Web Application Vulnerabilities Index

The web application vulnerabilities index lists vulnerabilities according to its severity and is classified by the compliance standard it falls under.

Severity Calculation

Severity is calculated by combining the likelihood and impact of the particular vulnerability. Likelihood is a measure of how a particular vulnerability can be uncovered or exploited by an attacker. Impact measures the effect a particular vulnerability can have on the application, its data, functions and the business operation.

C

Vulnerability Category

Critical
High
Medium
Low
Info
Vulnerability Name
Classification
Severity
Vulnerability Name
.env File Disclosure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-186 CWE-215 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-05
M
Medium
Vulnerability Name
.htaccess File Disclosure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-186 CWE-94 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-05
M
Medium
Vulnerability Name
/WEB-INF Source Code Exposure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-186 CWE-541 Subpart C, HIPAA-164.312 ISO27001-A.14.1.3 WASC-34 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INPV-15
H
High
Vulnerability Name
403 Forbidden Bypass
Classification
OWASP 2017-A5 OWASP 2021-A1 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-115 CWE-285 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L WSTG-ATHN-04
M
Medium
Vulnerability Name
74cms Sql Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05
H
High
Vulnerability Name
ACME mini_httpd arbitrary file read
Classification
CVE-2018-18778 OWASP 2013-A7 OWASP 2017-A5 CAPEC-213 CWE-22 WASC-33
H
High
Vulnerability Name
AEM QueryBuilder Internal Path Read
Classification
M
Medium
Vulnerability Name
ASP Code Injection
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-12 CWE-94 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-11
H
High
Vulnerability Name
ASP.NET ViewState Exposure
Classification
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.13 OWASP PC-C4 CAPEC-99 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-03
L
Low
Vulnerability Name
ASP.NET ViewState Integrity Check
Classification
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.14 OWASP PC-C4 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-03
H
High
Vulnerability Name
Administration page exposure
Classification
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 OWASP 2019-API7 PCI v3.2-6.5.8 OWASP PC-C7 CAPEC-87 CWE-425 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.9.4.1 WASC-34 WSTG-CONF-05
C
Critical
Vulnerability Name
Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
Classification
OWASP 2013-A7 OWASP 2017-A5 CVE-2010-2861 CWE-22
H
High
Vulnerability Name
Adobe Cross-Domain Read Misconfiguration
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.5 OWASP PC-C5 CAPEC-160 CWE-264 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.6.1 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-08
H
High
Vulnerability Name
Adobe Cross-Domain Send Misconfiguration
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.5 OWASP PC-C5 CAPEC-160 CWE-264 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.6.1 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-08
H
High
Vulnerability Name
Advanced SQL Injection Vulnerability
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHZ-04
H
High
Vulnerability Name
Aem Groovy console enabled
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API7 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
C
Critical
Vulnerability Name
Agilecrm Takeover Detection
Classification
WSTG-CONF-10
H
High
Vulnerability Name
Alerta Authentication Bypass
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 CWE-287 WSTG-SESS-08
C
Critical
Vulnerability Name
AnchorCMS Error Log Exposure
Classification
CWE-200 CVE-2018-7251 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
M
Medium
Vulnerability Name
Anima Takeover Detection
Classification
WSTG-CONF-10
H
High
Vulnerability Name
Ansible Configuration Exposure
Classification
OWASP 2017-A3 OWASP 2017-A6 CWE-200 CVE-2020-14329
H
High
Vulnerability Name
Apache .htaccess LIMIT misconfiguration
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-732 WASC-13 WSTG-CONF-02
M
Medium
Vulnerability Name
Apache ActiveMQ XSS
Classification
CWE-79 CVE-2018-8006 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Apache Airflow Configuration Exposure
Classification
OWASP 2017-A3 OWASP 2017-A6 CWE-200 CVE-2020-14329
H
High
Vulnerability Name
Apache Arbitrary File Upload
Classification
OWASP 2013-A5 OWASP 2017-A6 CAPEC-17 WASC-42 CVE-2017-15715 CWE-20
H
High
Vulnerability Name
Apache Commons Text Vulnerability (Text4shell)
Classification
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-120 CWE-117 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
H
High
Vulnerability Name
Apache CouchDB Remote Privilege Escalation
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08 CVE-2017-12635 CWE-269
H
High
Vulnerability Name
Apache Druid RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-434 WSTG-INPV-08
C
Critical
Vulnerability Name
Apache Flink Unauth RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-CONF-05
C
Critical
Vulnerability Name
Apache Flink Upload Path Traversal
Classification
CAPEC-252 CWE-22 ISO27001-A.14.2.5 WASC-33 WSTG-ATHZ-01
C
Critical
Vulnerability Name
Apache Kylin Unauth
Classification
CWE-922 CVE-2020-13937 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
M
Medium
Vulnerability Name
Apache OFBiz RMI deserializes Arbitrary Code Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-502 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
C
Critical
Vulnerability Name
Apache OFBiz Reflected XSS
Classification
CWE-79 CVE-2020-1943 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Apache OFBiz XML-RPC Java Deserialization
Classification
CWE-79,CWE-502 CVE-2020-9496 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Apache Range Header Denial of Service
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.6 OWASP PC-C10 CAPEC-137 CWE-400 Subpart C, HIPAA-164.308(a)(1)(ii)(A) ISO27001-A.14.2.5 WASC-10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
M
Medium
Vulnerability Name
Apache S2-032 Struts RCE
Classification
CVE-2016-3081 CWE-77
H
High
Vulnerability Name
Apache Solr 8.3.0 - Remote Code Execution via Velocity Template
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-20 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
C
Critical
Vulnerability Name
Apache Solr gater than 8.8.1 Arbitrary File Read
Classification
H
High
Vulnerability Name
Apache Solr less than or equal 8.8.1 SSRF
Classification
CWE-918 CVE-2021-27905 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
M
Medium
Vulnerability Name
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-20 ISO27001-A.14.2.5 WASC-04 WSTG-INPV-08
C
Critical
Vulnerability Name
Apache Struts 2 S2 –008 RCE1
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-264 ISO27001-A.14.2.5 WSTG-INPV-08
C
Critical
Vulnerability Name
Apache Struts RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
H
High
Vulnerability Name
Apache Struts2 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N WSTG-INPV-08
C
Critical
Vulnerability Name
Apache Struts2 S2-001 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-20 ISO27001-A.14.2.5 CVSS:2/AV:N/AC:L/Au:N/C:P/I:N/A:N WSTG-INPV-08
C
Critical
Vulnerability Name
Apache Struts2 S2-012 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 CVSS:3.0/AV:N/AC:M/Au:N/C:C/I:C/A:C WSTG-INPV-08
C
Critical
Vulnerability Name
Apache Struts2 S2-052 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-94 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
C
Critical
Vulnerability Name
Apache Struts2 S2-053 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
C
Critical
Vulnerability Name
Apache Struts2 S2-057 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-917 ISO27001-A.14.2.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
C
Critical
Vulnerability Name
Apache Tomcat JK Status Manager Access
Classification
CWE-22 CVE-2018-11759 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
M
Medium
Vulnerability Name
Apache Tomcat Open Redirect
Classification
CWE-601 CVE-2018-11784 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
M
Medium
Vulnerability Name
Apache Tomcat Remote Code Execution (RCE)
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-434 WSTG-INPV-08
C
Critical
Vulnerability Name
Apache mod_perl Status Page Exposure
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-16 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C CAPEC-347 ISO27001-A.18.1.3 WASC-14
M
Medium
Vulnerability Name
Apache mod_proxy HTML Injection / Partial XSS
Classification
CWE-79 CVE-2019-10092 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Apache tika 1.15-1.17 header command injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 WSTG-INPV-11
C
Critical
Vulnerability Name
AppServ Open Project 2.5.10 and earlier XSS
Classification
CWE-79 CVE-2008-2398
M
Medium
Vulnerability Name
Application error disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API7 OWASP PC-C10 CWE-200 WSTG-ERRH-01
M
Medium
Vulnerability Name
Artica Web Proxy 4.30 Authentication Bypass
Classification
CVE-2020-17506 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-89 OWASP 2013-A2 OWASP 2017-A2
C
Critical
Vulnerability Name
Artifactory Access-Admin Login Bypass
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7
C
Critical
Vulnerability Name
Aryanic HighMail (High CMS) XSS
Classification
CWE-79 CVE-2020-23517 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Atlassian Confluence Status-List XSS
Classification
CVE-2018-5230
M
Medium
Vulnerability Name
Atlassian Confluence configuration files read
Classification
CWE-200 CVE-2015-8399 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
M
Medium
Vulnerability Name
Atlassian Crowd & Crowd Data Center - Unauthenticated RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 CAPEC-242 CWE-22 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N WSTG-INPV-08
C
Critical
Vulnerability Name
Atlassian Jira WallboardServlet XSS
Classification
CWE-79 CVE-2018-20824 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Atlassian Jira template injection vulnerabilities
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 WSTG-CLNT-03
C
Critical
Vulnerability Name
Authentication Bypass and Stored Cross Site Scripting
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 PCI v3.2-6.5.7 OWASP PC-C4 CWE-79 WASC-08 WSTG-INPV-02
C
Critical
Vulnerability Name
Auto complete not disabled
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-200 WASC-15
M
Medium
Vulnerability Name
Backup File Exposure
Classification
OWASP 2017-A3 OWASP 2021-A5 PCI v4.0-2.3 OWASP PC-C7 CAPEC-186 CWE-530 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-34 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-06
M
Medium
Vulnerability Name
Base64 Encoded Data Exposure
Classification
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.16 OWASP PC-C8 CAPEC-170 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-05
L
Low
Vulnerability Name
Base64 Encoded Data Leak in WebSocket
Classification
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-202 CWE-319 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-07
L
Low
Vulnerability Name
Bash command injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C3 PCI v3.2- CAPEC-88 CWE-78 HIPAA-78 ISO27001-A.14.2.5 WSTG-INPV-12 WASC-31
C
Critical
Vulnerability Name
Bigcartel Takeover Detection
Classification
WSTG-CONF-10
H
High
Vulnerability Name
Blind OS Command Injection Using Timing Attacks
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C5 CAPEC-88 CWE-78 HIPAA-164.306(a) & HIPAA-64.308(a) ISO27001-A.14.2.5 WASC-31 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
C
Critical
Vulnerability Name
Blind Server-Side Template Injection
Classification
PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-120 CWE-74 Subpart C, HIPAA-164.312(e)(2)(ii) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INFO-06
H
High
Vulnerability Name
Boolean based blind SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
C
Critical
Vulnerability Name
Browser exploit against SSL/TLS (BEAST attack)
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-326 HIPAA-164.306 ISO27001-A.14.1.3 WASC-4 WSTG-CRYP-01
I
Info
Vulnerability Name
Brute force in IIS
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 CAPEC-151 CWE-151 WASC-12
I
Info
Vulnerability Name
Buffer Overflow Vulnerability
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-100 CWE-120 Subpart C, HIPAA-164.306(a)(2) ISO27001-A.13.8.5 WASC-7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-09
M
Medium
Vulnerability Name
Buffer overflow vulnerability
Classification
OWASP 2013-A9 OWASP 2017-A9 CAPEC-100 CWE-120 WASC-7 WSTG-INPV-13
H
High
Vulnerability Name
Bullwark Momentum Series JAWS 1.0 - Directory Traversal
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C4 CAPEC-213 CWE-22 WSTG-ATHZ-01 WASC-13
H
High
Vulnerability Name
Bypassing Authentication on NETGEAR Routers
Classification
CWE-200 CVE-2017-5521 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
M
Medium
Vulnerability Name
CMSimple 3.1 - Local File Inclusion
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33 CVE-2008-2650
H
High
Vulnerability Name
CRLF Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C4 CWE-113 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001 A.14.2.5 WASC-24 {"CVSS:3.0"=>"AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H"} WSTG-INPV-15
L
Low
Vulnerability Name
CRLF Injection - Sercomm VD625
Classification
CVE-2021-27132 CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
M
Medium
Vulnerability Name
CRLF injection vulnerability
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-94 CWE-113 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.8.5 WASC-25 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-CONF-05
M
Medium
Vulnerability Name
CSRF Token Missing
Classification
OWASP 2017-A5 OWASP 2021-A1 PCI v4.0-6.5.6 OWASP PC-C5 CAPEC-62 CWE-352 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N WSTG-SESS-05
M
Medium
Vulnerability Name
CVE-2017-7615
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 CWE-94 HIPAA-94 ISO27001-A.14.2.5 WASC-04 WSTG-INPV-08 CVE-2017-7615 CWE-640
H
High
Vulnerability Name
CVE-2017-9841
Classification
CVE-2017-9841 CWE-94
H
High
Vulnerability Name
Cacheable and Storable Content
Classification
OWASP_2013_A5 OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-3.6 OWASP PC-C8 CAPEC-186 CWE-524 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.8.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-ATHN-06
L
Low
Vulnerability Name
Cached Data Retrieved
Classification
OWASP_2013_A6 OWASP 2017-A3 OWASP 2021-A2 PCI v4.0-3.7 OWASP PC-C8 CAPEC-170 CWE-524 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.8.4 WASC-10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-ATHN-06
L
Low
Vulnerability Name
Campaignmonitor Takeover Detection
Classification
WSTG-CONF-10
H
High
Vulnerability Name
Captcha image detected
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 CWE-804 WSTG-ATHN-03
C
Critical
Vulnerability Name
Cargo Takeover Detection
Classification
WSTG-CONF-10
H
High
Vulnerability Name
Character Set Mismatch
Classification
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-105 CWE-436 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-15 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N WSTG-INFO-09
L
Low
Vulnerability Name
Charset Manipulation Vulnerability
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.2 OWASP PC-C5 CAPEC-98 CWE-20 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L WSTG-INFO-01
L
Low
Vulnerability Name
ChromeLogger Data Leak
Classification
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.15 OWASP PC-C9 CAPEC-118 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-05
M
Medium
Vulnerability Name
Cisco ASA path traversal vulnerability
Classification
CWE-22 CVE-2018-0296 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
M
Medium
Vulnerability Name
Cisco IOS 12.2(55)SE11 Remote Code Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
C
Critical
Vulnerability Name
Citrix ADC Directory Traversal
Classification
OWASP 2013-A7 OWASP 2017-A5 CAPEC-213 CWE-22 WASC-33 CVE-2019-19781
H
High
Vulnerability Name
Clickjacking attack
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-103 CWE-1021 WASC-15 WSTG-CLNT-09
C
Critical
Vulnerability Name
Clockwork PHP Page Exposure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200
H
High
Vulnerability Name
Cloud Metadata Disclosure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-186 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-09
H
High
Vulnerability Name
Cobub Razor 0.8.0 Physical path Leakage Vulnerability
Classification
CWE-200 CVE-2018-8770 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
M
Medium
Vulnerability Name
Cockpit prior to 0.12.0 NoSQL injection in /auth/check
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CWE-89 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N WSTG-INPV-11
C
Critical
Vulnerability Name
Cockpit prior to 0.12.0 NoSQL injection in /auth/newpassword
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
C
Critical
Vulnerability Name
Cockpit prior to 0.12.0 NoSQL injection in /auth/resetpassword
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
C
Critical
Vulnerability Name
Code Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 OWASP PC-C3 CAPEC-242 CWE-94 WASC-31 WSTG-INPV-11
C
Critical
Vulnerability Name
Common Administration Interfaces
Classification
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 OWASP PC-C7 CAPEC-1 WASC-15
H
High
Vulnerability Name
Common Backdoors
Classification
OWASP 2013-A5 OWASP 2017-A10 OWASP 2021-A9 PCI v3.2-6.5.6 CAPEC-443 CWE-507 HIPAA-164.308(a) ISO27001-A.12.2.1 WASC-15 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
C
Critical
Vulnerability Name
Common gateway interface vulnerability
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-200 WASC-14
C
Critical
Vulnerability Name
Comodo Unified Threat Management Web Console 2.7.0 - RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N WSTG-INPV-08
C
Critical
Vulnerability Name
Content Security Policy (CSP) header cannot be parsed successfully
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 WASC-15 WSTG-CONF-12
I
Info
Vulnerability Name
Content Security Policy (CSP) header not implemented
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.2.5 WASC-15 WSTG-CONF-12
M
Medium
Vulnerability Name
Content Security Policy (CSP) implemented with insecure scheme
Classification
CONTENT SECURITY POLICY OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.2.5 WASC-15 WSTG-CONF-12
L
Low
Vulnerability Name
Content Security Policy (CSP) implemented with the insecure scheme in passive content only
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 WASC-15 WSTG-CONF-12
I
Info
Vulnerability Name
Content Security Policy (CSP) implemented with unsafe-eval
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.2.5 WASC-15 WSTG-CONF-12
I
Info
Vulnerability Name
Content Security Policy implemented with unsafe inline
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-79 ISO27001-A.14.2.5 WASC-15 WSTG-CONF-12
L
Low
Vulnerability Name
Content Type Header Missing
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.1.2 WASC-15
L
Low
Vulnerability Name
Cookie Poisoning
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C6 CAPEC-151 CWE-565 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N WSTG-INFO-05
L
Low
Vulnerability Name
Cookie session without 'HttpOnly' flag
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-104 WASC-14 WSTG-SESS-02
I
Info
Vulnerability Name
Cookie set without 'Secure' flag
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CAPEC-102 CWE-614 ISO27001-A.14.1.2 WASC-15 WSTG-SESS-02
L
Low
Vulnerability Name
Cookie without 'Secure' flag but protect by HSTS
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-614 WASC-15 WSTG-CONF-07
L
Low
Vulnerability Name
Coremail Config Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200
H
High
Vulnerability Name
Create an Administrative User in SAP NetWeaver AS JAVA
Classification
CVE-2020-6287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CWE-287 OWASP 2013-A2 OWASP 2017-A2 OWASP PC-C4
C
Critical
Vulnerability Name
Credit card number disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API3 PCI v3.2-6.5.3 OWASP PC-C7 CAPEC-118 CWE-213 ISO27001-A.18.1.4 WASC-13 WSTG-ATHN-06
C
Critical
Vulnerability Name
Cross Domain JavaScript Source File Inclusion
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-829 WASC-13
I
Info
Vulnerability Name
Cross Origin Resource Sharing Implemented With Restricted Access
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-346 WASC-13 WSTG-CLNT-07
I
Info
Vulnerability Name
Cross Origin Resource Sharing Not Implemented
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-346 WASC-13 WSTG-CLNT-07
I
Info
Vulnerability Name
Cross Site Scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 ISO27001-A.14.2.5 WASC-08 WSTG-INPV-02
C
Critical
Vulnerability Name
Cross Site Scripting (Persistent)
Classification
OWASP 2017-A7 OWASP 2021-A3 OWASP PC-C5 CAPEC-63 CWE-79 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.1 WASC-8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N WSTG-INPV-02
H
High
Vulnerability Name
Cross Site Scripting in Oracle Secure Global Desktop Administration Console
Classification
OWASP 2013-A3 OWASP 2013-A7 PCI v3.2- OWASP PC-C4 CAPEC-19 CWE-79 HIPAA-79 ISO27001-A.14.2.5 WASC-8 WSTG-CLNT-01
H
High
Vulnerability Name
Cross origin Resource Sharing Implemented With Public Access
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-346 WASC-13 WSTG-CLNT-07
I
Info
Vulnerability Name
Cross-Domain Security Misconfiguration
Classification
OWASP 2017-A5 OWASP 2021-A1 PCI v4.0-6.5.5 OWASP PC-C5 CAPEC-160 CWE-264 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.6.1 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-03
M
Medium
Vulnerability Name
Cross-Origin Resource Sharing XML cannot be parsed
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-94 WASC-14 WSTG-CLNT-07
M
Medium
Vulnerability Name
Cross-Origin Resource Sharing implemented with universal access
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-942 WASC-14 WSTG-CLNT-07
C
Critical
Vulnerability Name
Cross-Origin-Opener-Policy Misconfiguration
Classification
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.4 OWASP PC-C10 CAPEC-222 CWE-693 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-14 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L WSTG-INFO-09
L
Low
Vulnerability Name
Cross-site request forgery attack
Classification
OWASP 2013-A8 OWASP 2017-A5 OWASP 2021-A1 PCI v3.2-6.5.9 CAPEC-62 CWE-352 HIPAA-164.306(a) ISO27001-A.14.2.5 WASC-09 WSTG-SESS-05
M
Medium
Vulnerability Name
Cross-site tracing (XST) vulnerability
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 CAPEC-107 CWE-200 WASC-14 WSTG-CONF-06
I
Info
Vulnerability Name
D-Link arbitrary file upload
Classification
OWASP 2013-A6 OWASP 2017-A6 OWASP PC-C8 CAPEC-37 CWE-200 WASC-13 WSTG-CRYP-03
H
High
Vulnerability Name
DLINK DSL 2888a RCE
Classification
CWE-287 CVE-2020-24579 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
M
Medium
Vulnerability Name
DOM-Based XSS Vulnerability
Classification
OWASP 2017-A7 OWASP 2021-A3 PCI v4.0-6.5.12 OWASP PC-C5 CAPEC-114 CWE-79 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.1 WASC-8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-CLNT-01
H
High
Vulnerability Name
Database can be read without authentication
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 OWASP PC-C3 CWE-306 WASC-01
C
Critical
Vulnerability Name
DedeCMS 5.7 path disclosure
Classification
CWE-200 CVE-2018-6910 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
M
Medium
Vulnerability Name
Default Credentials of WMT Server
Classification
CVE-2020-35338 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-798 OWASP 2013-A2 OWASP 2017-A2
C
Critical
Vulnerability Name
Dell iDRAC7 and iDRAC8 Devices Code Injection/RCE
Classification
CWE ID-74 OWASP 2013-A1 OWASP 2017-A1 CVE-2016-5685 CVSS Score 9.0
C
Critical
Vulnerability Name
Deltek Maconomy 2.2.5 LFI
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33 WSTG-INPV-11 CVE-2019-12314
H
High
Vulnerability Name
Deprecated ASP.NET Version
Classification
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-2.2.1 OWASP PC-C10 CAPEC-310 CWE-642 Subpart C, HIPAA-164.312(a)(2) ISO27001-A.12.6.1 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-06
L
Low
Vulnerability Name
Detect Springboot Env Actuator
Classification
H
High
Vulnerability Name
Directory Indexing
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A5 PCI v4.0-6.5.1 OWASP PC-C4 CAPEC-104 CWE-538 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.11.2.1 WASC-7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CRYP-03
H
High
Vulnerability Name
Directory traversal attacks
Classification
CAPEC-213 CWE-22 WASC-33 WSTG-ATHZ-01
C
Critical
Vulnerability Name
Directory traversal in Cisco ASA & Cisco Firepower
Classification
CWE-20 CVE-2020-3452 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
M
Medium
Vulnerability Name
Directory traversal vulnerability in SAP NetWeaver Application Server Java 7.5
Classification
CVE-2017-12637 CWE-22
H
High
Vulnerability Name
Django Debug Method Enabled
Classification
M
Medium
Vulnerability Name
Dl PHP cgi.force_redirect disabled
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-305 WASC-13 WSTG-INPV-08
M
Medium
Vulnerability Name
Dockerrun AWS configuration exposure
Classification
OWASP 2017-A3 OWASP 2017-A6 CWE-200 CVE-2020-14329
H
High
Vulnerability Name
Document Object Model Based Cross Site Scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-08 WSTG-CLNT-01
C
Critical
Vulnerability Name
Document Object Model Cross Site Scripting on WordPress
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-08 WSTG-CLNT-01
C
Critical
Vulnerability Name
Does not redirect to a HTTPS site from HTTP port
Classification
OWASP 2013-A10 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-818 WSTG-CLNT-04
I
Info
Vulnerability Name
DrayTek pre-auth RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
C
Critical
Vulnerability Name
Druid Monitor Unauthorized Access
Classification
H
High
Vulnerability Name
Drupal 8 core RESTful Web Services RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H WSTG-INPV-08
C
Critical
Vulnerability Name
Drupal Drupalgeddon 2 RCE
Classification
CVE-2018-7600 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
C
Critical
Vulnerability Name
DuomiCMS SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C3 CAPEC-66 WASC-19 WSTG-INPV-05 CVE-2018-18084 CWE-89
H
High
Vulnerability Name
EEA Information Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200
H
High
Vulnerability Name
EL Injection (Expression Language Injection)
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-102 CWE-917 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-11
H
High
Vulnerability Name
ELMAH Log Disclosure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-186 CWE-94 Subpart C, HIPAA-164.306(a)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CONF-05
M
Medium
Vulnerability Name
EMerge E3 1.00-06 - Remote Code Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-798 WSTG-INPV-08
C
Critical
Vulnerability Name
EYou E-Mail system RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
C
Critical
Vulnerability Name
Eclipse Jetty Remote Leakage
Classification
CWE-200 CVE-2015-2080 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
M
Medium
Vulnerability Name
ElasticSearch 1.4.0/1.4.2 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE 284 WSTG-INPV-08
C
Critical
Vulnerability Name
ElasticSearch v1.1.1/1.2 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-78 ISO27001-A.14.2.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N WSTG-INPV-08
C
Critical
Vulnerability Name
Elasticsearch Head plugin LFI
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33 WSTG-INPV-11
H
High
Vulnerability Name
Email Addresses in ViewState
Classification
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-6.5.14 OWASP PC-C8 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-03
M
Medium
Vulnerability Name
Email Disclosure via WebSocket
Classification
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-202 CWE-200 Subpart C, HIPAA-164.312(c)(1) WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-07
L
Low
Vulnerability Name
Email address disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API3 OWASP PC-C7 CAPEC-118 CWE-200 ISO27001-A.9.4.1 WASC-13 WSTG-IDNT-04
I
Info
Vulnerability Name
Emby server SSRF
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.1 CWE-918 ISO27001-A.14.2.5 WASC-20 WSTG-INPV-19
C
Critical
Vulnerability Name
Error based SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
C
Critical
Vulnerability Name
Etouch v2 SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05
H
High
Vulnerability Name
Eval injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CWE-95 WASC-20 WSTG-INPV-12
H
High
Vulnerability Name
Excessive Redirects Causing Sensitive Data Leakage
Classification
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.7 OWASP PC-C9 CAPEC-170 CWE-201 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.9.1.2 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-05
L
Low
Vulnerability Name
Exchange Server SSRF Vulnerability
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A10 ISO27001-A.14.2.5 CVSS:3.0 9.1 / 8.4 WSTG-INPV-19
C
Critical
Vulnerability Name
Exposed SVN directory
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-527 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CAPEC-118 ISO 27001-A.9.4.1 WASC-13
H
High
Vulnerability Name
Exposed pprof
Classification
CVE-2019-11248 CWE-862 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
M
Medium
Vulnerability Name
External redirection
Classification
OWASP 2013-A10 OWASP 2017-A1 OWASP 2021-A3 CWE-601 WASC-38 WSTG-CLNT-04
I
Info
Vulnerability Name
F5 BIG-IP iControl REST unauthenticated RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
C
Critical
Vulnerability Name
Feifeicms Local File Read
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33
H
High
Vulnerability Name
File Content Disclosure on Rails
Classification
CVE-2019-5418 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
M
Medium
Vulnerability Name
File handling vulnerability
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP PC-C10 CAPEC-165 CWE-1219 WSTG-CONF-03
L
Low
Vulnerability Name
Fingerprinting Web Application Framework using HTTP headers
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CAPEC-170 CWE-16
I
Info
Vulnerability Name
Fingerprinting Web Server
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C7 CAPEC-224 CWE-200 ISO27001-A.18.1.3 WASC-45 WSTG-INFO-02
I
Info
Vulnerability Name
Format String Vulnerability
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-97 CWE-134 Subpart C, HIPAA-164.312(d) ISO27001-A.13.8.5 WASC-6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INFO-09
C
Critical
Vulnerability Name
FortiLogger Unauthenticated Arbitrary File Upload
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-434 WSTG-CONF-03
C
Critical
Vulnerability Name
FortiWeb Unauthenticated XSSFortiWeb Unauthenticated XSS
Classification
CVE-2021-22122 CWE-79
M
Medium
Vulnerability Name
Fortinet FortiOS Cross-Site Scripting
Classification
CWE-79 CVE-2018-13380 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
FuelCMS 1.4.1 - Remote Code Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-74 ISO27001-A.14.2.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
C
Critical
Vulnerability Name
Full Path Disclosure
Classification
OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-202 CWE-209 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-ERRH-01
L
Low
Vulnerability Name
Full path disclosure (FPD) vulnerability
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API3 CAPEC-126 WASC-​13 WSTG-INFO-09
M
Medium
Vulnerability Name
Full-read SSRF in Spring Cloud Netflix (Hystrix Dashboard)
Classification
CWE-610 CVE-2020-5412 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
M
Medium
Vulnerability Name
Geddy before v13.0.8 LFI
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 HIPAA-22 ISO27001-A.14.2.5 WASC-33 CVE-2015-5688 CWE-22
H
High
Vulnerability Name
Getresponse Takeover Detection
Classification
WSTG-CONF-10
H
High
Vulnerability Name
Ghostcat Vulnerability (CVE-2020–1938)
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-434 WASC-13
C
Critical
Vulnerability Name
Git Repository Exposure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-188 CWE-541 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.12.6.1 WASC-34 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-04
H
High
Vulnerability Name
GlassFish LFI
Classification
OWASP 2013-A4 OWASP 2017-A5 WASC-33 ISO27001-A.14.2.5 HIPAA-22 CAPEC-252 PCI v3.2 CVE-2017-1000028 CWE-22
H
High
Vulnerability Name
Grafana unauthenticated API
Classification
CVE-2019-15043 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-306
M
Medium
Vulnerability Name
Guessable credentials found
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 OWASP PC-C8 CAPEC-560 CWE-287 WASC-18 WSTG-ATHN-02
I
Info
Vulnerability Name
HA Proxy Statistics
Classification
CWE-16
M
Medium
Vulnerability Name
HTML Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C4 CAPEC-242 CWE-80 WASC-08 WSTG-CLNT-03
M
Medium
Vulnerability Name
HTTP Method Vulnerability Found
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2017-A6 OWASP 2019-API7 CWE-650 WASC-14 WSTG-CONF-06
M
Medium
Vulnerability Name
HTTP Only Website
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-4.1 OWASP PC-C2 CAPEC-315 CWE-311 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.14.1.3 WASC-4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-V42-SESS-02
M
Medium
Vulnerability Name
HTTP Parameter Manipulation
Classification
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-6.5.8 OWASP PC-C5 CAPEC-98 CWE-20 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N WSTG-ATHZ-04
M
Medium
Vulnerability Name
HTTP Public Key Pinning (HPKP) header cannot be recognised
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CONF-07
I
Info
Vulnerability Name
HTTP Response Splitting Vulnerability
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 CAPEC-34 CWE-113 WASC-25 WSTG-INPV-15
M
Medium
Vulnerability Name
HTTP Strict Transport Security (HSTS) header cannot be recognised
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CONF-07
L
Low
Vulnerability Name
HTTP Strict Transport Security (HSTS) header not implemented
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CAPEC-217 CWE-523 ISO27001-A.14.1.2 WASC-04 WSTG-CONF-07
L
Low
Vulnerability Name
HTTP Strict Transport Security (HSTS) header on the invalid certificate chain
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CONF-07
I
Info
Vulnerability Name
HTTP Strict Transport Security (HSTS) header set to less than six months
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CONF-07
I
Info
Vulnerability Name
HTTP Strict Transport Security header not available over HTTPS
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C10 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CONF-07
L
Low
Vulnerability Name
HTTPS Content Accessible via HTTP
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-4.1 OWASP PC-C8 CAPEC-170 CWE-311 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.14.1.3 WASC-4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CRYP-03
L
Low
Vulnerability Name
Harbor Enables Privilege Escalation From Zero to admin
Classification
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 CWE-284 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N WSTG-ATHZ-03
C
Critical
Vulnerability Name
Hatenablog takeover detection
Classification
WSTG-CONF-10
H
High
Vulnerability Name
Heartbleed Vulnerability
Classification
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-2.3 OWASP PC-C2 CAPEC-310 CWE-119 Subpart C, HIPAA-164.308(a)(1)(ii)(A) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
H
High
Vulnerability Name
Heartbleed vulnerability
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.2 OWASP PC-C1 CAPEC-216 CWE-119 ISO27001-A.14.2.5 WASC-04 WSTG-CRYP-01
C
Critical
Vulnerability Name
Helpscout Takeover Detection
Classification
WSTG-CONF-10
H
High
Vulnerability Name
Hidden File Exposure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-186 CWE-538 Subpart C,HIPAA-164.312(a)(2)(iv) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N WSTG-CONF-05
M
Medium
Vulnerability Name
Hikvision Authentication Bypass
Classification
CVE-2017-7921
H
High
Vulnerability Name
Horde Groupware Unauthenticated
Classification
CVSS score 7.5 CWE 284 OWASP 2013-A1 OWASP 2017-A1 CVE-2015-1427
C
Critical
Vulnerability Name
Htaccess Bypass
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-250 WASC-14 WSTG-CONF-02
M
Medium
Vulnerability Name
Httpoxy - Unsafe Proxy Header Usage
Classification
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-6.5.9 OWASP PC-C5 CAPEC-111 CWE-20 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-V4.2-INFO-07
H
High
Vulnerability Name
IBM DB Boolean based blind sql injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C4 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05
C
Critical
Vulnerability Name
ILO4 Authentication bypass
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 OWASP PC-C4 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H WSTG-SESS-08
C
Critical
Vulnerability Name
IP Addresses in ViewState
Classification
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-6.5.13 OWASP PC-C8 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-03
M
Medium
Vulnerability Name
IceWarp Less Than 10.4.4 - Local File Inclusion
Classification
CVE-2019-8982 CWE-918
H
High
Vulnerability Name
IceWarp WebMail Reflected XSS
Classification
CVE-2020-27982 CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
IceWarp WebMail XSS
Classification
CWE-79 CVE-2020-8512 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Image Privacy Data Exposure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.8 OWASP PC-C8 CAPEC-169 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-08
L
Low
Vulnerability Name
Improper Access Control
Classification
OWASP 2017-A5 OWASP 2021-A1 PCI v4.0-7.1 OWASP PC-C6 CAPEC-115 CWE-287 Subpart C, HIPAA-164.312(d) ISO27001-A.13.2.1 WASC-1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-ATHZ-01
H
High
Vulnerability Name
Improper Cache-Control Configuration
Classification
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-314 CWE-525 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-ATHN-06
L
Low
Vulnerability Name
Information Leak in Page Banner
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.9 OWASP PC-C9 CAPEC-26 CWE-200 ISO27001-A.14.2.5 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N WSTG-INFO-02
L
Low
Vulnerability Name
Information leakage in EXIF data of images
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP PC-C8 CAPEC-118 CWE-200 ISO27001-A.18.1.3 WASC-13 WSTG-INFO-05
I
Info
Vulnerability Name
Information leakage of the web application's directory or folder path
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API3 OWASP PC-C10 CAPEC-118 CWE-22 ISO27001-A.18.1.4 WASC-13 WSTG-INFO-03
I
Info
Vulnerability Name
Information leakage using meta tag
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 CWE-200 WASC-13 WSTG-INFO-05
I
Info
Vulnerability Name
Inline queries SQL injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
C
Critical
Vulnerability Name
Insecure Authentication Method
Classification
OWASP 2017-A2 OWASP 2021-A1 PCI v4.0-7.1 OWASP PC-C6 CAPEC-111 CWE-326 Subpart C, HIPAA-164.312(d) ISO27001-A.13.2.1 WASC-4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-ATHZ-01
M
Medium
Vulnerability Name
Insecure File Upload
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-17 CWE-434 WASC-42 WSTG-BUSL-09
I
Info
Vulnerability Name
Insecure FrontPage extension configuration
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-16 HIPAA-164.306(a) WASC-13
L
Low
Vulnerability Name
Insecure HTTP to HTTPS Form Transition
Classification
OWASP 2017-A6 OWASP 2021-A2 PCI v4.0-4.1 OWASP PC-C2 CAPEC-63 CWE-319 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.14.1.3 WASC-15 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CRYP-03
M
Medium
Vulnerability Name
Insecure HTTPS to HTTP Form Transition
Classification
OWASP 2017-A6 OWASP 2021-A2 PCI v4.0-4.1 OWASP PC-C2 CAPEC-63 CWE-319 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.14.1.3 WASC-15 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CRYP-03
M
Medium
Vulnerability Name
Insecure JavaServer Faces ViewState
Classification
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-6.5.4 OWASP PC-C4 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHZ-04
M
Medium
Vulnerability Name
Insecure RIA cross domain policy
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-942 WASC-15 WSTG-CONF-08
H
High
Vulnerability Name
Insecure Redirection
Classification
OWASP 2013-A10 OWASP 2017-A5 OWASP 2021-A1 CWE-601 WASC-38 WSTG-CLNT-04
M
Medium
Vulnerability Name
Insecurely Scoped Cookie
Classification
OWASP 2017-A6 OWASP 2021-A8 PCI v4.0-6.5.4 OWASP PC-C6 CAPEC-118 CWE-565 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-15 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-SESS-02
L
Low
Vulnerability Name
Inspur ClusterEngine V4.0 RCE
Classification
CVE-2020-21224 CWE-88 CVSS:AV:N/AC:L/Au:N/C:C/I:C/A:C
C
Critical
Vulnerability Name
Inspur ClusterEngine V4.0 RCE
Classification
CVE-2020-21224 CWE-88 CVSS:AV:N/AC:L/Au:N/C:C/I:C/A:C
C
Critical
Vulnerability Name
Integer Overflow Vulnerability
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-128 CWE-190 Subpart C, HIPAA-164.306(a)(2) ISO27001-A.13.8.5 WASC-3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-09
M
Medium
Vulnerability Name
Intercom Takeover Detection
Classification
WSTG-CONF-10
H
High
Vulnerability Name
Intermediate TLS compatibility
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 PCI v3.2-6.5.4 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 WSTG-CRYP-01
I
Info
Vulnerability Name
Invalid certificate chain encountered during redirection
Classification
OWASP 2013-A10 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-297 WSTG-CLNT-04
L
Low
Vulnerability Name
JIRA Directory Traversal
Classification
CVE-2019-8442 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
M
Medium
Vulnerability Name
JIRA SSRF
Classification
CWE-918 CVE-2019-8451 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
M
Medium
Vulnerability Name
JIRA Unauthenticated Sensitive Information Disclosure
Classification
CVE-2019-8449 CWE-306 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
M
Medium
Vulnerability Name
JSON Web Token (JWT) Vulnerability
Classification
OWASP 2017-A2 OWASP 2021-A7 PCI v4.0-6.5.4 OWASP PC-C6 CAPEC-234 CWE-347 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-05
M
Medium
Vulnerability Name
Java Deserialization Vulnerability
Classification
OWASP 2017-A8 OWASP 2021-A4 PCI v4.0-6.5.4 OWASP PC-C4 CAPEC-120 CWE-502 Subpart C, HIPAA-164.312(e)(2)(i) ISO27001-A.13.8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHZ-04
M
Medium
Vulnerability Name
Jellyfin prior to 10.7.0 Unauthenticated Arbitrary File Read
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200 WSTG-CRYP-03 CVE-2021-21402
H
High
Vulnerability Name
Jenkin Audit Trail Plugin XSS
Classification
CWE-79 CVE-2020-2140 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Jenkins 2.138 Remote Command Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 WSTG-INPV-08
C
Critical
Vulnerability Name
Jenkins Gitlab Hook XSS
Classification
CWE-79 CVE-2020-2096 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Jenkins build-metrics plugin 1.3 - label Cross-Site Scripting
Classification
CWE-79 CVE-2010-4240
M
Medium
Vulnerability Name
Jenzabar v9.20-v9.2.2 XSS
Classification
CWE-79 CVE-2021-26723 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Jira - Reflected XSS using searchOwnerUserName parameter.
Classification
CWE-79 CVE-2019-3402 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Jira IconURIServlet SSRF
Classification
OWASP 2013-A5 OWASP 2017-A6 ISO27001-A.14.2.5 WASC-20 WSTG-INPV-19
H
High
Vulnerability Name
Jira Subversion ALM for enterprise XSS
Classification
CWE-79 CVE-2020-9344 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Jnoj Directory Traversal for file reading(LFI)
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CVE-2019-17538 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33
H
High
Vulnerability Name
Jolokia XSS
Classification
CVE-2018-1000129 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
H
High
Vulnerability Name
Joomla Core SQL Injection
Classification
CVE-2015-7297 CWE-89
H
High
Vulnerability Name
Joomla Core vulnerability
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-79
C
Critical
Vulnerability Name
Joomla Debug Mode status
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 WASC-13
M
Medium
Vulnerability Name
Joomla SQL Injection
Classification
CVE-2017-8917 CWE-89
H
High
Vulnerability Name
Joomla User Registration Process
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 WASC-13
C
Critical
Vulnerability Name
Joomla admin page
Classification
OWASP 2013-A7 OWASP 2017-A4 OWASP 2021-A1 PCI v3.2-6.5.8 OWASP PC-C6 CAPEC-87 CWE-425 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.9.4.1 WASC-34
L
Low
Vulnerability Name
Joomla common log files
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-532 WASC-20
H
High
Vulnerability Name
Kentico CMS Insecure Deserialization RCE
Classification
OWASP 2013-A1 OWASP 2017-A8 OWASP 2021-A8 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-502
C
Critical
Vulnerability Name
Kibana Timelion Arbitrary Code Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-94 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
C
Critical
Vulnerability Name
Klog Server Unauthenticated Command Injection
Classification
CVE-2020-35729 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2020-35749 CWE-22 OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C7 CAPEC-118 ISO27001-A.18.1.4 WASC-13
C
Critical
Vulnerability Name
LARAVEL less than or equal to V8.4.2 DEBUG MODE - REMOTE CODE EXECUTION
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CVE-2021-3129
C
Critical
Vulnerability Name
LDAP Injection Attack
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-255 CWE-90 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-29 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-06
H
High
Vulnerability Name
Lack of wildcard DNS entry found
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-155
I
Info
Vulnerability Name
Lanproxy Directory Traversal
Classification
CWE-22 CVE-2021-3019 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
M
Medium
Vulnerability Name
Laravel Debug Enabled
Classification
CWE-16 PCI v3.1-6.5.5 PCI v3.2-6.5.5; CAPEC-214 ISO27001-A.14.1.2 WASC-14 OWASP 2013-A5 OWASP 2017-A6
M
Medium
Vulnerability Name
Laravel Telescope Disclosure
Classification
CVSS-5.0 CVSS-AV:N/AC:L/Au:N/C:P/I:N/A:N
M
Medium
Vulnerability Name
Laravel log file publicly accessible
Classification
OWASP 2013-A6 OWASP 2017-A3 CWE-538 OWASP PC-C8 WSTG-CRYP-03
H
High
Vulnerability Name
Liferay Portal Unauthenticated RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-502 ISO 27001-A.14.2.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
C
Critical
Vulnerability Name
Lightweight Directory Access Protocol (LDAP) injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 CAPEC-136 CWE-20 WASC-29 WSTG-INPV-06
C
Critical
Vulnerability Name
LinkedIn Oncall 1.4.0 XSS
Classification
CWE-79 CVE-2021-26722 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
LinuxKI Toolset 6.01 Remote Command Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 ISO 27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
C
Critical
Vulnerability Name
Local File Inclusion
Classification
OWASP 2013-A4 OWASP 2017-A5 OWASP 2021-A1 PCI v3.2-6.5.8 CAPEC-252 CWE-22 HIPAA-164.306(a) ISO27001-A.14.2.5 WASC-33 WSTG-INPV-11
H
High
Vulnerability Name
Log4j Vulnerability
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 OWASP PC-C2 WSTG-INPV-08
C
Critical
Vulnerability Name
Log4j Vulnerability (CVE-2021-44228)
Classification
OWAS _2017-A9 OWASP 2021-A6 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-120 CWE-117 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
H
High
Vulnerability Name
Log4j Vulnerability (CVE-2021-45046)
Classification
OWASP 2017_A09 OWASP 2021-A6 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-120 CWE-117 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
H
High
Vulnerability Name
Logjam attack against the TLS protocol
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-757 HIPAA-164.306 ISO27001-A.14.1.2 WASC-04 WSTG-CRYP-01
I
Info
Vulnerability Name
Loose Cookie Security Detection
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C6 CAPEC-151 CWE-205 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-45 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-SESS-02
L
Low
Vulnerability Name
MD4/MD5 Hash Exposure
Classification
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-2.3 OWASP PC-C8 CAPEC-310 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-04
L
Low
Vulnerability Name
MX injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C4 CAPEC-183 CWE-77 WASC-30 WSTG-INPV-10
C
Critical
Vulnerability Name
Magento Config Disclosure
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 PCI v3.2-6.5.8 CWE-284 ISO27001-A.18.1.3 WSTG-CONF-02
M
Medium
Vulnerability Name
Magmi – Cross-Site Scripting v.0.7.22
Classification
CWE-79 CVE-2017-7391 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Majordomo2 - SMTP/HTTP Directory Traversal
Classification
OWASP 2013-A7 OWASP 2017-A5 CVE-2011-0049 CWE-22 CAPEC-213
H
High
Vulnerability Name
Mara CMS 7.5 - Reflected Cross-Site Scripting
Classification
CWE-79 CVE-2020-24223 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
McAfee ePolicy Orchestrator RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08 CWE-94
H
High
Vulnerability Name
McAfee ePolicy Orchestrator Reflected XSS
Classification
CWE-79 CVE-2020-7318 CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Memcached Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C4 CWE-502 WASC-07
H
High
Vulnerability Name
Meridian Integrated Personal Call Director Password Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP PC-C8 CWE-200 WASC-13 WSTG-ATHN-03
C
Critical
Vulnerability Name
MetInfo 6.0.0/6.1.0 LFI
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33
H
High
Vulnerability Name
Micro Focus UCMDB RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
C
Critical
Vulnerability Name
MicroStrategy tinyurl - BSSRF
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-918 ISO 27001-A.14.2.5 WASC-20 WSTG-INPV-19
H
High
Vulnerability Name
Microsoft RDS Arbitrary Remote Command Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C5 CWE-78 WASC-31
C
Critical
Vulnerability Name
Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CAPEC-242 CWE-346 ISO27001-A.14.2.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-08
C
Critical
Vulnerability Name
Microsoft Site Server Information Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 PCI v3.2-6.5.5 OWASP PC-C8 CWE-200 WASC-14 WSTG-INFO-09
H
High
Vulnerability Name
Misconfigured Docker on Default Port
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 WASC-15
C
Critical
Vulnerability Name
Missing Fallback Signaling Cipher Suite Value
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-757 WASC-13
M
Medium
Vulnerability Name
Missing Subresource Integrity (SRI) Attribute
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-109 CWE-345 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-15 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-CONF-02
M
Medium
Vulnerability Name
Modern Events Calendar Lite less than 5.16.5 - Unauthenticated Events Export
Classification
OWASP 2013-A7 OWASP 2017-A5 CVE-2021-24146 CWE-284
H
High
Vulnerability Name
Modern TLS compatibility
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 HIPAA-164.306 WASC-13 WSTG-CRYP-01
I
Info
Vulnerability Name
Moodle filter_jmol - LFI
Classification
OWASP 2013-A4 OWASP 2017-A5 WASC-33 ISO27001-A.14.2.5 HIPAA-22 CAPEC-252 PCI v3.2 CVE-2017-1000028
H
High
Vulnerability Name
Multiple Redirects Detected (Potential Info Leak)
Classification
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-6.5.7 OWASP PC-C9 CAPEC-170 CWE-201 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.9.1.2 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-05
L
Low
Vulnerability Name
MySQL Dump Files
Classification
CWE-530 CWE-89 CWE-200 CVE-2016-5483
M
Medium
Vulnerability Name
NUUO NVRmini 2 3.0.8 Local File Disclosure
Classification
H
High
Vulnerability Name
NeDi 1.9C XSS
Classification
CWE-79 CVE-2020-14413 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Neon Dashboard - XSS Reflected
Classification
CWE-79 CVE-2019-20141 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Netrc Config File
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-538 WSTG-CRYP-03
H
High
Vulnerability Name
Netsweeper WebAdmin unixlogin.php Python Code Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
C
Critical
Vulnerability Name
Next.js .next/ limited path traversal
Classification
CWE-22 CVE-2020-5284 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
M
Medium
Vulnerability Name
Nextjs v2.4.1 LFI
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33 WSTG-INPV-11
H
High
Vulnerability Name
Nginx off-by-slash exposes Git config
Classification
CVSS-5.0 CVSS-AV:N/AC:L/Au:N/C:P/I:N/A:N
M
Medium
Vulnerability Name
Nginx virtual host traffic status module XSS
Classification
CWE-79
M
Medium
Vulnerability Name
NoSQL Injection (MongoDB)
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-210 CWE-943 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-05
H
High
Vulnerability Name
Node.js 8.5.0 gater than equal and less than 8.6.0 Directory Traversal
Classification
OWASP 2013-A7 OWASP 2017-A5 CVE-2017-14849 CWE-22
H
High
Vulnerability Name
Node.js Systeminformation Command Injection
Classification
CVE-2021-21315
H
High
Vulnerability Name
Non-Cachable Content
Classification
OWASP_2013_A5 OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-3.4 OWASP PC-C8 CAPEC-168 CWE-524 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.8.1 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-ATHN-06
L
Low
Vulnerability Name
Nostromo 1.9.6 - Remote Code Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-22 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
C
Critical
Vulnerability Name
Nuxeo Authentication Bypass Remote Code Execution
Classification
CVE-2018-16341
H
High
Vulnerability Name
OA TongDa Path Traversal
Classification
OWASP 2013-A7 OWASP 2017-A5 CWE-22
C
Critical
Vulnerability Name
OOB XSS Vulnerability
Classification
OWASP 2017-A7 OWASP 2021-A3 PCI v4.0-6.5.12 OWASP PC-C9 CAPEC-174 CWE-79 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.1 WASC-8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H WSTG-INPV-01
H
High
Vulnerability Name
Obtain plaintext by observing length differences
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-326 ISO27001-A.14.1.2 WSTG-CRYP-01
I
Info
Vulnerability Name
Odoo 12.0 - Local File Inclusion
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33 WSTG-INPV-11
H
High
Vulnerability Name
Old Backup and Unreferenced files
Classification
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A5 OWASP 2019-API9 CWE-530 WASC-34
M
Medium
Vulnerability Name
Old TLS backward compatibility
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 WSTG-CRYP-01
I
Info
Vulnerability Name
Open Redirect
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.7 OWASP PC-C2 CAPEC-601 CWE-601 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.9.1.2 WASC-38 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N WSTG-CLNT-04
H
High
Vulnerability Name
Open Redirect in EpiServer
Classification
CWE-601 CVE-2020-24550 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Open WebSocket
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-352 WASC-13
M
Medium
Vulnerability Name
Open-School 3.0/Community Edition 2.3 - Cross Site Scripting
Classification
CWE-79 CVE-2019-14696 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Open-redirect in Traefik
Classification
CWE-601 CVE-2020-15129 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Openfire Full Read SSRF
Classification
CVE-2019-18394 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
C
Critical
Vulnerability Name
Openfire LFI
Classification
CVE-2019-18394 CWE-918
H
High
Vulnerability Name
Oracle Business Intelligence Path Traversal
Classification
OWASP 2013-A7 OWASP 2017-A5 CAPEC-213 CWE-22 WASC-33 WSTG-ATHZ-01
H
High
Vulnerability Name
Oracle Content Server XSS
Classification
CWE-79 CVE-2017-10075 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
M
Medium
Vulnerability Name
Oracle WebCenter Sites XSS
Classification
CVE-2018-2791 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
M
Medium
Vulnerability Name
Oracle WebLogic RCE
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
C
Critical
Vulnerability Name
Oracle WebLogic Server Administration Console Handle RCE
Classification
CVE-2020-14882 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-78 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08
C
Critical
Vulnerability Name
Oracle WebLogic Server Administration Console Handle RCE
Classification
CVE-2020-14882 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-78 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08
C
Critical
Vulnerability Name
Oracle Weblogic Server Unauthenticated RCE
Classification
CVE-2019-2725 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
C
Critical
Vulnerability Name
Origin Spoof Access Restriction Bypass
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-732 WASC-15
C
Critical
Vulnerability Name
PDF Signer 3.0 - SSTI to RCE via CSRF Cookie Vulnerability
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08
H
High
Vulnerability Name
PHP Config contain database IDs and passwords
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP PC-C8 CAPEC-118 CWE-213 ISO27001-A.18.1.4 WASC-13
C
Critical
Vulnerability Name
PHP Source Code Exposure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-186 CWE-540 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-06
M
Medium
Vulnerability Name
PHP code injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 CAPEC-242 CWE-94 HIPAA-164.306(a) ISO27001-A.14.2.5 WASC-20 WSTG-INPV-11
C
Critical
Vulnerability Name
PHP post_max_size show phpinfo()
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-346 CWE-16 ISO27001-A.18.1.3 WASC-13
I
Info
Vulnerability Name
PHP session.use_trans_sid Session Hijacking
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 CAPEC-593 CWE-16 WASC-15 WSTG-SESS-09
M
Medium
Vulnerability Name
PHP-FPM Vulnerability (CVE-2019-11043) with NGINX
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-787
C
Critical
Vulnerability Name
PII Disclosure via WebSocket
Classification
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-202 CWE-359 Subpart C, HIPAA-164.312(c)(1) WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-07
H
High
Vulnerability Name
PMB 5.6 - 'chemin' Local File Disclosure
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 HIPAA-22 ISO27001-A.14.2.5 WASC-33 CWE-22
H
High
Vulnerability Name
POODLE Attack
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-326 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 WSTG-CRYP-01
H
High
Vulnerability Name
PUT method enabled
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-650 WASC-14
H
High
Vulnerability Name
PacsOne Server XSS
Classification
CWE-79 CVE-2020-29164 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Padding Oracle Attack
Classification
OWASP 2017-A6 OWASP 2021-A2 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-166 CWE-209 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-CRYP-02
H
High
Vulnerability Name
Palo Alto Networks Reflected XSS
Classification
CWE-79 CVE-2020-2036 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
M
Medium
Vulnerability Name
Parameter Pollution Attack
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.2 OWASP PC-C5 CAPEC-460 CWE-20 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N WSTG-INFO-07
L
Low
Vulnerability Name
Parameter tampering attack
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API1 OWASP PC-C5 CAPEC-460 CWE-233 WASC-20 WSTG-INPV-04
C
Critical
Vulnerability Name
Password Autocomplete in Browser
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP PC-C1 CAPEC-464 CWE-16 ISO27001-A.14.1.2 WASC-15
I
Info
Vulnerability Name
Path Traversal Vulnerability
Classification
OWASP_2013_A4 OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.3 OWASP PC-C5 CAPEC-166 CWE-20 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
M
Medium
Vulnerability Name
Personally Identifiable Information Disclosure
Classification
OWASP 2017-A3 OWASP 2021-A4 PCI v4.0-3.3 OWASP PC-C8 CAPEC-202 CWE-359 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.8.2.1 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-08
H
High
Vulnerability Name
PhpMyAdmin 4.8.1 Remote File Inclusion
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-287 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
C
Critical
Vulnerability Name
PhpMyAdmin Scripts/setup.php Deserialization Vulnerability
Classification
OWASP 2013-A1 OWASP 2017-A8 CWE-502
H
High
Vulnerability Name
PhpMyExplorer Directory traversal
Classification
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 CAPEC-213 CWE-22 WASC-33 WSTG-ATHZ-01
C
Critical
Vulnerability Name
Phpinfo() Memory Limit
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-346 CWE-213 ISO27001-A.18.1.3 WASC-13
M
Medium
Vulnerability Name
Phpinfo() Open Base Directory Is Disabled
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-346 CWE-213 ISO27001-A.18.1.3 WASC-13
M
Medium
Vulnerability Name
Phpinfo() PHP Magic Quotes Gpc is On
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-346 CWE-213 ISO27001-A.18.1.3 WASC-13
M
Medium
Vulnerability Name
Phpinfo() Upload Max Filesize
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CAPEC-346 CWE-213 ISO27001-A.18.1.3 WASC-13
M
Medium
Vulnerability Name
Potential Heartbleed Vulnerability
Classification
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-2.3 OWASP PC-C2 CAPEC-310 CWE-119 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.12.6.1 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
H
High
Vulnerability Name
Potential Username Enumeration
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.6 OWASP PC-C6 CAPEC-124 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.9.1.2 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-IDNT-04
L
Low
Vulnerability Name
Potential web backdoor
Classification
OWASP 2013-A10 OWASP 2017-A10 OWASP 2021-A9 PCI v3.2-6.5.6 CAPEC-443 CWE-912 HIPAA-164.308(a) ISO27001-A.12.2.1 WASC-15 WSTG-INFO-09
C
Critical
Vulnerability Name
Potentially dangerous file
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 CAPEC-17 CWE-434 HIPAA-164.306(a)
H
High
Vulnerability Name
Private IP Disclosure
Classification
OWASP 2017-A3 OWASP 2021-A1 PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-202 CWE-200 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-08
L
Low
Vulnerability Name
Private IP address disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API3 PCI v3.2-6.5.5 OWASP PC-C8 CWE-200 ISO27001-A.18.1.4 WASC-13 WSTG-CRYP-03
I
Info
Vulnerability Name
ProFTPd RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08 CVE-2015-3306 CWE-284
H
High
Vulnerability Name
Processing of Change Cipher Spec
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-326 ISO27001-A.14.1.2 WSTG-CRYP-01
I
Info
Vulnerability Name
Properties File Exposure in /WEB-INF
Classification
OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-188 CWE-541 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-34 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CONF-05
H
High
Vulnerability Name
Proposify Takeover Detection
Classification
WSTG-CONF-10
H
High
Vulnerability Name
Proxy Information Disclosure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-118 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-45 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-07
M
Medium
Vulnerability Name
Publicly Writable Directory
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP PC-C7 CWE-379 WASC-13
M
Medium
Vulnerability Name
Pulse Connect Secure SSL VPN arbitrary file read vulnerability
Classification
OWASP 2013-A7 OWASP 2017-A5 CVE-2019-11510 CWE-22
H
High
Vulnerability Name
Qi anxin Netkang Next Generation Firewall RCE
Classification
CWE-94 OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
C
Critical
Vulnerability Name
Query hashed password via QueryBuilder Servlet
Classification
M
Medium
Vulnerability Name
RCE in MobileIron Core & Connector
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-78 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
C
Critical
Vulnerability Name
ROBOT Attack (Breitenbacher RSA)
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-203 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C WSTG-CRYP-01
M
Medium
Vulnerability Name
Rack-Mini-Profiler Environment Information Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-287
H
High
Vulnerability Name
Rails Asset Pipeline Directory Traversal Vulnerability
Classification
CVE-2018-3760 CWE-200 OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 WSTG-CRYP-03
H
High
Vulnerability Name
Rails Debug Mode Enabled
Classification
OWASP 2013-A5 OWASP 2017-A6- CWE-16 CAPEC-214 PCI v3.1-6.5.5 PCI v3.2-6.5.5 ISO 27001-A.14.1.1 WASC-14
M
Medium
Vulnerability Name
Redirection from HTTP to HTTPS to a different host preventing HSTS
Classification
OWASP 2013-A10 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CLNT-04
M
Medium
Vulnerability Name
Redirects to HTTPS eventually, but initial redirection is to another HTTP URL
Classification
OWASP 2013-A10 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-601 WASC-38 WSTG-CLNT-04
M
Medium
Vulnerability Name
Redirects, but final destination is not an HTTPS URL
Classification
OWASP 2013-A10 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-601 WASC-38 WSTG-CLNT-04
I
Info
Vulnerability Name
Redwood v4.3.4.5-v4.5.3 XSS
Classification
CWE-79 CVE-2021-26710 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Referrer-Policy header unsafely
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-200
M
Medium
Vulnerability Name
Referrer-policy header cannot be recognized
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-200 ISO27001-A.14.2.5 WASC-20
L
Low
Vulnerability Name
Reflected Cross Site Scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-591 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-08 WSTG-INPV-01
H
High
Vulnerability Name
Reflected File Download vulnerability
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 CAPEC-375 CWE-840 ISO27001-A.14.2.5 WASC-42
C
Critical
Vulnerability Name
Regular expression Denial of Service vulnerability (ReDoS)
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 CAPEC-492 CWE-400 ISO27001-A.14.1.2 WASC-10
C
Critical
Vulnerability Name
Remote Code Execution (CVE-2012-1823)
Classification
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-6.5.4 OWASP PC-C10 CAPEC-120 CWE-20 Subpart C, HIPAA-164.312(e)(2)(ii) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-12
H
High
Vulnerability Name
Remote OS Command injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C5 CAPEC-88 CWE-78 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-31 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
C
Critical
Vulnerability Name
Remote access code
Classification
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 OWASP 2019-API5 CWE-287 WASC-01
M
Medium
Vulnerability Name
Remote file inclusion
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C4 CAPEC-193 CWE-98 HIPAA-164.306(a) ISO27001-A.14.2.5 WASC-05 WSTG-INPV-11
M
Medium
Vulnerability Name
Renegotiation allowing to insert data into HTTPS sessions
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-757 HIPAA-164.306(a) ISO27001-A.14.1.2 WASC-04 WSTG-CRYP-01
I
Info
Vulnerability Name
Revealing phpinfo()
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 CAPEC-346 CWE-213 ISO27001-A.18.1.3 WASC-13
M
Medium
Vulnerability Name
Revive Adserver XSS
Classification
CWE-79 CVE-2020-8115 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
RockMongo V1.1.8 XSS
Classification
CWE-79
M
Medium
Vulnerability Name
RocketChat Unauthenticated Email enumeration
Classification
CWE-203 CVE-2020-28208 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
M
Medium
Vulnerability Name
RocketChat Unauthenticated Read Access
Classification
C
Critical
Vulnerability Name
Rosetta flash vunerability
Classification
OWASP 2013-A5 OWASP 2017-A1 OWASP 2021-A3 CWE-352 WASC-15 WSTG-CLNT-08
I
Info
Vulnerability Name
Rstudio Shiny Server Directory Traversal
Classification
CWE-22 CVE-2021-3374 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
M
Medium
Vulnerability Name
Ruijie Information Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200
H
High
Vulnerability Name
Ruijie Networks Switch eWeb S29_RGOS 11.4 LFI
Classification
CWE-22 OWASP 2013-A4 OWASP 2017-A5 WASC-33 ISO27001-A.14.2.5 HIPAA-22 CAPEC-252 PCI v3.2
H
High
Vulnerability Name
Ruijie Smartweb Management System Password Information Disclosure
Classification
OWASP 2017-A3 OWASP 2017-A6 CWE-200 CVE-2020-14329
H
High
Vulnerability Name
Rumpus FTP Web File Manager 8.2.9.1 XSS
Classification
CWE-79 CVE-2019-19368 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
SFTP credentials exposure
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-16 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N ISO27001-A.18.1.3 WASC-15
M
Medium
Vulnerability Name
SMBGhost Vulnerability (CVE-2020-0796)
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-119
C
Critical
Vulnerability Name
SOAP Action Header Spoofing
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-109 CWE-209 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N WSTG-VATHZ-04
H
High
Vulnerability Name
SOAP XML Injection Vulnerability
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-126 CWE-91 Subpart C, HIPAA-164.306(a)(1) ISO27001-A.13.8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHZ-04
H
High
Vulnerability Name
SQL Injection (Hypersonic SQL)
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
H
High
Vulnerability Name
SQL Injection (MySQL)
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.306(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-05
H
High
Vulnerability Name
SQL Injection (Oracle)
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
H
High
Vulnerability Name
SQL Injection (PostgreSQL)
Classification
OWASP 2017-A1 OWASP 2021--A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
H
High
Vulnerability Name
SQL Injection (SQLite)
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-05
H
High
Vulnerability Name
SQL Injection Vulnerability
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-66 CWE-89 Subpart C, HIPAA-164.306(a)(1) SO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-05
H
High
Vulnerability Name
SQL injection(SQLi)
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
C
Critical
Vulnerability Name
SRI HTML not parsable
Classification
OWASP 2013-A5 OWASP 2017 A6 OWASP 2021-A5 WASC-14
I
Info
Vulnerability Name
SSL compression methods
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-310 HIPAA-164.306 ISO27001-A.14.1.2 WASC-13 WSTG-CRYP-01
M
Medium
Vulnerability Name
SSL(Secure Sockets Layer) protocol version outdated
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-310 HIPAA-164.306 ISO27001-A.14.1.2 WASC-13 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N WSTG-CRYP-01
C
Critical
Vulnerability Name
SSRF Vulnerability
Classification
OWASP 2017-A5 OWASP 2021-A10 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-152 CWE-918 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-19
H
High
Vulnerability Name
SVN Repository Exposure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.5 OWASP PC-C7 CAPEC-188 CWE-541 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.12.6.1 WASC-34 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-05
M
Medium
Vulnerability Name
SaltStack Shell Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CAPEC-88 CWE-78 WASC- 31
C
Critical
Vulnerability Name
SaltStack wheel async unauth access
Classification
OWASP 2013-A2 OWASP 2017-A2 CVE-2020-11651 CVSS Score 7.5 CWE ID 20
C
Critical
Vulnerability Name
Samsung Wlan AP (WEA453e)RCE
Classification
CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
C
Critical
Vulnerability Name
Sangfor EDR 3.2.17R1/3.2.21 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 OWASP PC-C1 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
C
Critical
Vulnerability Name
Sensitive Data in URL
Classification
OWASP 2017-A3 OWASP 2021-A1 PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-312 CWE-200 Subpart C, HIPAA-164.312(a)(2)(i) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N WSTG-INFO-08
L
Low
Vulnerability Name
Sensitive data exposure via insecure Jira endpoint
Classification
CWE-200 CVE-2020-14179 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
M
Medium
Vulnerability Name
Server Certificate Validation Through OCSP Stapling
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-299 WASC-13
I
Info
Vulnerability Name
Server vulnerabilities and misconfiguration for sensitive information
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C8 CAPEC-21 CWE-200 CWE-200 WASC-14 WSTG-CONF-02
C
Critical
Vulnerability Name
Server-Side Include Vulnerability
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-110 CWE-97 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.8.5 WASC-31 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
H
High
Vulnerability Name
Server-Side Includes (SSI) injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 CAPEC-101 CWE-97 WASC- 31 WSTG-INPV-08
H
High
Vulnerability Name
Server-Side Template Injection
Classification
PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-120 CWE-94 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.13.8.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INFO-06
H
High
Vulnerability Name
Session Cookie set without 'Secure' Flag but protected by HSTS
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 PCI v3.2-6.5.10 CAPEC-102 CWE-614 HIPAA-164.306(a) ISO27001-A.14.1.2 WASC-15 WSTG-​CONF-03
L
Low
Vulnerability Name
Session Fixation Attack
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 OWASP 2019-API2 OWASP PC-C6 CWE-384 WASC-37
H
High
Vulnerability Name
Session ID Leakage via Referer Header
Classification
OWASP 2017-A3 OWASP 2021-A1 PCI v4.0-6.5.11 OWASP PC-C8 CAPEC-127 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N WSTG-SESS-04
M
Medium
Vulnerability Name
Session ID in URL Parameters
Classification
OWASP 2017-A3 OWASP 2021-A1 PCI v4.0-6.5.10 OWASP PC-C6 CAPEC-25 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-13 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-SESS-04
M
Medium
Vulnerability Name
Shellshock Remote Code Execution
Classification
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-6.5.10 OWASP PC-C10 CAPEC-125 CWE-78 Subpart C, HIPAA-164.308(a)(1) ISO27001-A.14.2 WASC-31 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-12
H
High
Vulnerability Name
Silverlight Cross-Domain Misconfiguration
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.5 OWASP PC-C5 CAPEC-160 CWE-264 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.6.1 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-08
H
High
Vulnerability Name
Simple Employee Records System 1.0 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94, HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
C
Critical
Vulnerability Name
Site did not return a status code of 200
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-393 WASC-14 WSTG-IDNT-04
I
Info
Vulnerability Name
Smugmug Takeover Detection
Classification
WSTG-CONF-10
H
High
Vulnerability Name
SolarWinds Database Performance Analyzer 11.1. 457 - Cross-Site Scripting
Classification
CWE-79 CVE-2018-19386 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
SonarQube unauth
Classification
CWE-312 CWE-306 CVE-2020-27986 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
M
Medium
Vulnerability Name
Sonicwall SSL VPN ShellShock RCE
Classification
CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
C
Critical
Vulnerability Name
Source Code Exposure (CVE-2012-1823)
Classification
OWASP 2017-A9 OWASP 2021-A6 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-186 CWE-20 Subpart C, HIPAA-164.312(e)(2)(ii) ISO27001-A.14.1.3 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-06
H
High
Vulnerability Name
Source Code Exposure via File Inclusion
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.6 OWASP PC-C7 CAPEC-188 CWE-541 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.2.5 WASC-33 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-08
H
High
Vulnerability Name
Source code disclosure
Classification
OWASP 2013-A5 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API3 CAPEC-118 CWE-540 HIPAA-164.306(a) ISO27001-A.18.1.3 WASC-13
C
Critical
Vulnerability Name
Split ViewState Configuration
Classification
OWASP 2017-A6 OWASP 2021-A4 OWASP PC-C5 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L WSTG-INFO-03
L
Low
Vulnerability Name
Splunk Sensitive Information Disclosure
Classification
CWE-200 CVE-2018-11409 CVE-2018-11409
M
Medium
Vulnerability Name
Spring Actuator Endpoint Exposure
Classification
OWASP 2017-A5 OWASP 2021-A1 PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-186 CWE-215 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-CONF-05
M
Medium
Vulnerability Name
Spring Boot Actuators (Jolokia) XXE
Classification
OWASP 2013-A1 OWASP 2017-A4 PCI v3.2- OWASP PC-C3 CAPEC-376 CWE-611 HIPAA-611 ISO27001-A.14.2.5 WASC-43 WSTG-INPV-07
H
High
Vulnerability Name
Spring Boot H2 Database RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C1 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
C
Critical
Vulnerability Name
Spring Data Commons Unauthenticated RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-20 WSTG-INPV-11
C
Critical
Vulnerability Name
Spring Framework Vulnerability (Spring4Shell)
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C7 CAPEC-120 CWE-78 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-78 WSTG-NPV-12
H
High
Vulnerability Name
Stacked Queries SQL Injection (SQLi)
Classification
CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
C
Critical
Vulnerability Name
Stored cross site scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-592 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-08 WSTG-INPV-02
C
Critical
Vulnerability Name
Strikingly Takeover Detection
Classification
WSTG-CONF-10
H
High
Vulnerability Name
Sub resource Integrity (SRI) not implemented but all external scripts are loaded securely
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-345 WASC-15 WSTG-INFO-05
I
Info
Vulnerability Name
Subresource Integrity (SRI) implemented, but external scripts are loaded over http
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CAPEC-310 CWE-829 ISO27001-A.14.1.2 WSTG-INFO-05
I
Info
Vulnerability Name
Subresource Integrity (SRI) is not implemented, and external scripts are not loaded securely
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 PCI v3.2-11.5.1 OWASP PC-C1 CWE-1214 ISO27001-A.14.2.5 WASC-15
I
Info
Vulnerability Name
Subrion CMS SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05 CVE-2017-7615
H
High
Vulnerability Name
Suspicious Comments Leak
Classification
OWASP 2017-A3 OWASP 2021-A1 PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-202 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-05
L
Low
Vulnerability Name
Suspicious Comments in XML Leak via WebSocket
Classification
PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-202 CWE-200 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-07
L
Low
Vulnerability Name
Symantec SSL/TLS check
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C8 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
I
Info
Vulnerability Name
Symfony Database Configuration Exposure
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 PCI v3.2-6.5.8 CWE-284 ISO27001-A.18.1.3 WSTG-CONF-02
H
High
Vulnerability Name
Symfony Debug Mode
Classification
OWASP 2013-A5 OWASP 2017-A6 WASC-13 CWE-200
H
High
Vulnerability Name
Symfony Profiler information leakage
Classification
OWASP 2017-A3 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
M
Medium
Vulnerability Name
TLS Android compatibility
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
I
Info
Vulnerability Name
TLS Edge compatibility
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
I
Info
Vulnerability Name
TLS Firefox compatibility
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
I
Info
Vulnerability Name
TLS Internet Explorer compatibility
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
I
Info
Vulnerability Name
TLS OpenSSL compatibility
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
I
Info
Vulnerability Name
TLS Safari compatibility
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
I
Info
Vulnerability Name
TLS(Transport Layer Security) protocol version outdated
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP PC-C1 CAPEC-217 CWE-326 HIPAA-164.306 WSTG-CRYP-01
C
Critical
Vulnerability Name
Tabnabbing Attack
Classification
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-6.5.11 OWASP PC-C4 CAPEC-138 CWE-693 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.1 WASC-11 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N WSTG-ATHZ-06
M
Medium
Vulnerability Name
TerraMaster TOS v4.1.24 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
C
Critical
Vulnerability Name
Test For Checking File Uploads
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CAPEC-17 CWE-434 WASC-14 WSTG-BUSL-09
M
Medium
Vulnerability Name
Test For Checking Magic Quotes Gpc is On
Classification
OWASP 2013-A1 OWASP 2017-A1 WASC-13
M
Medium
Vulnerability Name
Test For Oracle Application Server
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C3 WASC-14
C
Critical
Vulnerability Name
The DROWN attack
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-310 WASC-14
C
Critical
Vulnerability Name
The Logjam common primes
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-757 ISO27001-A.14.1.2 WSTG-CRYP-01
I
Info
Vulnerability Name
The SWEET32 attack
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-326 ISO27001-A.14.1.3 WASC-04 WSTG-CRYP-01
H
High
Vulnerability Name
The unseen Drupal
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C1 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2
I
Info
Vulnerability Name
ThinkAdmin 6 - Arbitrarily File Read
Classification
CWE-22 CVE-2020-25540 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
M
Medium
Vulnerability Name
ThinkCMF-LFI vulnerability
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- HIPAA-22 ISO27001-A.14.2.5 WASC-33 WSTG-INPV-11
H
High
Vulnerability Name
ThinkPHP 5.0.22 RCE
Classification
OWASP 2013-A4 OWASP 2017-A5 OWASP 2021-A1 OWASP 2019-API8 OWASP PC-C2 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
C
Critical
Vulnerability Name
ThinkPHP 5.0.23 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 OWASP PC-C2 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
C
Critical
Vulnerability Name
ThinkPHP 5.0.9 Information Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API8 OWASP PC-C2 CWE-200 WSTG-CRYP-03
C
Critical
Vulnerability Name
Thinkcmf RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
C
Critical
Vulnerability Name
Tickets option leak uninitialised memory
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 OWASP PC-C1 CAPEC-310 CWE-829 ISO27001-A.14.1.2 WSTG-CRYP-01
L
Low
Vulnerability Name
TileServer GL Reflected XSS
Classification
CWE-79 CVE-2020-15500 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Time based blind SQL injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
C
Critical
Vulnerability Name
Time-Based NoSQL Injection (MongoDB)
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-210 CWE-943 Subpart C, HIPAA-164.306(a)(1) ISO27001-A.13.8.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHZ-04
H
High
Vulnerability Name
Timesheet 1.5.3 - Cross Site Scripting
Classification
CVE-2019-1010287 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
H
High
Vulnerability Name
Totaljs - Unauthenticated Directory Traversal
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C4 CAPEC-213 CWE-22 WASC-13 WSTG-ATHZ-01
H
High
Vulnerability Name
Tpshop Directory Traversal
Classification
OWASP 2013-A7 OWASP 2017-A5 CAPEC-213 CWE-22 WASC-33 WSTG-ATHZ-01
H
High
Vulnerability Name
Trace.axd Information Disclosure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 CAPEC-186 CWE-215 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 WSTG-CONF-05
M
Medium
Vulnerability Name
Transport Layer Security
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C1 PCI v3.2- CAPEC-217 CWE-311 HIPAA-311 ISO27001-A.14.1.3 WASC-4 WSTG-CRYP-01
M
Medium
Vulnerability Name
Trend Micro Threat Discovery Appliance Auth Bypass via Directory Traversal
Classification
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 CWE-22 WASC-33 WSTG-ATHZ-01
C
Critical
Vulnerability Name
Triconsole 3.75 XSS
Classification
CWE-79 CVE-2021-27330 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Twig PHP less than 2.4.4 template engine - SSTI
Classification
H
High
Vulnerability Name
US Social Security Number disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API3 PCI v3.2-6.5.5 OWASP PC-C8 CAPEC-37 CWE-200 WASC-13 WSTG-CRYP-03
C
Critical
Vulnerability Name
Ultimate PHP Board Data Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP PC-C8 CAPEC-37 CWE-200 WASC-13 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
M
Medium
Vulnerability Name
Unauthenticated Cisco Small Business WAN VPN Routers Sensitive Info Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200 WSTG-CRYP-03 CVE-2019-1653
H
High
Vulnerability Name
Unauthenticated Jenkin Dashboard
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08 CVE-2020-9047 CWE-94
H
High
Vulnerability Name
Unauthenticated Multiple D-Link Routers RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CAPEC-88 CWE-78 WASC- 31 WSTG-INPV-08
C
Critical
Vulnerability Name
Unauthenticated Oracle WebLogic Server RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-502 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
C
Critical
Vulnerability Name
Unauthenticated RCE at Mida eFramework on ‘PDC/ajaxreq.php’
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-78 ISO 27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
C
Critical
Vulnerability Name
Unhandled error in web application
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-209 WASC-13 WSTG-ERRH-01
M
Medium
Vulnerability Name
Union Query SQL Injection (SQLi)
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
C
Critical
Vulnerability Name
Unix Timestamp Exposure
Classification
OWASP 2017-A3 OWASP 2021-A1 PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-168 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-04
L
Low
Vulnerability Name
Unrestricted File Upload Vulnerability
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-125 CWE-434 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H WSTG-INFO-06
M
Medium
Vulnerability Name
Unsafe HTTP Method
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-94 CWE-200 Subpart C, HIPAA-164.312(e)(1) ISO27001-A.13.8.5 WASC-45 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L WSTG-CONF-06
M
Medium
Vulnerability Name
Unsafe preg_replace usage
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-661 WASC-13
M
Medium
Vulnerability Name
Unsecured HTTPS cookies
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 PCI v3.2-6.5.10 CWE-311 WASC-13 WSTG-SESS-02
M
Medium
Vulnerability Name
Unsecured ViewState (Confirmed MAC Signature Absence)
Classification
OWASP 2017-A6 OWASP 2021-A4 PCI v4.0-6.5.13 OWASP PC-C4 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INFO-03
H
High
Vulnerability Name
Unsecured ViewState (Possible MAC Signature Absence)
Classification
OWASP 2017-A6 OWASP 2021-A4 OWASP PC-C4 CAPEC-99 CWE-642 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-14 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L WSTG-\INFO-03
H
High
Vulnerability Name
Unvalidated Document Object Model redirection
Classification
OWASP 2013-A10 OWASP 2017-A6 OWASP 2021-A5 OWASP PC-C1 CWE-601 WASC-38
H
High
Vulnerability Name
Unvalidated Redirects and Forwards
Classification
OWASP 2013-A10 OWASP 2017-A6 CWE-601 ISO27001-A.14.2.5 WASC-38
C
Critical
Vulnerability Name
Upload Temp Directory is Everyone
Classification
OWASP 2013-A1 OWASP 2017-A1
H
High
Vulnerability Name
Use of Vulnerable JavaScript Functions
Classification
OWASP 2017-A7 OWASP 2021-A4 PCI v4.0-6.5.1 OWASP PC-C5 CAPEC-138 CWE-749 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.1 WASC-2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N WSTG-CLNT-02
L
Low
Vulnerability Name
User Agent Header Fuzzing
Classification
PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-94 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L WSTG-INFO-07
L
Low
Vulnerability Name
User enumeration via an incorrect authorisation in Jira
Classification
CWE-863 CVE-2019-3403 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
M
Medium
Vulnerability Name
User enumeration via insecure Jira endpoint
Classification
CWE-200 CVE-2020-14181 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
M
Medium
Vulnerability Name
User information disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP 2019-API3 PCI v3.2-6.5.5 OWASP PC-C8 CAPEC-37 CWE-200 WASC-13 WSTG-CRYP-03
M
Medium
Vulnerability Name
User-Controlled HTML Attribute (XSS Risk)
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.12 OWASP PC-C5 CAPEC-94 CWE-20 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.13.8.1 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHZ-07
L
Low
Vulnerability Name
Username Hash Detected
Classification
OWASP 2017-A5 OWASP 2021-A1 PCI v4.0-2.3 OWASP PC-C8 CAPEC-118 CWE-284 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.9.1.2 WASC-2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-ATHZ-04
L
Low
Vulnerability Name
Username Hash Leak via WebSocket
Classification
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-202 CWE-284 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-07
L
Low
Vulnerability Name
VBulletin Pre-Auth RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-74 ISO 27001-A.14.2.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
C
Critical
Vulnerability Name
VBulletin SQLI
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-94 ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H WSTG-INPV-05
C
Critical
Vulnerability Name
VMware View Planner Unauthenticated RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
C
Critical
Vulnerability Name
VMware vCenter Unauthenticated Arbitrary File Read
Classification
H
High
Vulnerability Name
VMware vCenter Unauthenticated RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-08
C
Critical
Vulnerability Name
VRealize Operations Manager API SSRF
Classification
OWASP 2013-A6 OWASP 2017-A5 OWASP 2021-A10 PCI v3.2-6.5.1 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INPV-19
C
Critical
Vulnerability Name
Vehicle Parking Management System 1.0 - Authentication Bypass
Classification
CVE-2020-23936
H
High
Vulnerability Name
Vignette Content Management Vulnerabilty
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 WASC-45
L
Low
Vulnerability Name
Vmware Vcenter LFI for Linux appliances
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08 CWE-94
H
High
Vulnerability Name
WSDL Exposure
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-161 CWE-548 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N WSTG-INFO-06
H
High
Vulnerability Name
WSO2 Carbon Management Console - XSS
Classification
CWE-79 CVE-2020-17453 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
Wavemaker Studio 6.6 LFI/SSRF
Classification
CVE-2019-8982 CWE-918
H
High
Vulnerability Name
Web Cache Poisoning
Classification
OWASP 2017-A6 OWASP 2021-A5 PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-314 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-ATHN-06
M
Medium
Vulnerability Name
WebDAV 'ScStoragePathFromUrl' Remote Buffer Overflow
Classification
CAPEC-100 CWE-119 WASC-07 WSTG-INPV-13
C
Critical
Vulnerability Name
WebDAV detection
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-16 ISO27001-A.9.4.4 WASC-15
I
Info
Vulnerability Name
WebPort 1.19.1 - Reflected Cross-Site Scripting
Classification
CWE-79 CVE-2019-12461 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
M
Medium
Vulnerability Name
WebSocket Debug Message Leak
Classification
PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-202 CWE-200 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-07
L
Low
Vulnerability Name
WebSocket Error Information Leak
Classification
PCI v4.0-6.5.4 OWASP PC-C9 CAPEC-218 CWE-209 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 WASC-13 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-INFO-07
M
Medium
Vulnerability Name
WebSocket via Private IP Leak
Classification
PCI v4.0-6.5.4 OWASP PC-C8 CAPEC-202 CWE-200 Subpart C, HIPAA-164.312(c)(1) ISO27001-A.14.1.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WSTG-INFO-07
L
Low
Vulnerability Name
Webflow subdomain takeover detection
Classification
WSTG-CONF-10
H
High
Vulnerability Name
Weblogic SSRF in SearchPublicRegistries.jsp
Classification
CWE-918 CVE-2014-4210
M
Medium
Vulnerability Name
Webmin less than or equal to 1.920 Unauthenticated Remote Command Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C5 CAPEC-88 CWE-78 HIPAA-78 ISO 27001-A.14.2.5 WASC-31 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11
H
High
Vulnerability Name
Website contains Mercurial metadata directory
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-1230 WASC-13 WSTG-INFO-05
C
Critical
Vulnerability Name
Website contains SVN metadata directory
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 WSTG-INFO-05
C
Critical
Vulnerability Name
Website contains git metadata directory
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 WSTG-INFO-05
C
Critical
Vulnerability Name
WeiPHP 5.0 Path Traversal
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C2 CWE-22 WASC-33 WSTG-ATHZ-01
C
Critical
Vulnerability Name
What is HTTP Response Header Injection?
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 CAPEC-105 CWE-93 HIPAA-164.306(a) ISO27001-A.14.2.5 WASC-24 WSTG-INFO-08
M
Medium
Vulnerability Name
What is Shellshock vulnerability?
Classification
OWASP 2013-A1 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.1 CAPEC-88 CWE-78 HIPAA-164.306(a) ISO27001-A.14.2.5 WASC-31
C
Critical
Vulnerability Name
WordPress Authenticated JavaScript File Upload
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.1 CWE-434 WSTG-INFO-08
H
High
Vulnerability Name
WordPress Authenticated SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
C
Critical
Vulnerability Name
WordPress Authentication Bypass
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 OWASP PC-C7 CAPEC-115 CWE-287 WASC-01 WSTG-ATHN-04
C
Critical
Vulnerability Name
WordPress Cross-Site Scripting
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-08 WSTG-INPV-01
C
Critical
Vulnerability Name
WordPress Default localhost vulnerability
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 WSTG-INFO-08 CWE-601
C
Critical
Vulnerability Name
WordPress Directory traversal
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CAPEC-213 CWE-22 WASC-33 WSTG-ATHZ-01
C
Critical
Vulnerability Name
WordPress Escape Version in Generator Tag
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-79 WSTG-INFO-08
C
Critical
Vulnerability Name
WordPress Filesystem Credentials Dialog CSRF
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-352 WASC-09 HIPAA-164.306(a) WSTG-SESS-05
H
High
Vulnerability Name
WordPress HTML Language Attribute Escaping
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-79 WSTG-INFO-08
C
Critical
Vulnerability Name
WordPress Host header attack
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 WASC-24 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N WSTG-INPV-17
M
Medium
Vulnerability Name
WordPress Improper handling of post metadata check
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 OWASP PC-C1 CAPEC-310 CWE-352 ISO27001-A.14.1.2 WASC-15 WSTG-INFO-03
H
High
Vulnerability Name
WordPress Insufficient redirect validation
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 WSTG-CLNT-04 WASC-38 CWE-918
M
Medium
Vulnerability Name
WordPress Key Weak Hashing
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 WSTG-CRYP-04 WASC-04 CWE-330
C
Critical
Vulnerability Name
WordPress MediaElement Cross-Site Scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-8
C
Critical
Vulnerability Name
WordPress Multiple Themes Privilege Escalation
Classification
OWASP 2013-A7 OWASP 2017-A5 OWASP 2021-A1 OWASP PC-C6 WASC-17 WSTG-ATHZ-03 CAPEC-233 CWE-250
C
Critical
Vulnerability Name
WordPress Open Redirect
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-601 WASC-38 WSTG-CLNT-04
C
Critical
Vulnerability Name
WordPress PHP Object Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C3 WSTG-INPV-05
H
High
Vulnerability Name
WordPress Plugin Reflected Cross Site Scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 OWASP PC-C4 CAPEC-591 CWE-79 WASC-08 WSTG-INPV-01
C
Critical
Vulnerability Name
WordPress Plugin VideoJS and Cross Site Scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 OWASP PC-C4 CWE-79 WASC-08
C
Critical
Vulnerability Name
WordPress Plugin Vulnerabilities
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C2 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2 WSTG-INFO-09
I
Info
Vulnerability Name
WordPress RSS and Atom Feed Escaping
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 CWE-79 WASC-08
C
Critical
Vulnerability Name
WordPress Reflected Cross-Site Scripting
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-591 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-08 WSTG-INPV-01
H
High
Vulnerability Name
WordPress Refraction Theme Multiple Vulnerabilities
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6
C
Critical
Vulnerability Name
WordPress SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
C
Critical
Vulnerability Name
WordPress Server Side Request Forgery (SSRF)
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A10 CWE-918 ISO27001-A.14.2.5 WASC-20 WSTG-INPV-19
C
Critical
Vulnerability Name
WordPress Slider Revolution Local File Disclosure
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.8 CAPEC-87 CWE-22 ISO27001-A.14.2.5 WASC-33
C
Critical
Vulnerability Name
WordPress Slider Revolution Shell Upload
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-434 WASC-31
C
Critical
Vulnerability Name
WordPress Stored Cross-Site Scripting (XSS)
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 ISO27001-A.14.2.5 WASC-08 WSTG-INPV-02
H
High
Vulnerability Name
WordPress Theme 'Elegant' Privilege Escalation
Classification
OWASP 2013-A7 OWASP 2017-A5 OWASP 2017-A5 OWASP PC-C7 CWE-250 WASC-17 WSTG-ATHZ-03
C
Critical
Vulnerability Name
WordPress Themes
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C2 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2 WSTG-INFO-09
I
Info
Vulnerability Name
WordPress Themes Information Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 OWASP PC-C8 CAPEC-37 CWE-200 WASC-13
C
Critical
Vulnerability Name
WordPress Versions
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C2 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 WSTG-INFO-09 ISO27001-A.14.1.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
I
Info
Vulnerability Name
WordPress VideoJS plugins Cross-site Scripting (XSS)
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP 2021-A3 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-19 CWE-79 ISO27001-A.14.2.5 WASC-08 WSTG-INPV-05
C
Critical
Vulnerability Name
WordPress WPDB SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 WASC-19
C
Critical
Vulnerability Name
WordPress arbitrary file upload
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 CWE-434 WSTG-CONF-03
C
Critical
Vulnerability Name
WordPress blind SQL injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-88 CWE-89 ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05
H
High
Vulnerability Name
WordPress unpatched Denial Of Service (DoS)
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C10 CAPEC-469 CWE-400 WASC-10
C
Critical
Vulnerability Name
WordPress unsafe redirect for login
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-601 WASC-38
C
Critical
Vulnerability Name
WordPress user enumeration
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP PC-C1 CAPEC-310 CWE-200 ISO27001-A.14.1.2 WASC-15 WSTG-INFO-09
I
Info
Vulnerability Name
Wordpress Themes Email Spoofing
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-151 WASC-12
C
Critical
Vulnerability Name
X-Content-Type-Options header cannot be recognized
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-16
I
Info
Vulnerability Name
X-Content-Type-Options header not implemented
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-​CONF-03
I
Info
Vulnerability Name
X-Frame options header not implemented
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CAPEC-103 CWE-693 ISO27001-A.14.2.5 WASC-14 WSTG-CLNT-09
M
Medium
Vulnerability Name
X-XSS-Protection Not Implemented
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-15
L
Low
Vulnerability Name
X-XSS-Protection header invalid
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-16 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-15
I
Info
Vulnerability Name
X-XSS-protection header disabled
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CWE-16 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-15
L
Low
Vulnerability Name
X-frames options header cannot be recognized
Classification
OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 OWASP PC-C1 CAPEC-103 CWE-693 ISO27001-A.14.2.5 WASC-14 WSTG-CLNT-09
M
Medium
Vulnerability Name
XML Entity Expansion Attack
Classification
OWASP 2017-A4 OWASP 2021-A4 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-121 CWE-776 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-44 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H WSTG-BUSL-09
M
Medium
Vulnerability Name
XML external entity injection
Classification
OWASP 2013-A1 OWASP 2017-A4 OWASP 2021-A5 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-376 CWE-611 ISO27001-A.14.2.5 WASC-43 WSTG-INPV-07
M
Medium
Vulnerability Name
XML-RPC (Remote Procedure Call)
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 CWE-307 WASC-11
C
Critical
Vulnerability Name
XPath Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 CAPEC-83 CWE-643 WASC-39 WSTG-INPV-09
C
Critical
Vulnerability Name
XPath Injection Attack
Classification
OWASP 2017-A1 OWASP 2021-A3 OWASP PC-C5 CAPEC-126 CWE-643 Subpart C, HIPAA-164.306(a)(1) ISO27001-A.13.8.5 WASC-39 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-09
H
High
Vulnerability Name
XSLT Injection Attack
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-126 CWE-91 Subpart C,HIPAA-164.312(c)(1) ISO27001-A.13.8.5 WASC-23 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INFO-09
M
Medium
Vulnerability Name
XSS in Fortigates SSL VPN login page
Classification
CVE-2015-1880 CWE-79
M
Medium
Vulnerability Name
XSS via User Controllable JavaScript Event
Classification
OWASP 2017-A1 OWASP 2021-A3 PCI v4.0-6.5.12 OWASP PC-C5 CAPEC-86 CWE-20 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.14.2.5 WASC-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
L
Low
Vulnerability Name
XXE Vulnerability
Classification
OWASP 2017-A4 OWASP 2021-A3 PCI v4.0-6.5.4 OWASP PC-C5 CAPEC-90 CWE-611 Subpart C, HIPAA-164.312(a)(1) ISO27001-A.13.8.5 WASC-43 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H WSTG-INPV-07
H
High
Vulnerability Name
XdCMS SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05
H
High
Vulnerability Name
Yachtcontrol Web application 1.0 - Unauthenticated RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08 CVE-2019-17270 CWE-78
H
High
Vulnerability Name
YouPHPTube Encoder RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CWE-78 CVSS:AV:N/AC:L/Au:N/C:P/I:P/A:P WSTG-INPV-08
C
Critical
Vulnerability Name
ZZZCMS 1.6.1 RCE
Classification
CVE-2019-9041 CWE-94
H
High
Vulnerability Name
Zabbix Authentication Bypass
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 CWE-639 WSTG-SESS-08
C
Critical
Vulnerability Name
Zenphoto Installation Sensitive Information
Classification
CWE-200
M
Medium
Vulnerability Name
Zeroshell 3.9.0 Remote Command Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C2 CAPEC-242 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
C
Critical
Vulnerability Name
Zimbra Collaboration XXE
Classification
OWASP 2013-A1 OWASP 2017-A4 OWASP 2021-A5 OWASP 2019-API8 OWASP PC-C3 CAPEC-376 CWE-611 ISO27001-A.14.2.5 WASC-43 WSTG-INPV-07
C
Critical
Vulnerability Name
atlassian confluence path traversal
Classification
CVE-2019-3396
H
High
Vulnerability Name
docker-compose.yml exposure
Classification
OWASP 2017-A5 OWASP 2017-A6 CWE-16 CWE-200 CVSS-4.6
M
Medium
Vulnerability Name
elmah.axd Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A5 OWASP 2019-API7
M
Medium
Vulnerability Name
etcd Unauthenticated HTTP API Leak
Classification
H
High
Vulnerability Name
oday RCE in vBulletin v5.0.0-v5.5.4 fix bypass
Classification
CVE-2019-16759
H
High
Vulnerability Name
phpMyAdmin setup page
Classification
CWE-16
M
Medium
Vulnerability Name
rConfig 3.9.5 - Remote Code Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08 CVE-2019-16662
H
High
Vulnerability Name
simplebooklet takeover detection
Classification
WSTG-CONF-10
H
High
Vulnerability Name
trixbox 2.8.0 - directory-traversal
Classification
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2017-14537 CWE-22
M
Medium
Vulnerability Name
worksites takeover detection
Classification
WSTG-CONF-10
H
High
Experience the power of automated penetration testing & contextual reporting.