Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Arbitrary File Read Arbitrary File Write Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Path Traversal Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17296) CVE-2019-17296 CWE-138 CWE-138 High SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17297) CVE-2019-17297 CWE-138 CWE-138 High SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17298) CVE-2019-17298 CWE-138 CWE-138 High SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17318) CVE-2019-17318 CWE-138 CWE-138 High SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17319) CVE-2019-17319 CWE-138 CWE-138 High SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-35811) CVE-2023-35811 CWE-138 CWE-138 High SugarCRM Incomplete List of Disallowed Inputs Vulnerability (CVE-2015-5946) CVE-2015-5946 CWE-184 CWE-184 High SugarCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-35808) CVE-2023-35808 CWE-434 CWE-434 High SugarCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-46815) CVE-2023-46815 CWE-434 CWE-434 High SVN Detected CWE-538 CWE-538 High Swagger UI DOM XSS vulnerability CWE-80 CWE-80 High Symfony databases.yml configuration file CWE-538 CWE-538 High Symfony RCE via weak/predictable APP_SECRET CWE-94 CWE-94 High Symfony weak application secret CWE-94 CWE-94 High TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-20114) CVE-2021-20114 CWE-200 CWE-200 High TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5745) CVE-2020-5745 CWE-707 CWE-707 High TCPDF arbitrary file read CWE-98 CWE-98 High TeamCity Authentication Bypass (CVE-2024-27199) CVE-2024-27199 CWE-288 CWE-288 High Telerik.Web.UI.dll Cryptographic Weakness CVE-2017-9248 CWE-338 CWE-338 High Telerik Web UI Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-2217) CVE-2014-2217 CWE-22 CWE-22 High Telerik Web UI Insecure Direct Object Reference CVE-2017-11357 CWE-78 CWE-78 High Telerik Web UI RadAsyncUpload Deserialization CVE-2019-18935 CWE-78 CWE-78 High Telerik Web UI Unrestricted File Upload (CVE-2014-2217) CVE-2014-2217 CWE-78 CWE-78 High Telerik Web UI Unrestricted File Upload (CVE-2017-11317) CVE-2017-11317 CWE-78 CWE-78 High The DROWN attack (SSLv2 supported) CVE-2016-0800 CWE-310 CWE-310 High The GHOST Vulnerability CVE-2015-0235 CWE-119 CWE-119 High The Heartbleed Bug CVE-2014-0160 CWE-200 CWE-200 High ThinkPHP v5.0.22/5.1.29 Remote Code Execution Vulnerability CWE-94 CWE-94 High Three.js Uncontrolled Resource Consumption Vulnerability (CVE-2020-28496) CVE-2020-28496 CWE-400 CWE-400 High Tiki Wiki CMS: Arbitrary Code Execution High Tiki Wiki CMS: Arbitrary File Download High Tiki Wiki CMS: Remote Code Execution via Calendar Module High timthumb.php remote code execution CVE-2011-4106 CWE-20 CWE-20 High TimThumb WebShot remote code execution CWE-94 CWE-94 High TinyMCE ajax_create_folder remote code execution vulnerability CWE-94 CWE-94 High Tomcat path traversal via reverse proxy mapping CWE-22 CWE-22 High ToolsPack malware plugin CWE-95 CWE-95 High TorchServe Management API publicly exposed CVE-2023-43654 CWE-200 CWE-200 High Tornado Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-28476) CVE-2020-28476 CWE-444 CWE-444 High Total.js Directory Traversal (CVE-2019-8903) CVE-2019-8903 CWE-22 CWE-22 High Trac CVE-2009-4405 Vulnerability (CVE-2009-4405) CVE-2009-4405 High Trace.axd Detected CWE-215 CWE-215 High Trac Incorrect Default Permissions Vulnerability (CVE-2010-5108) CVE-2010-5108 CWE-276 CWE-276 High Trojan shell script CWE-507 CWE-507 High Twisted Web HTTP Server Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2022-21716) CVE-2022-21716 CWE-120 CWE-120 High Twisted Web HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-21712) CVE-2022-21712 CWE-200 CWE-200 High Twisted Web HTTP Server Improper Certificate Validation Vulnerability (CVE-2014-7143) CVE-2014-7143 CWE-295 CWE-295 High Twisted Web HTTP Server Improper Certificate Validation Vulnerability (CVE-2019-12855) CVE-2019-12855 CWE-295 CWE-295 High Twisted Web HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2022-24801) CVE-2022-24801 CWE-444 CWE-444 High TYPO3 7PK - Security Features Vulnerability (CVE-2016-5091) CVE-2016-5091 High TYPO3 Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2022-36104) CVE-2022-36104 CWE-770 CWE-770 High TYPO3 Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-26228) CVE-2020-26228 CWE-312 CWE-312 High TYPO3 Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-21339) CVE-2021-21339 CWE-312 CWE-312 High Typo3 core sanitizeLocalUrl() non-persistent cross-site scripting CVE-2015-5956 CWE-79 CWE-79 High TYPO3 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-11069) CVE-2020-11069 CWE-352 CWE-352 High TYPO3 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-41113) CVE-2021-41113 CWE-352 CWE-352 High TYPO3 CVE-2024-25121 Vulnerability (CVE-2024-25121) CVE-2024-25121 High TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2019-19849) CVE-2019-19849 CWE-502 CWE-502 High TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2020-11067) CVE-2020-11067 CWE-502 CWE-502 High TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2020-15098) CVE-2020-15098 CWE-502 CWE-502 High TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2005-4875) CVE-2005-4875 CWE-200 CWE-200 High TYPO3 Files or Directories Accessible to External Parties Vulnerability (CVE-2021-21355) CVE-2021-21355 CWE-552 CWE-552 High TYPO3 Improper Authentication Vulnerability (CVE-2009-0256) CVE-2009-0256 CWE-287 CWE-287 High TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2009-3631) CVE-2009-3631 CWE-94 CWE-94 High TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-23503) CVE-2022-23503 CWE-94 CWE-94 High TYPO3 Improper Input Validation Vulnerability (CVE-2014-9509) CVE-2014-9509 CWE-20 CWE-20 High TYPO3 Improper Input Validation Vulnerability (CVE-2019-11832) CVE-2019-11832 CWE-20 CWE-20 High TYPO3 Improper Input Validation Vulnerability (CVE-2020-15099) CVE-2020-15099 CWE-20 CWE-20 High TYPO3 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-19848) CVE-2019-19848 CWE-22 CWE-22 High TYPO3 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2010-3668) CVE-2010-3668 CWE-138 CWE-138 High TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-4855) CVE-2009-4855 CWE-138 CWE-138 High TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-3662) CVE-2010-3662 CWE-138 CWE-138 High TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-1842) CVE-2013-1842 CWE-138 CWE-138 High TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-19850) CVE-2019-19850 CWE-138 CWE-138 High TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-31050) CVE-2022-31050 CWE-613 CWE-613 High 1...49505152...168 50 / 168
