Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Atlassian Jira Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1165) CVE-2010-1165 CWE-94 CWE-94 Critical Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-11581) CVE-2019-11581 CWE-138 CWE-138 Critical Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-20409) CVE-2019-20409 CWE-138 CWE-138 Critical Atlassian Jira Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26136) CVE-2022-26136 CWE-180 CWE-180 Critical Atlassian Jira Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26137) CVE-2022-26137 CWE-180 CWE-180 Critical ATutor Improper Authentication Vulnerability (CVE-2014-9753) CVE-2014-9753 CWE-287 CWE-287 Critical ATutor Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-1000002) CVE-2017-1000002 CWE-22 CWE-22 Critical ATutor Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-2555) CVE-2016-2555 CWE-138 CWE-138 Critical ATutor Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-1000004) CVE-2017-1000004 CWE-138 CWE-138 Critical ATutor Improper Privilege Management Vulnerability (CVE-2017-1000003) CVE-2017-1000003 CWE-269 CWE-269 Critical ATutor Incorrect Authorization Vulnerability (CVE-2019-16114) CVE-2019-16114 CWE-863 CWE-863 Critical Axway Secure Transport Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-14277) CVE-2019-14277 CWE-611 CWE-611 Critical b2evolution Improper Input Validation Vulnerability (CVE-2017-1000423) CVE-2017-1000423 CWE-20 CWE-20 Critical b2evolution Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-5539) CVE-2017-5539 CWE-22 CWE-22 Critical b2evolution Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2016-8901) CVE-2016-8901 CWE-138 CWE-138 Critical b2evolution Use of Insufficiently Random Values Vulnerability (CVE-2022-30935) CVE-2022-30935 CWE-330 CWE-330 Critical Bash code injection vulnerability CVE-2014-6271 CWE-78 CWE-78 Critical Beego Framework CVE-2021-30080 Vulnerability (CVE-2021-30080) CVE-2021-30080 Critical Beego Framework CVE-2022-31259 Vulnerability (CVE-2022-31259) CVE-2022-31259 Critical Beego Framework Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-31836) CVE-2022-31836 CWE-22 CWE-22 Critical Broken access control in Confluence Server and Data Center (CVE-2023-22515) CVE-2023-22515 CWE-284 CWE-284 Critical Cacti Unauthenticated Command Injection (CVE-2022-46169) CVE-2022-46169 CWE-77 CWE-77 Critical Caddy Web Server Improper Authentication Vulnerability (CVE-2018-21246) CVE-2018-21246 CWE-287 CWE-287 Critical CakePHP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-22727) CVE-2023-22727 CWE-138 CWE-138 Critical CData Jetty Path Traversal (CVE-2024-31848/CVE-2024-31849/CVE-2024-31850/CVE-2024-31851) CVE-2024-31848 CVE-2024-31849 CVE-2024-31850 CVE-2024-31851 CWE-22 CWE-22 Critical Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-1999019) CVE-2018-1999019 CWE-94 CWE-94 Critical Chamilo Improper Handling of Case Sensitivity Vulnerability (CVE-2023-3545) CVE-2023-3545 CWE-178 CWE-178 Critical Chamilo Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-3533) CVE-2023-3533 CWE-22 CWE-22 Critical Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35414) CVE-2021-35414 CWE-707 CWE-707 Critical Chamilo Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2023-34960) CVE-2023-34960 CWE-138 CWE-138 Critical Chamilo Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2023-3368) CVE-2023-3368 CWE-138 CWE-138 Critical Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-34187) CVE-2021-34187 CWE-138 CWE-138 Critical Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-27423) CVE-2022-27423 CWE-138 CWE-138 Critical Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-13082) CVE-2019-13082 CWE-434 CWE-434 Critical Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-34944) CVE-2023-34944 CWE-434 CWE-434 Critical ChatGPT-Next-Web SSRF (CVE-2023-49785) CVE-2023-49785 CWE-918 CWE-918 Critical Check Point Gateway Path Traversal (CVE-2024-24919) CVE-2024-24919 CWE-22 CWE-22 Critical Cherokee Out-of-bounds Write Vulnerability (CVE-2019-20800) CVE-2019-20800 CWE-787 CWE-787 Critical Cisco IOS XE Web UI Authentication Bypass (CVE-2023-20198) CVE-2023-20198 CWE-287 CWE-287 Critical Cisco IOS XE Web UI Implant (CVE-2023-20198) CVE-2023-20198 CWE-912 CWE-912 Critical Citrix NetScaler Information Disclosure 'Citrix Bleed' (CVE-2023-4966) CVE-2023-4966 CWE-119 CWE-119 Critical CKEditor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-31541) CVE-2023-31541 CWE-434 CWE-434 Critical Claroline Other Vulnerability (CVE-2006-0411) CVE-2006-0411 Critical Claroline Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-37159) CVE-2022-37159 CWE-434 CWE-434 Critical ClipBucket Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2018-7664) CVE-2018-7664 CWE-138 CWE-138 Critical ClipBucket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-7666) CVE-2018-7666 CWE-138 CWE-138 Critical ClipBucket Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-7665) CVE-2018-7665 CWE-434 CWE-434 Critical CloudPanel file-manager Auth bypass (CVE-2023-35885) CVE-2023-35885 CWE-565 CWE-565 Critical Code Evaluation (Apache Struts) S2-016 CVE-2013-2251 CWE-20 CWE-20 Critical Code Evaluation (Apache Struts) S2-045 CVE-2017-5638 CWE-94 CWE-94 Critical Code Evaluation (ASP) CWE-95 CWE-95 Critical Code Evaluation (PHP) CWE-94 CWE-94 Critical Code Evaluation (Python) CWE-95 CWE-95 Critical Code Evaluation (Ruby) CWE-94 CWE-94 Critical ColdFusion WDDX Deserialization RCE (CVE-2023-29300/CVE-2023-38203/CVE-2023-38204) CVE-2023-29300 CVE-2023-38203 CVE-2023-38204 CWE-502 CWE-502 Critical ColdFusion WDDX Deserialization RCE (CVE-2023-44353) CVE-2023-44353 CWE-502 CWE-502 Critical Collabtive Improper Privilege Management Vulnerability (CVE-2013-5027) CVE-2013-5027 CWE-269 CWE-269 Critical Command Injection CWE-94 CWE-94 Critical concrete5 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-22958) CVE-2021-22958 CWE-918 CWE-918 Critical Contao Deserialization of Untrusted Data Vulnerability (CVE-2014-1860) CVE-2014-1860 CWE-502 CWE-502 Critical Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-16558) CVE-2017-16558 CWE-138 CWE-138 Critical Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-11512) CVE-2019-11512 CWE-138 CWE-138 Critical Contao Key Management Errors Vulnerability (CVE-2019-10643) CVE-2019-10643 Critical Contao Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10641) CVE-2019-10641 CWE-640 CWE-640 Critical Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-27903) CVE-2021-27903 CWE-94 CWE-94 Critical Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-41892) CVE-2023-41892 CWE-94 CWE-94 Critical Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-37843) CVE-2024-37843 CWE-138 CWE-138 Critical Craft CMS RCE (CVE-2023-41892) CVE-2023-41892 CWE-94 CWE-94 Critical Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-15929) CVE-2019-15929 CWE-640 CWE-640 Critical CrushFTP Server Deserialization of Untrusted Data Vulnerability (CVE-2017-14035) CVE-2017-14035 CWE-502 CWE-502 Critical CrushFTP Server Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2023-43177) CVE-2023-43177 CWE-913 CWE-913 Critical CrushFTP Server Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-4040) CVE-2024-4040 CWE-94 CWE-94 Critical CrushFTP SSTI (CVE-2024-4040) CVE-2024-4040 CWE-94 CWE-94 Critical CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-34832) CVE-2024-34832 CWE-22 CWE-22 Critical CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-20716) CVE-2018-20716 CWE-138 CWE-138 Critical 12345...19 2 / 19
