Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity GlassFish Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-1553) CVE-2009-1553 CWE-707 CWE-707 Medium GlassFish Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3314) CVE-2021-3314 CWE-707 CWE-707 Medium GlassFish Observable Discrepancy Vulnerability (CVE-2013-1620) CVE-2013-1620 CWE-203 CWE-203 Medium Global.asa backup file found CWE-538 CWE-538 Medium Golang runtime profiling data CWE-200 CWE-200 Medium Go web application binary disclosure CWE-540 CWE-540 Medium Grafana Authentication Bypass by Spoofing Vulnerability (CVE-2022-35957) CVE-2022-35957 CWE-290 CWE-290 Medium Grafana Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-12458) CVE-2020-12458 CWE-312 CWE-312 Medium Grafana CVE-2022-39307 Vulnerability (CVE-2022-39307) CVE-2022-39307 Medium Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19039) CVE-2018-19039 CWE-200 CWE-200 Medium Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-19499) CVE-2019-19499 CWE-200 CWE-200 Medium Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-12459) CVE-2020-12459 CWE-200 CWE-200 Medium Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-21673) CVE-2022-21673 CWE-200 CWE-200 Medium Grafana Improper Authentication Vulnerability (CVE-2022-39229) CVE-2022-39229 CWE-287 CWE-287 Medium Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43813) CVE-2021-43813 CWE-22 CWE-22 Medium Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43815) CVE-2021-43815 CWE-22 CWE-22 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-12099) CVE-2018-12099 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18623) CVE-2018-18623 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18624) CVE-2018-18624 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18625) CVE-2018-18625 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1000816) CVE-2018-1000816 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13068) CVE-2019-13068 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11110) CVE-2020-11110 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12052) CVE-2020-12052 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12245) CVE-2020-12245 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13430) CVE-2020-13430 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-24303) CVE-2020-24303 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41174) CVE-2021-41174 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-21702) CVE-2022-21702 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23552) CVE-2022-23552 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31097) CVE-2022-31097 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0507) CVE-2023-0507 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0594) CVE-2023-0594 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1410) CVE-2023-1410 CWE-707 CWE-707 Medium Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-22462) CVE-2023-22462 CWE-707 CWE-707 Medium Grafana Improper Synchronization Vulnerability (CVE-2023-2801) CVE-2023-2801 CWE-662 CWE-662 Medium Grafana Incorrect Authorization Vulnerability (CVE-2021-28146) CVE-2021-28146 CWE-863 CWE-863 Medium Grafana Incorrect Authorization Vulnerability (CVE-2022-21713) CVE-2022-21713 CWE-863 CWE-863 Medium Grafana Insufficiently Protected Credentials Vulnerability (CVE-2019-15635) CVE-2019-15635 CWE-522 CWE-522 Medium Grafana Missing Authorization Vulnerability (CVE-2023-2183) CVE-2023-2183 CWE-862 CWE-862 Medium Grafana Other Vulnerability (CVE-2021-28147) CVE-2021-28147 Medium Grails database console CWE-200 CWE-200 Medium GraphiQL Explorer/Playground Enabled CWE-200 CWE-200 Medium GraphQL Alias Overloading Allowed: Potential Denial of Service Vulnerability CWE-400 CWE-400 Medium GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability CWE-770 CWE-770 Medium GraphQL Circular-Query via Introspection Allowed: Potential DoS Vulnerability CWE-400 CWE-400 Medium GraphQL Field Suggestions Enabled CWE-200 CWE-200 Medium GraphQL Introspection Query Enabled CWE-200 CWE-200 Medium GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability CWE-352 CWE-352 Medium GraphQL Unauthenticated Mutation Detected CWE-306 CWE-306 Medium GraphQL Unhandled Error Leakage CWE-209 CWE-209 Medium Hadoop cluster web interface CWE-200 CWE-200 Medium Handlebars Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8861) CVE-2015-8861 CWE-707 CWE-707 Medium Hashicorp Consul API is accessible without authentication CWE-200 CWE-200 Medium Hasura GraphQL API without authentication CWE-200 CWE-200 Medium Hesk Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3743) CVE-2011-3743 CWE-200 CWE-200 Medium Hesk Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-5287) CVE-2011-5287 CWE-707 CWE-707 Medium Hesk Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13897) CVE-2020-13897 CWE-707 CWE-707 Medium Highcharts JS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29489) CVE-2021-29489 CWE-707 CWE-707 Medium Host header attack CWE-20 CWE-20 Medium Hostile subdomain takeover CWE-16 CWE-16 Medium HTML form susceptible to spam CWE-20 CWE-20 Medium HTML Injection CWE-80 CWE-80 Medium HTTP Header Injection CWE-113 CWE-113 Medium HTTP header reflected in cached response CWE-16 CWE-16 Medium Httpoxy vulnerability CWE-16 CWE-16 Medium HTTP parameter pollution CWE-88 CWE-88 Medium HTTP response splitting with cloud storage CWE-113 CWE-113 Medium HTTPS connection uses outdated TLS version CWE-310 CWE-310 Medium HTTPS connection with weak key length CWE-310 CWE-310 Medium HTTP Strict Transport Security (HSTS) Policy Not Enabled CWE-16 CWE-16 Medium IBMHttpServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1360) CVE-2011-1360 CWE-707 CWE-707 Medium IBMHttpServer Other Vulnerability (CVE-2000-0505) CVE-2000-0505 Medium 1...18192021...99 19 / 99
