Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Error page path disclosure CWE-200 CWE-200 Low Error page web server version disclosure CWE-200 CWE-200 Informational EspoCRM Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-38846) CVE-2022-38846 CWE-319 CWE-319 Medium EspoCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-7985) CVE-2014-7985 CWE-22 CWE-22 Critical EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38844) CVE-2022-38844 CWE-1236 CWE-1236 High EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38845) CVE-2022-38845 CWE-1236 CWE-1236 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-7987) CVE-2014-7987 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17301) CVE-2018-17301 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17302) CVE-2018-17302 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13643) CVE-2019-13643 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14329) CVE-2019-14329 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14330) CVE-2019-14330 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14331) CVE-2019-14331 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14349) CVE-2019-14349 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14350) CVE-2019-14350 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14546) CVE-2019-14546 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14547) CVE-2019-14547 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14548) CVE-2019-14548 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14549) CVE-2019-14549 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14550) CVE-2019-14550 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3539) CVE-2021-3539 CWE-707 CWE-707 Medium EspoCRM Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2019-14351) CVE-2019-14351 CWE-307 CWE-307 High EspoCRM Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7986) CVE-2014-7986 CWE-264 CWE-264 Medium EspoCRM Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-46736) CVE-2023-46736 CWE-918 CWE-918 Medium EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-38843) CVE-2022-38843 CWE-434 CWE-434 High EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-5965) CVE-2023-5965 CWE-434 CWE-434 High EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-5966) CVE-2023-5966 CWE-434 CWE-434 High Express cookie-session weak secret key CWE-693 CWE-693 Medium Express express-session weak secret key CWE-693 CWE-693 Informational Expression language injection CWE-917 CWE-917 High ExpressJs Local File Read via the layout parameter CWE-22 CWE-22 High Express running in development mode CWE-200 CWE-200 Medium Ext JS arbitrary file read CWE-22 CWE-22 High Ext JS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-8046) CVE-2018-8046 CWE-707 CWE-707 Medium Ext JS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2007-6758) CVE-2007-6758 CWE-918 CWE-918 High F5 BIG-IP Cookie Information Disclosure CWE-200 CWE-200 Low F5 BIG-IP Request Smuggling (CVE-2023-46747) CVE-2023-46747 CWE-288 CWE-288 Critical F5 BIG-IP Traffic Management User Interface (TMUI) RCE CVE-2020-5902 CWE-78 CWE-78 High F5 iControl REST unauthenticated remote command execution vulnerability CVE-2021-22986 CWE-78 CWE-78 High Family Connections Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-0699) CVE-2012-0699 CWE-352 CWE-352 High Family Connections Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-3419) CVE-2010-3419 CWE-94 CWE-94 High Family Connections Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-5130) CVE-2011-5130 CWE-94 CWE-94 Medium Family Connections Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-2901) CVE-2008-2901 CWE-138 CWE-138 Medium Family Connections Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-2010) CVE-2009-2010 CWE-138 CWE-138 Medium Family Connections Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-4338) CVE-2007-4338 CWE-264 CWE-264 Critical fancybox Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-1494) CVE-2015-1494 CWE-707 CWE-707 Medium FastCGI Unauthorized Access Vulnerability CWE-78 CWE-78 High FCKeditor arbitrary file upload CVE-2009-2265 CWE-22 CWE-22 Medium FCKeditor spellchecker.php cross site scripting vulnerability CVE-2012-4000 CWE-79 CWE-79 High File Content Disclosure in Action View CVE-2019-5418 CWE-200 CWE-200 High File creation via HTTP method PUT CWE-669 CWE-669 High File tampering CWE-20 CWE-20 Medium File Upload Functionality Detected Informational File upload XSS (Java applet) CWE-79 CWE-79 High Firebase database accessible without authentication CWE-200 CWE-200 Medium Flask debug mode CWE-489 CWE-489 High Flask weak secret key CWE-693 CWE-693 Medium Flex BlazeDS AMF Deserialization RCE CVE-2017-5641 CWE-502 CWE-502 High Flowise Authentication Bypass (CVE-2024-31621) CVE-2024-31621 CWE-287 CWE-287 Critical FluxBB CVE-2011-3621 Vulnerability (CVE-2011-3621) CVE-2011-3621 Critical FluxBB Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-9574) CVE-2014-9574 CWE-22 CWE-22 Critical FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-35240) CVE-2020-35240 CWE-707 CWE-707 Medium FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43677) CVE-2021-43677 CWE-707 CWE-707 Medium FluxBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-10029) CVE-2014-10029 CWE-138 CWE-138 High FluxBB Other Vulnerability (CVE-2014-10030) CVE-2014-10030 Medium FluxBB Use of Password Hash With Insufficient Computational Effort Vulnerability (CVE-2020-28873) CVE-2020-28873 CWE-916 CWE-916 High ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464) CVE-2021-35464 CWE-502 CWE-502 High ForgeRock OpenAM Deserialization RCE (CVE-2021-29156) CVE-2021-29156 CWE-74 CWE-74 High Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379) CVE-2018-13379 CWE-22 CWE-22 High Fortinet Authentication bypass on administrative interface CVE-2022-40684 CWE-288 CWE-288 High Fortinet FortiNAC RCE via arbitrary file upload CVE-2022-39952 CWE-610 CWE-610 High Fortinet Out-Of-Bound Memory Write RCE (CVE-2024-21762) CVE-2024-21762 CWE-787 CWE-787 Critical FrontAccounting Cross-site Request Forgery (CSRF) Vulnerability (CVE-2018-7176) CVE-2018-7176 High Frontaccounting Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3740) CVE-2011-3740 CWE-200 CWE-200 Medium Frontaccounting Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5117) CVE-2007-5117 CWE-94 CWE-94 Critical 1...35363738...293 36 / 293
