Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Grafana Snapshot Authentication Bypass (CVE-2021-39226) CVE-2021-39226 CWE-287 CWE-287 High Grafana URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29170) CVE-2022-29170 CWE-601 CWE-601 High Grails database console CWE-200 CWE-200 Medium Grandnode Path Traversal (CVE-2019-12276) CVE-2019-12276 CWE-22 CWE-22 High GraphiQL Explorer/Playground Enabled CWE-200 CWE-200 Medium GraphQL Alias Overloading Allowed: Potential Denial of Service Vulnerability CWE-400 CWE-400 Medium GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability CWE-770 CWE-770 Medium GraphQL Circular-Query via Introspection Allowed: Potential DoS Vulnerability CWE-400 CWE-400 Medium GraphQL Field Suggestions Enabled CWE-200 CWE-200 Medium GraphQL Introspection Query Enabled CWE-200 CWE-200 Medium GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Unauthenticated Mutation Detected CWE-306 CWE-306 Medium GraphQL Unhandled Error Leakage CWE-209 CWE-209 Medium Grav CMS Unauthenticated RCE (CVE-2021-21425) CWE-284 CWE-284 High GSAP CVE-2020-28478 Vulnerability (CVE-2020-28478) CVE-2020-28478 High Gunicorn Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2018-1000164) CVE-2018-1000164 CWE-707 CWE-707 High H2 console publicly accessible CWE-287 CWE-287 Low Hadoop cluster web interface CWE-200 CWE-200 Medium Hadoop YARN ResourceManager publicly accessible CWE-200 CWE-200 High Handlebars CVE-2021-23369 Vulnerability (CVE-2021-23369) CVE-2021-23369 Critical Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-20920) CVE-2019-20920 CWE-94 CWE-94 High Handlebars Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8861) CVE-2015-8861 CWE-707 CWE-707 Medium Handlebars Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-19919) CVE-2019-19919 CWE-138 CWE-138 Critical Handlebars Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-20922) CVE-2019-20922 CWE-835 CWE-835 High Handlebars Other Vulnerability (CVE-2021-23383) CVE-2021-23383 Critical Harbor Unauthorized Access Vulnerability CVE-2022-46463 CWE-200 CWE-200 High Hashicorp Consul API is accessible without authentication CWE-200 CWE-200 Medium Hasura GraphQL API without authentication CWE-200 CWE-200 Medium Hesk Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3743) CVE-2011-3743 CWE-200 CWE-200 Medium Hesk Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-5287) CVE-2011-5287 CWE-707 CWE-707 Medium Hesk Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13897) CVE-2020-13897 CWE-707 CWE-707 Medium Hiawatha Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-8358) CVE-2019-8358 CWE-22 CWE-22 High Hibernate Query Language (HQL) Injection CWE-564 CWE-564 High Highcharts JS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29489) CVE-2021-29489 CWE-707 CWE-707 Medium Highcharts JS Incorrect Regular Expression Vulnerability (CVE-2018-20801) CVE-2018-20801 CWE-185 CWE-185 High HipChat for JIRA plugin - Velocity template injection CVE-2015-5603 CWE-94 CWE-94 High Horde/IMP Plesk webmail exploit CWE-20 CWE-20 High Horde Imp Unauthenticated Remote Command Execution CVE-2018-19518 CWE-94 CWE-94 High Horde remote code execution CVE-2014-1691 CWE-94 CWE-94 High Host header attack CWE-20 CWE-20 Medium Hostile subdomain takeover CWE-16 CWE-16 Medium HSQLDB CVE-2022-41853 Vulnerability (CVE-2022-41853) CVE-2022-41853 Critical HTML Attribute Injection CWE-80 CWE-80 Low HTML Form found in redirect page CWE-287 CWE-287 Low HTML form susceptible to spam CWE-20 CWE-20 Medium HTML Injection CWE-80 CWE-80 Medium HTTP.sys remote code execution vulnerability CVE-2015-1635 CWE-119 CWE-119 High HTTP/2 pseudo-header server side request forgery CWE-918 CWE-918 High HTTP Header Injection CWE-113 CWE-113 Medium HTTP header reflected in cached response CWE-16 CWE-16 Medium Httpoxy vulnerability CWE-16 CWE-16 Medium HTTP parameter pollution CWE-88 CWE-88 Medium Http redirect security bypass CWE-20 CWE-20 High HTTP response splitting with cloud storage CWE-113 CWE-113 Medium HTTPS connection uses outdated TLS version CWE-310 CWE-310 Medium HTTPS connection with weak key length CWE-310 CWE-310 Medium HTTP Strict Transport Security (HSTS) Errors and Warnings CWE-16 CWE-16 Informational HTTP Strict Transport Security (HSTS) Policy Not Enabled CWE-16 CWE-16 Medium HTTP verb tampering via POST CWE-285 CWE-285 High IBM Aspera Faspex RCE (CVE-2022-47986) CVE-2022-47986 CWE-502 CWE-502 Critical IBMHttpServer CVE-2012-5955 Vulnerability (CVE-2012-5955) CVE-2012-5955 Critical IBMHttpServer Improper Input Validation Vulnerability (CVE-2023-26281) CVE-2023-26281 CWE-20 CWE-20 High IBMHttpServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1360) CVE-2011-1360 CWE-707 CWE-707 Medium IBMHttpServer Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-4947) CVE-2015-4947 CWE-119 CWE-119 Critical IBMHttpServer Observable Discrepancy Vulnerability (CVE-2023-32342) CVE-2023-32342 CWE-203 CWE-203 High IBMHttpServer Other Vulnerability (CVE-2000-0505) CVE-2000-0505 Medium IBMHttpServer Other Vulnerability (CVE-2000-1168) CVE-2000-1168 High IBMHttpServer Other Vulnerability (CVE-2001-0122) CVE-2001-0122 Medium IBMHttpServer Other Vulnerability (CVE-2002-1822) CVE-2002-1822 Medium IBMHttpServer Other Vulnerability (CVE-2004-0263) CVE-2004-0263 Medium IBMHttpServer Other Vulnerability (CVE-2004-0492) CVE-2004-0492 Critical IBMHttpServer Other Vulnerability (CVE-2004-0493) CVE-2004-0493 Medium IBMHttpServer Other Vulnerability (CVE-2004-1082) CVE-2004-1082 High 1...38394041...293 39 / 293
