Web Application Vulnerabilities Index

This page lists vulnerabilities categorized as High severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Vulnerability Name
Classification
Severity
Apache OFBiz Log4Shell RCE
Apache OFBiz Log4Shell RCE
CWE-CWE-78
, 
High
Apache OFBiz SOAPService Deserialization RCE
Apache OFBiz SOAPService Deserialization RCE
AV:N/AC:M/Au:N/C:C/I:C/A:C
, 
CWE-CWE-502
, 
High
Apache OFBiz SSRF (CVE-2023-50968)
Apache OFBiz SSRF (CVE-2023-50968)
CWE-CWE-918
, 
High
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)
AV:N/AC:M/Au:N/C:N/I:P/A:N
, 
CWE-CWE-502
, 
High
Arbitrary File Creation Detected
Arbitrary File Creation Detected
CWE-20
, 
OWASP 2017-A5
, 
High
Arbitrary File Deletion Detected
Arbitrary File Deletion Detected
CWE-20
, 
OWASP 2017-A5
, 
High
ASP.NET Tracing Is Enabled
ASP.NET Tracing Is Enabled
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
, 
CWE-11
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
High
Authentication Bypass in Fortra's GoAnywhere MFT (CVE-2024-0204)
Authentication Bypass in Fortra's GoAnywhere MFT (CVE-2024-0204)
CAPEC-114
, 
115
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
, 
CWE-425
, 
HIPAA-164.306(a)
, 
ISO27001-A.13.1.1
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.5.1
, 
WASC-1
, 
High
Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)
Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)
CAPEC-114
, 
115
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
, 
CWE-287
, 
HIPAA-164.306(a)
, 
ISO27001-A.13.1.1
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.5.1
, 
WASC-1
, 
High
Backup Source Code Detected
Backup Source Code Detected
CAPEC-87
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-530
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-34
, 
High
Basic Authorization over HTTP
Basic Authorization over HTTP
CAPEC-65
, 
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-319
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
High
Blind Cross-site Scripting
Blind Cross-site Scripting
CAPEC-19
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-79
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A3
, 
OWASP 2017-A7
, 
PCI v3.2-6.5.7
, 
WASC-8
, 
High
Blind MongoDB Injection
Blind MongoDB Injection
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-943
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
High
Boolean Based MongoDB Injection
Boolean Based MongoDB Injection
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
, 
CWE-943
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
High
Certificate is Signed Using a Weak Signature Algorithm
Certificate is Signed Using a Weak Signature Algorithm
CAPEC-459
, 
ISO27001-A.10
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
High
Cross-site Scripting
Cross-site Scripting
CAPEC-19
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
, 
CWE-79
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A3
, 
OWASP 2017-A7
, 
PCI v3.2-6.5.7
, 
WASC-8
, 
High
Cross-site Scripting (DOM based)
Cross-site Scripting (DOM based)
CAPEC-19
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
, 
CWE-79
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A3
, 
OWASP 2017-A7
, 
PCI v3.2-6.5.7
, 
WASC-8
, 
High
Cross-site Scripting via File Upload
Cross-site Scripting via File Upload
CAPEC-19
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-79
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A3
, 
OWASP 2017-A7
, 
PCI v3.2-6.5.7
, 
WASC-8
, 
High
Cross-site Scripting via Remote File Inclusion
Cross-site Scripting via Remote File Inclusion
CAPEC-19
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-79
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A3
, 
OWASP 2017-A7
, 
PCI v3.2-6.5.7
, 
WASC-8
, 
High
Database User Has Admin Privileges
Database User Has Admin Privileges
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
CWE-267
, 
ISO27001-A.9.2.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.6
, 
WASC-14
, 
High
Elmah.axd / Errorlog.axd Detected
Elmah.axd / Errorlog.axd Detected
CAPEC-347
, 
CWE-16
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.6
, 
WASC-15
, 
High
Error-Based MongoDB Injection
Error-Based MongoDB Injection
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
, 
CWE-943
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
High
Expression Language Injection
Expression Language Injection
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-20
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
High
F5 Big-IP Local File Inclusion (CVE-2020-5902)
F5 Big-IP Local File Inclusion (CVE-2020-5902)
CAPEC-252
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-22
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A4
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-33
, 
High
Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)
Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
, 
CWE-22
, 
High
Grafana Open Redirect (CVE-2025-4123)
Grafana Open Redirect (CVE-2025-4123)
CWE-CWE-601
, 
High
Insecure Transportation Security Protocol Supported (SSLv2)
Insecure Transportation Security Protocol Supported (SSLv2)
CAPEC-217
, 
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
, 
CWE-326
, 
HIPAA-164.306
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
High
Insecure Transportation Security Protocol Supported (SSLv3)
Insecure Transportation Security Protocol Supported (SSLv3)
CAPEC-217
, 
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
, 
CWE-326
, 
HIPAA-164.306
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
High
Insecure Transportation Security Protocol Supported (TLS 1.0)
Insecure Transportation Security Protocol Supported (TLS 1.0)
CAPEC-217
, 
CWE-326
, 
HIPAA-164.306
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
High
JBoss Web Console JMX Invoker
JBoss Web Console JMX Invoker
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
, 
CWE-200
, 
High
JWT Forgery via Chaining Jku Parameter with Open Redirect
JWT Forgery via Chaining Jku Parameter with Open Redirect
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
, 
CWE-347
, 
OWASP 2017-A2
, 
High
JWT Forgery via Path Traversal
JWT Forgery via Path Traversal
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
, 
CWE-22
, 
OWASP 2017-A1
, 
High
JWT Forgery via SQL Injection
JWT Forgery via SQL Injection
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
CWE-89
, 
OWASP 2017-A1
, 
High
JWT Forgery via unvalidated jku parameter
JWT Forgery via unvalidated jku parameter
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
, 
CWE-639
, 
OWASP 2017-A1
, 
High
JWT Signature Bypass via None Algorithm
JWT Signature Bypass via None Algorithm
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
, 
CWE-287
, 
OWASP 2017-A2
, 
High
JWT Signature is not Verified
JWT Signature is not Verified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
, 
CWE-287
, 
OWASP 2017-A2
, 
High
Local File Inclusion
Local File Inclusion
CAPEC-252
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-22
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A4
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-33
, 
High
Local File Inclusion (IAST)
Local File Inclusion (IAST)
CAPEC-252
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-22
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A4
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-33
, 
High
MongoDB Operator Injection
MongoDB Operator Injection
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
, 
CWE-943
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
High
No SAML Response Signature Check
No SAML Response Signature Check
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
, 
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
High
Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587)
Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587)
CWE-CWE-502
, 
High
Oracle WebLogic Authentication Bypass (CVE-2020-14883)
Oracle WebLogic Authentication Bypass (CVE-2020-14883)
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
, 
CWE-288
, 
OWASP 2013-A2
, 
OWASP 2017-A2
, 
High
Out of Band SAML Consumer Service XML Entity Injection
Out of Band SAML Consumer Service XML Entity Injection
CAPEC-376
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H
, 
CWE-611
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A4
, 
PCI v3.2-6.5.1
, 
WASC-43
, 
High
Out of Band SAML Consumer Service XSLT Injection
Out of Band SAML Consumer Service XSLT Injection
CAPEC-376
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H
, 
CWE-611
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A4
, 
PCI v3.2-6.5.1
, 
WASC-43
, 
High
Out of Band XML External Entity Injection
Out of Band XML External Entity Injection
CAPEC-376
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H
, 
CWE-611
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A4
, 
PCI v3.2-6.5.1
, 
WASC-43
, 
High
Out-of-date Version (HSQLDB)
Out-of-date Version (HSQLDB)
CAPEC-310
, 
CWE-1035
, 
937
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
High
Out-of-date Version (Microsoft SQL Server)
Out-of-date Version (Microsoft SQL Server)
CAPEC-310
, 
CWE-1035
, 
937
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
High
Out-of-date Version (MongoDb)
Out-of-date Version (MongoDb)
CAPEC-310
, 
CWE-1035
, 
937
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
High
Out-of-date Version (MySQL)
Out-of-date Version (MySQL)
CAPEC-310
, 
CWE-1035
, 
937
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
High
Out-of-date Version (Oracle)
Out-of-date Version (Oracle)
CAPEC-310
, 
CWE-1035
, 
937
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
High
Out-of-date Version (PostgreSQL)
Out-of-date Version (PostgreSQL)
CAPEC-310
, 
CWE-1035
, 
937
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
High
Out-of-date Version (SQLite)
Out-of-date Version (SQLite)
CAPEC-310
, 
CWE-1035
, 
937
, 
HIPAA-164.308(a)(1)(i)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
PCI v3.2-6.2
, 
High
Password Transmitted over HTTP
Password Transmitted over HTTP
CAPEC-65
, 
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
, 
CWE-319
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
High
Polyfill.io Supply Chain Attack
Polyfill.io Supply Chain Attack
No items found.
High
ROBOT Attack Detected (Strong Oracle)
ROBOT Attack Detected (Strong Oracle)
CAPEC-217
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
High
ROBOT Attack Detected (Weak Oracle)
ROBOT Attack Detected (Weak Oracle)
CAPEC-217
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
High
Ruby on Rails File Content Disclosure (CVE-2019-5418)
Ruby on Rails File Content Disclosure (CVE-2019-5418)
CAPEC-252
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-98
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A4
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-33
, 
High
SAML Response Signature Exclusion
SAML Response Signature Exclusion
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
, 
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
High
SAML Response Without Signature
SAML Response Without Signature
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
, 
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
High
Server-Side Request Forgery (Apache Server Status)
Server-Side Request Forgery (Apache Server Status)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
High
Server-Side Request Forgery (AWS)
Server-Side Request Forgery (AWS)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A5
, 
High
Server-Side Request Forgery (elmah)
Server-Side Request Forgery (elmah)
CAPEC-347
, 
CWE-918
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.6
, 
WASC-15
, 
High
Server-Side Request Forgery (elmah MVC)
Server-Side Request Forgery (elmah MVC)
CAPEC-347
, 
CWE-918
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.6
, 
WASC-15
, 
High
Server-Side Request Forgery (MySQL)
Server-Side Request Forgery (MySQL)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
High
Server-Side Request Forgery (SSH)
Server-Side Request Forgery (SSH)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
High
Server-Side Template Injection (IAST)
Server-Side Template Injection (IAST)
CAPEC-66
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
CWE-20
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-19
, 
High
SimpleHelp Path Traversal (CVE-2024-57727)
SimpleHelp Path Traversal (CVE-2024-57727)
CWE-CWE-22
, 
High
Sitecore Arbitrary File Read (CVE-2024-46938)
Sitecore Arbitrary File Read (CVE-2024-46938)
CWE-CWE-200
, 
High
Stored Cross-site Scripting
Stored Cross-site Scripting
CAPEC-19
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-79
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A3
, 
OWASP 2017-A7
, 
PCI v3.2-6.5.7
, 
WASC-8
, 
High
SVN Detected
SVN Detected
CAPEC-118
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-527
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
High
TorchServe Management API Publicly Exposed
TorchServe Management API Publicly Exposed
CAPEC-212
, 
CWE-200
, 
HIPAA-164.312(a)(1)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.8
, 
WASC-14
, 
High
Trace.axd Detected
Trace.axd Detected
CAPEC-347
, 
CWE-16
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.6
, 
WASC-15
, 
High
Unrestricted File Upload
Unrestricted File Upload
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
, 
CWE-434
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
High
Vite Arbitrary File Read (CVE-2025-30208, CVE-2025-31125)
Vite Arbitrary File Read (CVE-2025-30208, CVE-2025-31125)
CWE-CWE-200
, 
High