Configuration

This page lists 401 vulnerabilities in this category.

Critical: 4 High: 128 Medium: 174 Low: 50 Information: 45

Vulnerability Name

CVE

CWE

Severity

ASP.NET ViewState Weak Validation Key

-

CWE-321

Critical

Kentico Staging API Authentication Bypass

-

CWE-287

Critical

Unrestricted access to Apache HugeGraph

-

CWE-200

Critical

Lucee Unset Admin Password

-

CWE-200

Critical

Trace.axd Detected

-

CWE-215

High

Insecure Transportation Security Protocol Supported (TLS 1.0)

-

CWE-326

High

XML entity injection

-

CWE-611

High

XML external entity injection and XML injection

-

CWE-611

High

XML external entity injection

-

CWE-611

High

XML External Entity Injection via external file

-

CWE-611

High

XML external entity injection via File Upload

-

CWE-611

High

XML external entity injection (variant)

-

CWE-611

High

Elmah.axd / Errorlog.axd Detected

-

CWE-209

High

Nginx PHP code execution via FastCGI

-

CWE-94

High

Web Cache Poisoning

-

CWE-44

High

Joomla! Core Security Bypass

CVE-2017-11364

CWE-264

High

Atlassian Jira insecure REST permissions

-

-

High

Apache solr service exposed

-

CWE-200

High

Adobe Experience Manager Misconfiguration

CVE-2016-0957

CWE-693

High

CouchDB REST API publicly accessible

-

CWE-285

High

Hadoop YARN ResourceManager publicly accessible

-

CWE-200

High

Jupyter Notebook publicly accessible

-

CWE-78

High

OSGi Management Console Default Credentials

-

CWE-521

High

Xdebug remote code execution via xdebug.remote_connect_back

-

CWE-200

High

Padding oracle attack

-

CWE-209

High

JBoss JMX Console Unrestricted Access

-

CWE-200

High

Unprotected phpMyAdmin interface

-

CWE-205

High

CodeIgniter weak encryption key

-

CWE-200

High

RoR Database Configuration File Detected

-

CWE-538

High

Insecure Transportation Security Protocol Supported (SSLv2)

-

CWE-326

High

Insecure Transportation Security Protocol Supported (SSLv3)

-

CWE-326

High

Reachable SharePoint interface

-

CWE-200

High

SharePoint user enumeration

-

CWE-200

High

Struts 2 development mode

-

CWE-489

High

Elasticsearch service accessible

-

CWE-200

High

Roundcube security updates 0.8.6 and 0.7.3

CVE-2013-1904

CWE-22

High

Ruby on Rails weak/known secret token

CVE-2013-0156

CWE-200

High

JBoss Web Console JMX Invoker

-

CWE-200

High

Apache Geronimo default administrative credentials

-

CWE-693

High

Apache Tomcat insecure default administrative password

CVE-2009-3548

CWE-284

High

JBoss BSHDeployer MBean

-

CWE-200

High

JBoss HttpAdaptor JMXInvokerServlet

-

CWE-94

High

JBoss JMX management console

-

CWE-200

High

JBoss ServerInfo MBean

CVE-2010-0738

CWE-200

High

JBoss Server MBean

-

CWE-200

High

JWT Signature Bypass via None Algorithm

-

CWE-345

High

BottlePy weak secret key

-

CWE-693

High

Ruby framework weak secret key

-

CWE-693

High

Weak Secret is Used to Sign JWT

-

CWE-345

High

Jenkins Git Plugin missing permission check (CVE-2022-36883)

CVE-2022-36883

CWE-862

High

Web Cache Poisoning through HTTP/2 pseudo-headers

-

CWE-44

High

Unrestricted access to Kong Gateway API

-

CWE-200

High

Node.js Debugger Unauthorized Access Vulnerability

-

CWE-200

High

Node.js Inspector Unauthorized Access Vulnerability

-

CWE-200

High

Python Debugger Unauthorized Access Vulnerability

-

CWE-200

High

qdPM Information Disclosure

-

CWE-260

High

Virtual Host locations misconfiguration

-

CWE-200

High

ASP.NET connection strings stored in plaintext

-

CWE-16

High

Pentaho API Auth bypass (CVE-2021-31602)

CVE-2021-31602

CWE-863

High

Delve Debugger Unauthorized Access Vulnerability

-

CWE-200

High

Struts2 Development Mode Enabled

-

CWE-16

High

Weak WordPress security key

-

CWE-16

High

Consul API publicly exposed

-

CWE-200

High

TorchServe Management API publicly exposed

CVE-2023-43654

CWE-200

High

Case-Insensitive Routing Bypass in Express.js Application

-

CWE-287

High

Web Cache Deception

-

-

High

Harbor Unauthorized Access Vulnerability

CVE-2022-46463

CWE-200

High

JWT Signature is not Verified

-

CWE-287

High

Unrestricted access to Haproxy Data Plane API

-

CWE-200

High

Unrestricted access to Caddy API interface

-

CWE-200

High

Oracle PeopleSoft SSO weak secret key

-

CWE-693

High

Docker Registry API is accessible without authentication

-

CWE-287

High

MediaWiki remote code execution

CVE-2014-1610

CWE-20

High

SAP Management Console list logfiles

-

CWE-200

High

SAP Management Console get user list

-

CWE-200

High

1
2
3
4
...
6
»