Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Arbitrary File Read Arbitrary File Write Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Path Traversal Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1410) CVE-2023-1410 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-22462) CVE-2023-22462 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-9264) CVE-2024-9264 CWE-138 CWE-138 High Grafana Improper Preservation of Permissions Vulnerability (CVE-2022-36062) CVE-2022-36062 CWE-281 CWE-281 Low Grafana Improper Synchronization Vulnerability (CVE-2023-2801) CVE-2023-2801 CWE-662 CWE-662 Medium Grafana Improper Verification of Cryptographic Signature Vulnerability (CVE-2022-31123) CVE-2022-31123 CWE-347 CWE-347 High Grafana Incorrect Authorization Vulnerability (CVE-2021-28146) CVE-2021-28146 CWE-863 CWE-863 Medium Grafana Incorrect Authorization Vulnerability (CVE-2022-21713) CVE-2022-21713 CWE-863 CWE-863 Medium Grafana Incorrect Authorization Vulnerability (CVE-2022-31107) CVE-2022-31107 CWE-863 CWE-863 High Grafana Incorrect Authorization Vulnerability (CVE-2023-6152) CVE-2023-6152 CWE-863 CWE-863 Medium Grafana Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-27962) CVE-2021-27962 CWE-732 CWE-732 High Grafana Insufficiently Protected Credentials Vulnerability (CVE-2019-15635) CVE-2019-15635 CWE-522 CWE-522 Medium Grafana Insufficiently Protected Credentials Vulnerability (CVE-2022-31130) CVE-2022-31130 CWE-522 CWE-522 High Grafana Missing Authentication for Critical Function Vulnerability (CVE-2019-15043) CVE-2019-15043 CWE-306 CWE-306 High Grafana Missing Authentication for Critical Function Vulnerability (CVE-2022-28660) CVE-2022-28660 CWE-306 CWE-306 Critical Grafana Missing Authorization Vulnerability (CVE-2023-2183) CVE-2023-2183 CWE-862 CWE-862 Medium Grafana Other Vulnerability (CVE-2021-28147) CVE-2021-28147 Medium Grafana Plugin Dir Traversal (CVE-2021-43798) CVE-2021-43798 CWE-200 CWE-200 High Grafana Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-13379) CVE-2020-13379 CWE-918 CWE-918 High Grafana Signature Verification Vulnerability (CVE-2020-27846) CVE-2020-27846 Critical Grafana Snapshot Authentication Bypass (CVE-2021-39226) CVE-2021-39226 CWE-287 CWE-287 High Grafana URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29170) CVE-2022-29170 CWE-601 CWE-601 High Grails database console CWE-200 CWE-200 Medium Grandnode Path Traversal (CVE-2019-12276) CVE-2019-12276 CWE-22 CWE-22 High GraphiQL Explorer/Playground Enabled CWE-200 CWE-200 Medium GraphQL Alias Overloading Allowed: Potential Denial of Service Vulnerability CWE-400 CWE-400 Medium GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability CWE-770 CWE-770 Medium GraphQL Circular-Query via Introspection Allowed: Potential DoS Vulnerability CWE-400 CWE-400 Medium GraphQL Field Suggestions Enabled CWE-200 CWE-200 Medium GraphQL Introspection Query Enabled CWE-200 CWE-200 Medium GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Unauthenticated Mutation Detected CWE-306 CWE-306 Medium GraphQL Unhandled Error Leakage CWE-209 CWE-209 Medium Grav CMS Unauthenticated RCE (CVE-2021-21425) CVE-2021-21425 CWE-284 CWE-284 High GSAP CVE-2020-28478 Vulnerability (CVE-2020-28478) CVE-2020-28478 High Gunicorn Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2018-1000164) CVE-2018-1000164 CWE-707 CWE-707 High H2 console publicly accessible CWE-287 CWE-287 Low Hadoop cluster web interface CWE-200 CWE-200 Medium Hadoop YARN ResourceManager publicly accessible CWE-200 CWE-200 High Handlebars CVE-2021-23369 Vulnerability (CVE-2021-23369) CVE-2021-23369 Critical Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-20920) CVE-2019-20920 CWE-94 CWE-94 High Handlebars Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8861) CVE-2015-8861 CWE-707 CWE-707 Medium Handlebars Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-19919) CVE-2019-19919 CWE-138 CWE-138 Critical Handlebars Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-20922) CVE-2019-20922 CWE-835 CWE-835 High Handlebars Other Vulnerability (CVE-2021-23383) CVE-2021-23383 Critical Harbor Unauthorized Access Vulnerability CVE-2022-46463 CWE-200 CWE-200 High Hashicorp Consul API is accessible without authentication CWE-200 CWE-200 Medium Hasura GraphQL API without authentication CWE-200 CWE-200 Medium Hesk Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3743) CVE-2011-3743 CWE-200 CWE-200 Medium Hesk Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-5287) CVE-2011-5287 CWE-707 CWE-707 Medium Hesk Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13897) CVE-2020-13897 CWE-707 CWE-707 Medium Hiawatha Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-8358) CVE-2019-8358 CWE-22 CWE-22 High Hibernate Query Language (HQL) Injection CWE-564 CWE-564 High Highcharts JS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29489) CVE-2021-29489 CWE-707 CWE-707 Medium Highcharts JS Incorrect Regular Expression Vulnerability (CVE-2018-20801) CVE-2018-20801 CWE-185 CWE-185 High HipChat for JIRA plugin - Velocity template injection CVE-2015-5603 CWE-94 CWE-94 High Horde/IMP Plesk webmail exploit CWE-20 CWE-20 High Horde Imp Unauthenticated Remote Command Execution CVE-2018-19518 CWE-94 CWE-94 High Horde remote code execution CVE-2014-1691 CWE-94 CWE-94 High Horizontal Broken Function Level Authorization (BFLA) CWE-639 CWE-639 High Horizontal IDOR/BOLA (Broken Object Level Authorization) CWE-639 CWE-639 High Host header attack CWE-20 CWE-20 Medium Hostile subdomain takeover CWE-16 CWE-16 Medium HSQLDB CVE-2022-41853 Vulnerability (CVE-2022-41853) CVE-2022-41853 Critical HTML Attribute Injection CWE-80 CWE-80 Low HTML Form found in redirect page CWE-287 CWE-287 Low HTML form susceptible to spam CWE-20 CWE-20 Medium HTML Injection CWE-80 CWE-80 Medium HTTP.sys remote code execution vulnerability CVE-2015-1635 CWE-119 CWE-119 High HTTP/2 pseudo-header server side request forgery CWE-918 CWE-918 High HTTP Header Injection CWE-113 CWE-113 Medium HTTP header reflected in cached response CWE-16 CWE-16 Medium Httpoxy vulnerability CWE-16 CWE-16 Medium 1...39404142...306 40 / 306
