Security Research Portal

Vulnerability
Archive

Total Findings

217

Fully Disclosed

Risk Distribution

VULN

Critical (18)

High (27)

Medium (67)

Target Domains

Web176

Network23

Mobile18

Filter By Category

Filter By Severity

Critical

Broken Function Level Authorization (BFLA) via Response Manipulation (CWE-285, CWE-602)

Web

Critical

Broken Object Level Authorization (BOLA) Leading to Severe Data & Credential Leaks (CWE-284, CWE-319, CWE-532)

Web

Critical

Broken Authentication & IDOR on Workflow APIs (CWE-284, CWE-639)

Web

Critical

Unauthenticated Admin Account Takeover via Profile Update (CWE-284)

Web

Critical

Massive Data Leakage via Profile Retrieval (CWE-200, CWE-284)

Web

Critical

SQL Injection Leads Database Exfiltration (CWE-89)

Web

Critical

Broken Function Level Authorization Leads to Unauthenticated Account Takeover (CWE-306)

Web

Critical

Time Based SQL Injection Leads Database Exfiltration CWE-89

Web

Critical

Broken Authentication (Unauthenticated Backend API Access) On Multiple Endpoints (CWE-287)

Web

Critical

Unfinished Konga Administration Portal Installation

Web

Vulnerability Archive

Broken Function Level Authorization (BFLA) via Response Manipulation (CWE-285, CWE-602)

Broken Object Level Authorization (BOLA) Leading to Severe Data & Credential Leaks (CWE-284, CWE-319, CWE-532)

Broken Authentication & IDOR on Workflow APIs (CWE-284, CWE-639)

Unauthenticated Admin Account Takeover via Profile Update (CWE-284)

Massive Data Leakage via Profile Retrieval (CWE-200, CWE-284)

SQL Injection Leads Database Exfiltration (CWE-89)

Broken Function Level Authorization Leads to Unauthenticated Account Takeover (CWE-306)

Time Based SQL Injection Leads Database Exfiltration CWE-89

Broken Authentication (Unauthenticated Backend API Access) On Multiple Endpoints (CWE-287)

Unfinished Konga Administration Portal Installation

Vulnerability
Archive