Web Application Vulnerabilities Index
Select Category
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)
ASP.NET Tracing Is Enabled
Authentication Bypass in Fortra's GoAnywhere MFT (CVE-2024-0204)
Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)
Backup Source Code Detected
Basic Authorization over HTTP
Blind Cross-site Scripting
Blind MongoDB Injection
Boolean Based MongoDB Injection
Certificate is Signed Using a Weak Signature Algorithm
Cross-site Scripting
Cross-site Scripting (DOM based)
Cross-site Scripting via File Upload
Cross-site Scripting via Remote File Inclusion
Database User Has Admin Privileges
Elmah.axd / Errorlog.axd Detected
Error-Based MongoDB Injection
Expression Language Injection
F5 Big-IP Local File Inclusion (CVE-2020-5902)
Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)
Insecure Transportation Security Protocol Supported (SSLv2)
Insecure Transportation Security Protocol Supported (SSLv3)
Insecure Transportation Security Protocol Supported (TLS 1.0)
JWT Forgery via Chaining Jku Parameter with Open Redirect
JWT Forgery via Path Traversal
JWT Forgery via SQL Injection
JWT Forgery via unvalidated jku parameter
JWT Signature Bypass via None Algorithm
JWT Signature is not Verified
Local File Inclusion
Local File Inclusion (IAST)
MongoDB Operator Injection
No SAML Response Signature Check
Oracle WebLogic Authentication Bypass (CVE-2020-14883)
Out of Band SAML Consumer Service XML Entity Injection
Out of Band SAML Consumer Service XSLT Injection
Out of Band XML External Entity Injection
Out-of-date Version (HSQLDB)
Out-of-date Version (Microsoft SQL Server)
Out-of-date Version (MongoDb)
Out-of-date Version (MySQL)
Out-of-date Version (Oracle)
Out-of-date Version (PostgreSQL)
Out-of-date Version (SQLite)
Password Transmitted over HTTP
Progress MOVEit Transfer SQL Injection
ROBOT Attack Detected (Strong Oracle)
ROBOT Attack Detected (Weak Oracle)
Ruby on Rails File Content Disclosure (CVE-2019-5418)
SAML Response Signature Exclusion
SAML Response Without Signature
Server-Side Request Forgery (Apache Server Status)
Server-Side Request Forgery (AWS)
Server-Side Request Forgery (elmah)
Server-Side Request Forgery (elmah MVC)
Server-Side Request Forgery (MySQL)
Server-Side Request Forgery (SSH)
Server-Side Template Injection (IAST)
Stored Cross-site Scripting
SVN Detected
TorchServe Management API Publicly Exposed
Trace.axd Detected
Unrestricted File Upload