpinfo() Upload Max Filesize
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-346 CWE-213 ISO27001-A.18.1.3 WASC-13
Potential Heartbleed Vulnerability
- High
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-2.3 OWASP PC-C2 CAPEC-310 CWE-119 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.12.6.1 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
Potential Username Enumeration
- Low
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.6 OWASP PC-C6 CAPEC-124 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.9.1.2 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-IDNT-04
Potential web backdoor
- Critical
OWASP 2013-A10 OWASP 2017-A10 OWASP 2021-A9 PCI v3.2-6.5.6 CAPEC-443 CWE-912 HIPAA-164.308(a) ISO27001-A.12.2.1 WASC-15 WSTG-INFO-09
Potentially dangerous file
- High
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 CAPEC-17 CWE-434 HIPAA-164.306(a)
Private IP Disclosure
- Low
OWASP 2017-A3 OWASP 2021-A1 PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-202 CWE-200 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-08
Private IP address disclosure
- Info
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API3 PCI v3.2-6.5.5 OWASP PC-C8 CWE-200 ISO27001-A.18.1.4 WASC-13 WSTG-CRYP-03
ProFTPd RCE
- High
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08 CVE-2015-3306 CWE-284
Processing of Change Cipher Spec
- Info
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-326 ISO27001-A.14.1.2 WSTG-CRYP-01
Properties File Exposure in /WEB-INF
- High
OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-188 CWE-541 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-34 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CONF-05
Proposify Takeover Detection
- High
WSTG-CONF-10
Proxy Information Disclosure
- Medium
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-118 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-45 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-07
Publicly Writable Directory
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP PC-C7 CWE-379 WASC-13
Pulse Connect Secure SSL VPN arbitrary file read vulnerability
- High
OWASP 2013-A7 OWASP 2017-A5 CVE-2019-11510 CWE-22
Qi anxin Netkang Next Generation Firewall RCE
- Critical
CWE-94 OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Query hashed password via QueryBuilder Servlet
- Medium
RCE in MobileIron Core & Connector
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-78 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
ROBOT Attack (Breitenbacher RSA)
- Medium
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-203 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C WSTG-CRYP-01
Rack-Mini-Profiler Environment Information Disclosure
- High
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-287
Rails Asset Pipeline Directory Traversal Vulnerability
- High
CVE-2018-3760 CWE-200 OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 WSTG-CRYP-03
Rails debug mode enabled
- Medium
OWASP 2013-A5 OWASP 2017-A6- CWE-16 CAPEC-214 PCI v3.1-6.5.5 PCI v3.2-6.5.5 ISO 27001-A.14.1.1 WASC-14
Redirection from HTTP to HTTPS to a different host preventing HSTS
- Medium
OWASP 2013-A10 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CLNT-04
Redirects to HTTPS eventually, but initial redirection is to another HTTP URL
- Medium
OWASP 2013-A10 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-601 WASC-38 WSTG-CLNT-04
Redirects, but final destination is not an HTTPS URL
- Info
OWASP 2013-A10 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-601 WASC-38 WSTG-CLNT-04
Redwood v4.3.4.5-v4.5.3 XSS
- Medium
CWE-79 CVE-2021-26710 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Referrer-Policy header unsafely
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-200
Referrer-policy header cannot be recognized
- Low
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-200 ISO27001-A.14.2.5 WASC-20
Reflected Cross Site Scripting
- High
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-591 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-08 WSTG-INPV-01
Reflected File Download vulnerability
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 CAPEC-375 CWE-840 ISO27001-A.14.2.5 WASC-42
Regular expression Denial of Service vulnerability (ReDoS)
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 CAPEC-492 CWE-400 ISO27001-A.14.1.2 WASC-10
Remote Code Execution (CVE-2012-1823)
- High
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-6.5.4 OWASP PC-C10 CAPEC-120 CWE-20 Subpart C, HIPAA-164.312(e)(2)(ii) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-12
Remote OS Command injection
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C5 CAPEC-88 CWE-78 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-31 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
Remote access code
- Medium
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 OWASP 2019-API5 CWE-287 WASC-01
Remote file inclusion
- Medium
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C4 CAPEC-193 CWE-98 HIPAA-164.306(a) ISO27001-A.14.2.5 WASC-05 WSTG-INPV-11
Renegotiation allowing to insert data into HTTPS sessions
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-757 HIPAA-164.306(a) ISO27001-A.14.1.2 WASC-04 WSTG-CRYP-01
Revealing phpinfo()
- Medium
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 CAPEC-346 CWE-213 ISO27001-A.18.1.3 WASC-13
Revive Adserver XSS
- Medium
CWE-79 CVE-2020-8115 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
RockMongo V1.1.8 XSS
- Medium
CWE-79
RocketChat Unauthenticated Read Access
- Critical
RocketChat unauthenticated email enumeration
- Medium
CWE-203 CVE-2020-28208 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Rosetta flash vunerability
- Info
OWASP 2013-A5 OWASP 2017-A1 OWASP 2021-A3 CWE-352 WASC-15 WSTG-CLNT-08
Rstudio Shiny Server Directory Traversal
- Medium
CWE-22 CVE-2021-3374 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Ruijie Information Disclosure
- High
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200
Ruijie Networks Switch eWeb S29_RGOS 11.4 LFI
- High
CWE-22 OWASP 2013-A4 OWASP 2017-A5 WASC-33 ISO27001-A.14.2.5 HIPAA-22 CAPEC-252 PCI v3.2
Ruijie Smartweb Management System Password Information Disclosure
- High
OWASP 2017-A3 OWASP 2017-A6 CWE-200 CVE-2020-14329
Rumpus FTP Web File Manager 8.2.9.1 XSS
- Medium
CWE-79 CVE-2019-19368 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
SFTP credentials exposure
- Medium
OWASP 2013-A5 OWASP 2017-A6 CWE-16 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N ISO27001-A.18.1.3 WASC-15
SMBGhost Vulnerability (CVE-2020-0796)
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-119
SOAP Action Header Spoofing
- High
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-109 CWE-209 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N WSTG-VATHZ-04
SOAP XML Injection Vulnerability
- High
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-126 CWE-91 Subpart C, HIPAA-164.306(a)(1) ISO27001-A.13.8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHZ-04
SQL Injection (Hypersonic SQL)
- High
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
SQL Injection (MySQL)
- High
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.306(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-05
SQL Injection (Oracle)
- High
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
SQL Injection (PostgreSQL)
- High
OWASP 2017-A1 OWASP 2021--A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
SQL Injection (SQLite)
- High
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-05
SQL Injection Vulnerability
- High
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.306(a)(1) SO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-05
SQL injection(SQLi)
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
SRI HTML not parsable
- Info
OWASP 2013-A5 OWASP 2017 A6 OWASP 2021-A5 WASC-14
SSL compression methods
- Medium
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-310 HIPAA-164.306 ISO27001-A.14.1.2 WASC-13 WSTG-CRYP-01
SSL(Secure Sockets Layer) protocol version outdated
- Critical
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-310 HIPAA-164.306 ISO27001-A.14.1.2 WASC-13 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N WSTG-CRYP-01
SSRF Vulnerability
- High
OWASP 2017-A5 OWASP 2021-A10 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-152 CWE-918 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-19
SVN Repository Exposure
- Medium
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.5 OWASP PC-C7 CAPEC-188 CWE-541 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.12.6.1 WASC-34 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-05
SaltStack Shell Injection
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CAPEC-88 CWE-78 WASC- 31
SaltStack wheel async unauth access
- Critical
OWASP 2013-A2 OWASP 2017-A2 CVE-2020-11651 CVSS Score 7.5 CWE ID 20
Samsung Wlan AP (WEA453e)RCE
- Critical
CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Sangfor EDR 3.2.17R1/3.2.21 RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 OWASP PC-C1 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Sensitive Data in URL
- Low
OWASP 2017-A3 OWASP 2021-A1 PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-312 CWE-200 Subpart C, HIPAA-164.312(a)(2)(i) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N WSTG-INFO-08
Sensitive data exposure via insecure Jira endpoint
- Medium
CWE-200 CVE-2020-14179 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Server Certificate Validation Through OCSP Stapling
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-299 WASC-13
Server vulnerabilities and misconfiguration for sensitive information
- Critical
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C8 CAPEC-21 CWE-200 CWE-200 WASC-14 WSTG-CONF-02
Server-Side Include Vulnerability
- High
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-110 CWE-97 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.8.5 WASC-31 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
Server-Side Includes (SSI) injection
- High
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 CAPEC-101 CWE-97 WASC- 31 WSTG-INPV-08
Server-Side Template Injection
- High
PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-120 CWE-94 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INFO-06
Session Cookie set without 'Secure' Flag but protected by HSTS
- Low
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 PCI v3.2-6.5.10 CAPEC-102 CWE-614 HIPAA-164.306(a) ISO27001-A.14.1.2 WASC-15 WSTG-​CONF-03
Session Fixation Attack
- High
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 OWASP 2019-API2 OWASP PC-C6 CWE-384 WASC-37
Session ID Leakage via Referer Header
- Medium
OWASP 2017-A3 OWASP 2021-A1 PCI v4.0-6.5.11 OWASP PC-C8 CAPEC-127 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N WSTG-SESS-04
Session ID in URL Parameters
- Medium
OWASP 2017-A3 OWASP 2021-A1 PCI v4.0-6.5.10 OWASP PC-C6 CAPEC-25 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-13 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-SESS-04
Shellshock Remote Code Execution
- High
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-6.5.10 OWASP PC-C10 CAPEC-125 CWE-78 Subpart C, HIPAA-164.308(a)(1) ISO27001-A.14.2 WASC-31 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-12
Silverlight Cross-Domain Misconfiguration
- High
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.5 OWASP PC-C5 CAPEC-160 CWE-264 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.6.1 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-08
Simple Employee Records System 1.0 RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94, HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Simplebooklet takeover detection
- High
WSTG-CONF-10
Site did not return a status code of 200
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-393 WASC-14 WSTG-IDNT-04
Smugmug Takeover Detection
- High
WSTG-CONF-10
SolarWinds Database Performance Analyzer 11.1. 457 - Cross-Site Scripting
- Medium
CWE-79 CVE-2018-19386 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
SonarQube unauth
- Medium
CWE-312 CWE-306 CVE-2020-27986 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Sonicwall SSL VPN ShellShock RCE
- Critical
CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Source Code Exposure (CVE-2012-1823)
- High
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-186 CWE-20 Subpart C, HIPAA-164.312(e)(2)(ii) ISO27001-A.14.1.3 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-06
Source Code Exposure via File Inclusion
- High
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.6 OWASP PC-C7 CAPEC-188 CWE-541 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.2.5 WASC-33 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-08
Source code disclosure
- Critical
OWASP 2013-A5 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API3 CAPEC-118 CWE-540 HIPAA-164.306(a) ISO27001-A.18.1.3 WASC-13
Split ViewState Configuration
- Low
OWASP 2017-A6 OWASP 2021-A4 OWASP PC-C5 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L WSTG-INFO-03
Splunk sensitive information disclosure
- Medium
CWE-200 CVE-2018-11409 CVE-2018-11409
Spring Actuator Endpoint Exposure
- Medium
OWASP 2017-A5 OWASP 2021-A1 PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-186 CWE-215 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-05
Spring Boot Actuators (Jolokia) XXE
- High
OWASP 2013-A1 OWASP 2017-A4 PCI v3.2- OWASP PC-C3 CAPEC-376 CWE-611 HIPAA-611 ISO27001-A.14.2.5 WASC-43 WSTG-INPV-07
Spring Boot H2 database RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C1 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Spring Data Commons Unauthenticated RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-20 WSTG-INPV-11
Spring Framework Vulnerability (Spring4Shell)
- High
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-120 CWE-78 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-78 WSTG-NPV-12
Stacked Queries SQL Injection (SQLi)
- Critical
CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Stored cross site scripting
- Critical
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-592 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-08 WSTG-INPV-02
Strikingly Takeover Detection
- High
WSTG-CONF-10
Sub resource Integrity (SRI) not implemented but all external scripts are loaded securely
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-345 WASC-15 WSTG-INFO-05
Subresource Integrity (SRI) implemented, but external scripts are loaded over http
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CAPEC-310 CWE-829 ISO27001-A.14.1.2 WSTG-INFO-05
Subresource Integrity (SRI) is not implemented, and external scripts are not loaded securely
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 PCI v3.2-11.5.1 OWASP PC-C1 CWE-1214 ISO27001-A.14.2.5 WASC-15
Subrion CMS SQL injection
- High
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05 CVE-2017-7615
Suspicious Comments Leak
- Low
OWASP 2017-A3 OWASP 2021-A1 PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-202 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-05
Suspicious Comments in XML Leak via WebSocket
- Low
PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-202 CWE-200 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-07
Symantec SSL/TLS check
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C8 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
Symfony Debug Mode
- High
OWASP 2013-A5 OWASP 2017-A6 WASC-13 CWE-200
Symfony Profiler information leakage
- Medium
OWASP 2017-A3 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Symfony database configuration exposure
- High
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 PCI v3.2-6.5.8 CWE-284 ISO27001-A.18.1.3 WSTG-CONF-02
TLS Android compatibility
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
TLS Edge compatibility
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
TLS Firefox compatibility
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
TLS Internet Explorer compatibility
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
TLS OpenSSL compatibility
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
TLS Safari compatibility
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
TLS(Transport Layer Security) protocol version outdated
- Critical
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP PC-C1 CAPEC-217 CWE-326 HIPAA-164.306 WSTG-CRYP-01
Tabnabbing Attack
- Medium
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-6.5.11 OWASP PC-C4 CAPEC-138 CWE-693 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.1 WASC-11 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N WSTG-ATHZ-06
TerraMaster TOS v4.1.24 RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Test For Checking Magic Quotes Gpc is On
- Medium
OWASP 2013-A1 OWASP 2017-A1 WASC-13
Test For Oracle Application Server
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C3 WASC-14
Test for checking file uploads
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CAPEC-17 CWE-434 WASC-14 WSTG-BUSL-09
The DROWN attack
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-310 WASC-14
The Logjam common primes
- Info
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-757 ISO27001-A.14.1.2 WSTG-CRYP-01
The SWEET32 attack
- High
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-326 ISO27001-A.14.1.3 WASC-04 WSTG-CRYP-01
The unseen Drupal
- Info
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C1 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2
ThinkAdmin 6 - Arbitrarily File Read
- Medium
CWE-22 CVE-2020-25540 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ThinkCMF-LFI vulnerability
- High
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- HIPAA-22 ISO27001-A.14.2.5 WASC-33 WSTG-INPV-11
ThinkPHP 5.0.22 RCE
- Critical
OWASP 2013-A4 OWASP 2017-A5 OWASP 2021-A1 OWASP 2019-API8 OWASP PC-C2 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
ThinkPHP 5.0.23 RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 OWASP PC-C2 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
ThinkPHP 5.0.9 Information Disclosure
- Critical
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API8 OWASP PC-C2 CWE-200 WSTG-CRYP-03
Thinkcmf RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Tickets option leak uninitialised memory
- Low
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 OWASP PC-C1 CAPEC-310 CWE-829 ISO27001-A.14.1.2 WSTG-CRYP-01
TileServer GL Reflected XSS
- Medium
CWE-79 CVE-2020-15500 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Time based blind SQL injection
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Time-Based NoSQL Injection (MongoDB)
- High
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-210 CWE-943 Subpart C, HIPAA-164.306(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHZ-04
Timesheet 1.5.3 - Cross Site Scripting
- High
CVE-2019-1010287 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Totaljs - Unauthenticated Directory Traversal
- High
OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C4 CAPEC-213 CWE-22 WASC-13 WSTG-ATHZ-01
Tpshop Directory Traversal
- High
OWASP 2013-A7 OWASP 2017-A5 CAPEC-213 CWE-22 WASC-33 WSTG-ATHZ-01
Trace.axd Information Disclosure
- Medium
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 CAPEC-186 CWE-215 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 WSTG-CONF-05
Transport Layer Security
- Medium
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C1 PCI v3.2- CAPEC-217 CWE-311 HIPAA-311 ISO27001-A.14.1.3 WASC-4 WSTG-CRYP-01
Trend Micro Threat Discovery Appliance Auth Bypass via Directory Traversal
- Critical
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 CWE-22 WASC-33 WSTG-ATHZ-01
Triconsole 3.75 XSS
- Medium
CWE-79 CVE-2021-27330 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Twig PHP less than 2.4.4 template engine - SSTI
- High
US Social Security Number disclosure
- Critical
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API3 PCI v3.2-6.5.5 OWASP PC-C8 CAPEC-37 CWE-200 WASC-13 WSTG-CRYP-03
Ultimate PHP Board Data Disclosure
- Medium
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP PC-C8 CAPEC-37 CWE-200 WASC-13 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Unauthenticated Cisco Small Business WAN VPN Routers Sensitive Info Disclosure
- High
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200 WSTG-CRYP-03 CVE-2019-1653
Unauthenticated Jenkin Dashboard
- High
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08 CVE-2020-9047 CWE-94
Unauthenticated Multiple D-Link Routers RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CAPEC-88 CWE-78 WASC- 31 WSTG-INPV-08
Unauthenticated Oracle WebLogic Server RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-502 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Unauthenticated RCE at Mida eFramework on ‘PDC/ajaxreq.php’
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-78 ISO 27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
Unhandled error in web application
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-209 WASC-13 WSTG-ERRH-01
Union Query SQL Injection (SQLi)
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Unix Timestamp Exposure
- Low
OWASP 2017-A3 OWASP 2021-A1 PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-168 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-04
Unrestricted File Upload Vulnerability
- Medium
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-125 CWE-434 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H WSTG-INFO-06
Unsafe HTTP Method
- Medium
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-94 CWE-200 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.8.5 WASC-45 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L WSTG-CONF-06
Unsafe preg_replace usage
- Medium
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-661 WASC-13
Unsecured HTTPS cookies
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 PCI v3.2-6.5.10 CWE-311 WASC-13 WSTG-SESS-02
Unsecured ViewState (Confirmed MAC Signature Absence)
- High
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-6.5.13 OWASP PC-C4 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-03
Unsecured ViewState (Possible MAC Signature Absence)
- High
OWASP 2017-A6 OWASP 2021-A4 OWASP PC-C4 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L WSTG-\INFO-03
Unvalidated Document Object Model redirection
- High
OWASP 2013-A10 OWASP 2017-A6 OWASP 2021-A5 OWASP PC-C1 CWE-601 WASC-38
Unvalidated Redirects and Forwards
- Critical
OWASP 2013-A10 OWASP 2017-A6 CWE-601 ISO27001-A.14.2.5 WASC-38
Upload Temp Directory is Everyone
- High
OWASP 2013-A1 OWASP 2017-A1
Use of Vulnerable JavaScript Functions
- Low
OWASP 2017-A7 OWASP 2021-A4 PCI v4.0-6.5.1 OWASP PC-C5 CAPEC-138 CWE-749 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.1 WASC-2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N WSTG-CLNT-02
User Agent Header Fuzzing
- Low
PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-94 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L WSTG-INFO-07
User enumeration via an incorrect authorisation in Jira
- Medium
CWE-863 CVE-2019-3403 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
User enumeration via insecure Jira endpoint
- Medium
CWE-200 CVE-2020-14181 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
User information disclosure
- Medium
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API3 PCI v3.2-6.5.5 OWASP PC-C8 CAPEC-37 CWE-200 WASC-13 WSTG-CRYP-03
User-Controlled HTML Attribute (XSS Risk)
- Low
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.12 OWASP PC-C5 CAPEC-94 CWE-20 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.13.8.1 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHZ-07
Username Hash Detected
- Low
OWASP 2017-A5 OWASP 2021-A1 PCI v4.0-2.3 OWASP PC-C8 CAPEC-118 CWE-284 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.9.1.2 WASC-2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-ATHZ-04
Username Hash Leak via WebSocket
- Low
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-202 CWE-284 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-07
VBulletin Pre-Auth RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-74 ISO 27001-A.14.2.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
VBulletin SQLI
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-94 ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H WSTG-INPV-05
VMware View Planner Unauthenticated RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
VMware vCenter Unauthenticated Arbitrary File Read
- High
VMware vCenter Unauthenticated RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
VRealize Operations Manager API SSRF
- Critical
OWASP 2013-A6 OWASP 2017-A5 OWASP 2021-A10 PCI v3.2-6.5.1 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INPV-19
Vehicle Parking Management System 1.0 - Authentication Bypass
- High
CVE-2020-23936
Vignette Content Management Vulnerabilty
- Low
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 WASC-45
Vmware Vcenter LFI for Linux appliances
- High
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08 CWE-94
WSDL Exposure
- High
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-161 CWE-548 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N WSTG-INFO-06
WSO2 Carbon Management Console - XSS
- Medium
CWE-79 CVE-2020-17453 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Wavemaker Studio 6.6 LFI/SSRF
- High
CVE-2019-8982 CWE-918
Web Cache Poisoning
- Medium
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-314 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHN-06
WebDAV 'ScStoragePathFromUrl' Remote Buffer Overflow
- Critical
CAPEC-100 CWE-119 WASC-07 WSTG-INPV-13
WebDAV detection
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-16 ISO27001-A.9.4.4 WASC-15
WebPort 1.19.1 - Reflected Cross-Site Scripting
- Medium
CWE-79 CVE-2019-12461 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
WebSocket Debug Message Leak
- Low
PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-202 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-07
WebSocket Error Information Leak
- Medium
PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-218 CWE-209 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-07
WebSocket via Private IP Leak
- Low
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-202 CWE-200 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-07
Webflow subdomain takeover detection
- High
WSTG-CONF-10
Weblogic SSRF in SearchPublicRegistries.jsp
- Medium
CWE-918 CVE-2014-4210
Webmin less than or equal to 1.920 Unauthenticated Remote Command Execution
- High
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C5 CAPEC-88 CWE-78 HIPAA-78 ISO 27001-A.14.2.5 WASC-31 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
Website contains Mercurial metadata directory
- Critical
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-1230 WASC-13 WSTG-INFO-05
Website contains SVN metadata directory
- Critical
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 WSTG-INFO-05
Website contains git metadata directory
- Critical
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 WSTG-INFO-05
WeiPHP 5.0 Path Traversal
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C2 CWE-22 WASC-33 WSTG-ATHZ-01
What is HTTP Response Header Injection?
- Medium
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 CAPEC-105 CWE-93 HIPAA-164.306(a) ISO27001-A.14.2.5 WASC-24 WSTG-INFO-08
What is Shellshock vulnerability?
- Critical
OWASP 2013-A1 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.1 CAPEC-88 CWE-78 HIPAA-164.306(a) ISO27001-A.14.2.5 WASC-31
WordPress Authenticated JavaScript File Upload
- High
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.1 CWE-434 WSTG-INFO-08
WordPress Authenticated SQL Injection
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
WordPress Authentication Bypass
- Critical
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 OWASP PC-C7 CAPEC-115 CWE-287 WASC-01 WSTG-ATHN-04
WordPress Cross-Site Scripting
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-08 WSTG-INPV-01
WordPress Default localhost vulnerability
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 WSTG-INFO-08 CWE-601
WordPress Directory traversal
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CAPEC-213 CWE-22 WASC-33 WSTG-ATHZ-01
WordPress Escape Version in Generator Tag
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-79 WSTG-INFO-08
WordPress Filesystem Credentials Dialog CSRF
- High
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-352 WASC-09 HIPAA-164.306(a) WSTG-SESS-05
WordPress HTML Language Attribute Escaping
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-79 WSTG-INFO-08
WordPress Host header attack
- Medium
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 WASC-24 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N WSTG-INPV-17
WordPress Improper handling of post metadata check
- High
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 OWASP PC-C1 CAPEC-310 CWE-352 ISO27001-A.14.1.2 WASC-15 WSTG-INFO-03
WordPress Insufficient redirect validation
- Medium
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 WSTG-CLNT-04 WASC-38 CWE-918
WordPress MediaElement Cross-Site Scripting
- Critical
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-8
WordPress Multiple Themes Privilege Escalation
- Critical
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 OWASP PC-C6 WASC-17 WSTG-ATHZ-03 CAPEC-233 CWE-250
WordPress Open Redirect
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-601 WASC-38 WSTG-CLNT-04
WordPress PHP Object Injection
- High
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C3 WSTG-INPV-05
WordPress Plugin Reflected Cross Site Scripting
- Critical
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 OWASP PC-C4 CAPEC-591 CWE-79 WASC-08 WSTG-INPV-01
WordPress Plugin VideoJS and Cross Site Scripting
- Critical
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 OWASP PC-C4 CWE-79 WASC-08
WordPress Plugin Vulnerabilities
- Info
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C2 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2 WSTG-INFO-09
WordPress RSS and Atom Feed Escaping
- Critical
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 CWE-79 WASC-08
WordPress Reflected Cross-Site Scripting
- High
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-591 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-08 WSTG-INPV-01
WordPress Refraction Theme Multiple Vulnerabilities
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6
WordPress SQL Injection
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
WordPress Server Side Request Forgery (SSRF)
- Critical
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A10 CWE-918 ISO27001-A.14.2.5 WASC-20 WSTG-INPV-19
WordPress Slider Revolution Local File Disclosure
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.8 CAPEC-87 CWE-22 ISO27001-A.14.2.5 WASC-33
WordPress Slider Revolution Shell Upload
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-434 WASC-31
WordPress Stored Cross-Site Scripting (XSS)
- High
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 ISO27001-A.14.2.5 WASC-08 WSTG-INPV-02
WordPress Theme 'Elegant' Privilege Escalation
- Critical
OWASP 2013-A7 OWASP 2017-A5 OWASP 2017-A5 OWASP PC-C7 CWE-250 WASC-17 WSTG-ATHZ-03
WordPress Themes
- Info
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C2 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2 WSTG-INFO-09
WordPress Themes Information Disclosure
- Critical
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP PC-C8 CAPEC-37 CWE-200 WASC-13
WordPress Versions
- Info
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C2 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 WSTG-INFO-09 ISO27001-A.14.1.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
WordPress VideoJS plugins Cross-site Scripting (XSS)
- Critical
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 ISO27001-A.14.2.5 WASC-08 WSTG-INPV-05
WordPress WPDB SQL Injection
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 WASC-19
WordPress arbitrary file upload
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 CWE-434 WSTG-CONF-03
WordPress blind SQL injection
- High
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-88 CWE-89 ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05
WordPress key weak hashing
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 WSTG-CRYP-04 WASC-04 CWE-330
WordPress unpatched Denial Of Service (DoS)
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C10 CAPEC-469 CWE-400 WASC-10
WordPress unsafe redirect for login
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-601 WASC-38
WordPress user enumeration
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP PC-C1 CAPEC-310 CWE-200 ISO27001-A.14.1.2 WASC-15 WSTG-INFO-09
Wordpress Themes Email Spoofing
- Critical
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-151 WASC-12
X-Content-Type-Options header cannot be recognized
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-16
X-Content-Type-Options header not implemented
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-​CONF-03
X-Frame options header not implemented
- Medium
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CAPEC-103 CWE-693 ISO27001-A.14.2.5 WASC-14 WSTG-CLNT-09
X-XSS-Protection Not Implemented
- Low
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-15
X-XSS-Protection header invalid
- Info
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-15
X-XSS-protection header disabled
- Low
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-16 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-15
X-frames options header cannot be recognized
- Medium
OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CAPEC-103 CWE-693 ISO27001-A.14.2.5 WASC-14 WSTG-CLNT-09
XML Entity Expansion Attack
- Medium
OWASP 2017-A4 OWASP 2021-A4 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-121 CWE-776 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-44 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H WSTG-BUSL-09
XML external entity injection
- Medium
OWASP 2013-A1 OWASP 2017-A4 OWASP 2021-A5 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-376 CWE-611 ISO27001-A.14.2.5 WASC-43 WSTG-INPV-07
XML-RPC (Remote Procedure Call)
- Critical
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-307 WASC-11
XPath Injection
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 CAPEC-83 CWE-643 WASC-39 WSTG-INPV-09
XPath Injection Attack
- High
OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C5 CAPEC-126 CWE-643 Subpart C, HIPAA-164.306(a)(1) ISO27001-A.13.8.5 WASC-39 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-09
XSLT Injection Attack
- Medium
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-126 CWE-91 Subpart C,HIPAA-164.312(c)(1) ISO27001-A.13.8.5 WASC-23 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INFO-09
XSS in Fortigates SSL VPN login page
- Medium
CVE-2015-1880 CWE-79
XSS via User Controllable JavaScript Event
- Low
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.12 OWASP PC-C5 CAPEC-86 CWE-20 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
XXE Vulnerability
- High
OWASP 2017-A4 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-90 CWE-611 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-43 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-07
XdCMS SQL Injection
- High
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05
Yachtcontrol Web application 1.0 - Unauthenticated RCE
- High
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08 CVE-2019-17270 CWE-78
YouPHPTube Encoder RCE
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-78 CVSS:AV:N/AC:L/Au:N/C:P/I:P/A:P WSTG-INPV-08
ZZZCMS 1.6.1 RCE
- High
CVE-2019-9041 CWE-94
Zabbix Authentication Bypass
- Critical
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 CWE-639 WSTG-SESS-08
Zenphoto Installation Sensitive Information
- Medium
CWE-200
Zeroshell 3.9.0 Remote Command Execution
- Critical
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Zimbra Collaboration XXE
- Critical
OWASP 2013-A1 OWASP 2017-A4 OWASP 2021-A5 OWASP 2019-API8 OWASP PC-C3 CAPEC-376 CWE-611 ISO27001-A.14.2.5 WASC-43 WSTG-INPV-07
atlassian confluence path traversal
- High
CVE-2019-3396
docker-compose.yml exposure
- Medium
OWASP 2017-A5 OWASP 2017-A6 CWE-16 CWE-200 CVSS-4.6
elmah.axd Disclosure
- Medium
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A5 OWASP 2019-API7
etcd Unauthenticated HTTP API Leak
- High
oday RCE in vBulletin v5.0.0-v5.5.4 fix bypass
- High
CVE-2019-16759
phpMyAdmin setup page
- Medium
CWE-16
rConfig 3.9.5 - Remote Code Execution
- High
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08 CVE-2019-16662
trixbox 2.8.0 - directory-traversal
- Medium
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2017-14537 CWE-22
worksites takeover detection
- High
WSTG-CONF-10