Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity AngularJS client-side template injection CWE-79 CWE-79 High Apache Tomcat JK connector security bypass CVE-2007-1860 CWE-200 CWE-200 High Authentication bypass via MongoDB operator injection CWE-943 CWE-943 High Client-Side Prototype Pollution High Cross-site Scripting via File Upload CWE-79 CWE-79 High Database User Has Admin Privileges CWE-267 CWE-267 High Deserialization of Untrusted Data (.NET BinaryFormatter Object Deserialization) CWE-502 CWE-502 High Deserialization of Untrusted Data (Java JSON Deserialization) Fastjson CWE-502 CWE-502 High Deserialization of Untrusted Data (Java JSON Deserialization) Genson CWE-502 CWE-502 High Deserialization of Untrusted Data (Java JSON Deserialization) Jackson CWE-502 CWE-502 High Deserialization of Untrusted Data (Java JSON Deserialization) JsonIO CWE-502 CWE-502 High Deserialization of Untrusted Data (Java Object Deserialization) CWE-502 CWE-502 High Deserialization of Untrusted Data (XStream) CWE-502 CWE-502 High DotNetNuke multiple vulnerabilities CVE-2012-1030 CWE-79 CWE-79 High Email Header Injection CWE-20 CWE-20 High Email Header Injection (AcuSensor) CWE-20 CWE-20 High Email injection CWE-20 CWE-20 High File tampering CWE-20 CWE-20 Medium File Upload Functionality Detected Informational File upload XSS (Java applet) CWE-79 CWE-79 High Host header attack CWE-20 CWE-20 Medium HTML Attribute Injection CWE-80 CWE-80 Low HTML Form found in redirect page CWE-287 CWE-287 Low HTML form susceptible to spam CWE-20 CWE-20 Medium HTML Injection CWE-80 CWE-80 Medium Http redirect security bypass CWE-20 CWE-20 High Insecure usage of Version 1 UUID/GUID CWE-328 CWE-328 Medium Java Debug Wire Protocol remote code execution CWE-94 CWE-94 High Java object deserialization of user-supplied data CWE-20 CWE-20 Medium JIRA Security Advisory 2013-02-21 CWE-22 CWE-22 High JSF ViewState client side storage CWE-693 CWE-693 Medium JSP authentication bypass CWE-287 CWE-287 High MediaWiki chunked uploads security issue CVE-2013-2114 CWE-434 CWE-434 High MongoDB $where operator JavaScript injection CWE-943 CWE-943 High MongoDB injection CWE-943 CWE-943 High Multiple vulnerabilities reported in Parallels Plesk Sitebuilder CWE-94 CWE-94 High node-serialize Insecure Deserialization CVE-2017-5941 CWE-502 CWE-502 High Oracle E-Business Suite Frame Injection (CVE-2017-3528) CVE-2017-3528 CWE-601 CWE-601 Medium PHP curl_exec() url is controlled by user CVE-2009-0037 CWE-352 CWE-352 Medium PHP mail function ASCII control character header spoofing vulnerability CVE-2002-0986 CWE-20 CWE-20 Medium PHP object deserialization of user-supplied data CWE-20 CWE-20 Medium PHP preg_replace used on user input CWE-20 CWE-20 Medium PHP super-globals-overwrite CWE-1108 CWE-1108 Medium PHP unserialize() used on user input CWE-20 CWE-20 Medium Prototype pollution High Python object deserialization of user-supplied data CWE-20 CWE-20 Medium Python pickle serialization CWE-502 CWE-502 High Rails mass assignment CWE-915 CWE-915 High Ruby on Rails CookieStore session cookie persistence CWE-284 CWE-284 Low Same origin method execution (SOME) CWE-20 CWE-20 Medium Server-side JavaScript injection CWE-20 CWE-20 High TCPDF arbitrary file read CWE-98 CWE-98 High Uncontrolled format string CWE-134 CWE-134 High Unprotected phpMyAdmin interface CWE-205 CWE-205 High Unrestricted access to Haproxy Data Plane API CWE-200 CWE-200 High Unrestricted File Upload CWE-434 CWE-434 Critical Unrestricted file upload vulnerability in ofc_upload_image.php CVE-2009-4140 CWE-434 CWE-434 High Unsafe use of Reflection CWE-470 CWE-470 High URL rewrite vulnerability CWE-436 CWE-436 Medium User-controlled form action CWE-20 CWE-20 Medium User controllable charset CWE-20 CWE-20 Medium VirtueMart access control bypass CWE-287 CWE-287 High webadmin.php script CWE-552 CWE-552 High Web Cache Deception High WordPress MailPoet Newsletters (wysija-newsletters) unauthenticated file upload CWE-434 CWE-434 High WordPress plugin All in One SEO Pack privilege escalation vulnerabilities CWE-269 CWE-269 High WordPress plugin Custom Contact Forms critical vulnerability CWE-287 CWE-287 High WordPress plugin WPtouch insecure nonce generation CWE-287 CWE-287 High WordPress XML-RPC authentication brute force CWE-521 CWE-521 Medium XML entity injection CWE-611 CWE-611 Critical XML external entity injection CWE-611 CWE-611 Critical XML external entity injection (variant) CWE-611 CWE-611 Critical XML external entity injection and XML injection CWE-611 CWE-611 Critical XML External Entity Injection via external file CWE-611 CWE-611 Critical XML external entity injection via File Upload CWE-611 CWE-611 Critical XSLT injection CWE-91 CWE-91 High
