Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Arbitrary File Read Arbitrary File Write Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Path Traversal Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Code Evaluation (Python) CWE-95 CWE-95 Critical Code Evaluation (Ruby) CWE-94 CWE-94 Critical CodeIgniter 2.1.3 xss_clean() filter bypass CVE-2013-4891 CWE-80 CWE-80 High CodeIgniter development mode enabled CWE-16 CWE-16 Medium CodeIgniter session decoding vulnerability CWE-327 CWE-327 High CodeIgniter weak encryption key CWE-200 CWE-200 High ColdFusion 8 FCKEditor file upload vulnerability CVE-2009-2265 CWE-22 CWE-22 High ColdFusion 9 solr service exposed CVE-2010-0185 CWE-264 CWE-264 High ColdFusion Access Control bypass (CVE-2023-29298/CVE-2023-38205) CVE-2023-29298 CVE-2023-38205 CWE-284 CWE-284 High ColdFusion administrator login page publicly available CWE-200 CWE-200 Low ColdFusion AMF Deserialization RCE CVE-2017-3066 CWE-502 CWE-502 High ColdFusion Arbitrary File Upload CVE-2018-15961 CWE-434 CWE-434 High ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360) CVE-2023-26359 CVE-2023-26360 CWE-502 CWE-502 High ColdFusion directory traversal CVE-2010-2861 CWE-22 CWE-22 High ColdFusion FlashGateway Deserialization RCE CVE-2019-7091 CVE-2019-7091 CWE-502 CWE-502 High ColdFusion JNDI injection RCE CVE-2018-15957 CWE-502 CWE-502 High ColdFusion path disclosures CWE-200 CWE-200 Low ColdFusion PMS Arbitrary File Read (CVE-2024-20767) CVE-2024-20767 CWE-284 CWE-284 High ColdFusion RDS Service enabled CWE-200 CWE-200 Low ColdFusion Request Debugging information disclosure CWE-200 CWE-200 Medium ColdFusion Robust Exception enabled CWE-200 CWE-200 Medium ColdFusion User-Agent cross-site scripting CVE-2007-0817 CWE-79 CWE-79 High ColdFusion WDDX Deserialization RCE (CVE-2023-29300/CVE-2023-38203/CVE-2023-38204) CVE-2023-29300 CVE-2023-38203 CVE-2023-38204 CWE-502 CWE-502 Critical ColdFusion WDDX Deserialization RCE (CVE-2023-44353) CVE-2023-44353 CWE-502 CWE-502 Critical ColdFusion XSS (CVE-2023-44352) CVE-2023-44352 CWE-79 CWE-79 Medium Collabtive Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-5285) CVE-2010-5285 CWE-352 CWE-352 Medium Collabtive Improper Input Validation Vulnerability (CVE-2012-2670) CVE-2012-2670 CWE-20 CWE-20 Medium Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5284) CVE-2010-5284 CWE-707 CWE-707 Medium Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3247) CVE-2014-3247 CWE-707 CWE-707 Medium Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8935) CVE-2019-8935 CWE-707 CWE-707 Medium Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13655) CVE-2020-13655 CWE-707 CWE-707 Medium Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3298) CVE-2021-3298 CWE-707 CWE-707 Medium Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-46240) CVE-2024-46240 CWE-707 CWE-707 Medium Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-48706) CVE-2024-48706 CWE-707 CWE-707 Medium Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-48707) CVE-2024-48707 CWE-707 CWE-707 Medium Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-48708) CVE-2024-48708 CWE-707 CWE-707 Medium Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4269) CVE-2010-4269 CWE-138 CWE-138 High Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-6872) CVE-2013-6872 CWE-138 CWE-138 Medium Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3246) CVE-2014-3246 CWE-138 CWE-138 Medium Collabtive Improper Privilege Management Vulnerability (CVE-2013-5027) CVE-2013-5027 CWE-269 CWE-269 Critical Collabtive Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2015-0258) CVE-2015-0258 CWE-434 CWE-434 High Command Injection CWE-94 CWE-94 Critical Composer installed.json publicly accessible CWE-200 CWE-200 Low concrete5 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-8082) CVE-2017-8082 CWE-352 CWE-352 Medium concrete5 CVE-2020-14961 Vulnerability (CVE-2020-14961) CVE-2020-14961 Medium concrete5 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-5107) CVE-2014-5107 CWE-200 CWE-200 Medium concrete5 Improper Input Validation Vulnerability (CVE-2017-18195) CVE-2017-18195 CWE-20 CWE-20 Medium concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5181) CVE-2012-5181 CWE-707 CWE-707 Medium concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5108) CVE-2014-5108 CWE-707 CWE-707 Medium concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9526) CVE-2014-9526 CWE-707 CWE-707 Medium concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2250) CVE-2015-2250 CWE-707 CWE-707 Medium concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-3989) CVE-2015-3989 CWE-707 CWE-707 Medium concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-4721) CVE-2015-4721 CWE-707 CWE-707 Medium concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6905) CVE-2017-6905 CWE-707 CWE-707 Medium concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6908) CVE-2017-6908 CWE-707 CWE-707 Medium concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7725) CVE-2017-7725 CWE-707 CWE-707 Medium concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19146) CVE-2018-19146 CWE-707 CWE-707 Medium concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3111) CVE-2021-3111 CWE-707 CWE-707 Low concrete5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-4724) CVE-2015-4724 CWE-138 CWE-138 High concrete5 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-13790) CVE-2018-13790 CWE-918 CWE-918 High concrete5 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-22958) CVE-2021-22958 CWE-918 CWE-918 Critical concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11476) CVE-2020-11476 CWE-434 CWE-434 High concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-24986) CVE-2020-24986 CWE-434 CWE-434 High Configuration file disclosure CWE-538 CWE-538 High Configuration file source code disclosure CWE-538 CWE-538 High Confluence Widget Connector SSTI CVE-2019-3396 CWE-22 CWE-22 High Consul API publicly exposed CWE-200 CWE-200 High Contao Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1297) CVE-2012-1297 CWE-352 CWE-352 Medium Contao Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10642) CVE-2019-10642 CWE-352 CWE-352 High Contao CVE-2018-20028 Vulnerability (CVE-2018-20028) CVE-2018-20028 Medium Contao Deserialization of Untrusted Data Vulnerability (CVE-2014-1860) CVE-2014-1860 CWE-502 CWE-502 Critical Contao Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-37626) CVE-2021-37626 CWE-94 CWE-94 High Contao Improper Encoding or Escaping of Output Vulnerability (CVE-2019-19714) CVE-2019-19714 CWE-116 CWE-116 Medium Contao Improper Input Validation Vulnerability (CVE-2020-25768) CVE-2020-25768 CWE-20 CWE-20 Medium Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-0269) CVE-2015-0269 CWE-22 CWE-22 Medium 1...18192021...303 19 / 303
