Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Arbitrary File Read Arbitrary File Write Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Path Traversal Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity easyXDM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-5212) CVE-2013-5212 CWE-707 CWE-707 Medium easyXDM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-1403) CVE-2014-1403 CWE-707 CWE-707 Medium easyXDM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-27739) CVE-2023-27739 CWE-707 CWE-707 Medium Elgg Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-3964) CVE-2021-3964 CWE-639 CWE-639 Medium Elgg Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3733) CVE-2011-3733 CWE-200 CWE-200 Medium Elgg Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2935) CVE-2011-2935 CWE-707 CWE-707 Medium Elgg Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6561) CVE-2012-6561 CWE-707 CWE-707 Medium Elgg Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0234) CVE-2013-0234 CWE-707 CWE-707 Medium Elgg Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-4072) CVE-2021-4072 CWE-707 CWE-707 Medium Elgg Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6562) CVE-2012-6562 CWE-264 CWE-264 Medium Elgg Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6563) CVE-2012-6563 CWE-264 CWE-264 Medium Elgg URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-11016) CVE-2019-11016 CWE-601 CWE-601 Medium Ember.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4170) CVE-2013-4170 CWE-707 CWE-707 Medium Ember.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-0013) CVE-2014-0013 CWE-707 CWE-707 Medium Ember.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-0014) CVE-2014-0014 CWE-707 CWE-707 Medium Ember.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-1866) CVE-2015-1866 CWE-707 CWE-707 Medium Ember.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-7565) CVE-2015-7565 CWE-707 CWE-707 Medium Envoy Proxy Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-27492) CVE-2023-27492 CWE-770 CWE-770 Medium Envoy Proxy Improper Certificate Validation Vulnerability (CVE-2022-21656) CVE-2022-21656 CWE-295 CWE-295 Medium Envoy Proxy Improper Certificate Validation Vulnerability (CVE-2022-21657) CVE-2022-21657 CWE-295 CWE-295 Medium Envoy Proxy Improper Encoding or Escaping of Output Vulnerability (CVE-2024-45808) CVE-2024-45808 CWE-116 CWE-116 Medium Envoy Proxy Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-35944) CVE-2023-35944 Medium Envoy Proxy Insufficient Verification of Data Authenticity Vulnerability (CVE-2020-8660) CVE-2020-8660 CWE-345 CWE-345 Medium Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2022-29224) CVE-2022-29224 CWE-476 CWE-476 Medium Envoy Proxy Origin Validation Error Vulnerability (CVE-2020-15104) CVE-2020-15104 CWE-346 CWE-346 Medium Envoy Proxy Out-of-bounds Write Vulnerability (CVE-2024-34364) CVE-2024-34364 CWE-787 CWE-787 Medium Envoy Proxy Uncontrolled Recursion Vulnerability (CVE-2022-23606) CVE-2022-23606 CWE-674 CWE-674 Medium Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2024-23323) CVE-2024-23323 CWE-400 CWE-400 Medium Envoy Proxy Use After Free Vulnerability (CVE-2023-35942) CVE-2023-35942 CWE-416 CWE-416 Medium Envoy Proxy Use After Free Vulnerability (CVE-2024-34362) CVE-2024-34362 CWE-416 CWE-416 Medium EspoCRM Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-38846) CVE-2022-38846 CWE-319 CWE-319 Medium EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38845) CVE-2022-38845 CWE-1236 CWE-1236 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-7987) CVE-2014-7987 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17301) CVE-2018-17301 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17302) CVE-2018-17302 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13643) CVE-2019-13643 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14329) CVE-2019-14329 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14330) CVE-2019-14330 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14331) CVE-2019-14331 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14349) CVE-2019-14349 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14350) CVE-2019-14350 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14546) CVE-2019-14546 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14547) CVE-2019-14547 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14548) CVE-2019-14548 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14549) CVE-2019-14549 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14550) CVE-2019-14550 CWE-707 CWE-707 Medium EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3539) CVE-2021-3539 CWE-707 CWE-707 Medium EspoCRM Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7986) CVE-2014-7986 CWE-264 CWE-264 Medium EspoCRM Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-46736) CVE-2023-46736 CWE-918 CWE-918 Medium Express cookie-session weak secret key CWE-693 CWE-693 Medium Express running in development mode CWE-200 CWE-200 Medium Ext JS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-8046) CVE-2018-8046 CWE-707 CWE-707 Medium Family Connections Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-5130) CVE-2011-5130 CWE-94 CWE-94 Medium Family Connections Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-2901) CVE-2008-2901 CWE-138 CWE-138 Medium Family Connections Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-2010) CVE-2009-2010 CWE-138 CWE-138 Medium fancybox Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-1494) CVE-2015-1494 CWE-707 CWE-707 Medium FCKeditor arbitrary file upload CVE-2009-2265 CWE-22 CWE-22 Medium File tampering CWE-20 CWE-20 Medium Firebase database accessible without authentication CWE-200 CWE-200 Medium Flask weak secret key CWE-693 CWE-693 Medium FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-35240) CVE-2020-35240 CWE-707 CWE-707 Medium FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43677) CVE-2021-43677 CWE-707 CWE-707 Medium FluxBB Other Vulnerability (CVE-2014-10030) CVE-2014-10030 Medium Frontaccounting Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3740) CVE-2011-3740 CWE-200 CWE-200 Medium Frontaccounting Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5148) CVE-2007-5148 CWE-94 CWE-94 Medium Frontaccounting Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-21244) CVE-2020-21244 CWE-22 CWE-22 Medium Frontpage authors.pwd available CWE-538 CWE-538 Medium Full public read access Azure blob storage CWE-264 CWE-264 Medium GeoServer CVE-2024-34696 Vulnerability (CVE-2024-34696) CVE-2024-34696 Medium GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-51445) CVE-2023-51445 CWE-707 CWE-707 Medium GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23640) CVE-2024-23640 CWE-707 CWE-707 Medium GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23642) CVE-2024-23642 CWE-707 CWE-707 Medium GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23643) CVE-2024-23643 CWE-707 CWE-707 Medium GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23818) CVE-2024-23818 CWE-707 CWE-707 Medium GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23819) CVE-2024-23819 CWE-707 CWE-707 Medium 1...17181920...106 18 / 106
