Vulnerabilities

Vulnerability	CWE	Severity
Missing_X-Frame-Options	CWE-1021	MEDIUM
Missing "Strict-Transport-Security" Header	CWE-319	LOW
Missing "Content-Type" Header (Functional Testing)	CWE-16	LOW
Missing "Content-Security-Policy" Security Header (Functional Testing)	CWE-16	LOW
Null Origin Allowed In Cross-Origin Requests	CWE-942	MEDIUM
Missing "X-Content-Type-Options" Response Header	CWE-79	LOW
API Operation Publicly Accessible (Leaky APIs)	CWE-284	MEDIUM
API Operation Publicly Accessible (By Design)	CWE-284	LOW
Azure-hosted API Without Rate Limiting	CWE-400	MEDIUM
RESTful API Discloses "X-Asp-Net-Version" Fingerprinting Header	CWE-200	LOW
RESTful API Discloses - "X-Powered-By" Fingerprinting Header	CWE-200	LOW
Test HTTP Methods	CWE-749	INFO
JWT Authentication Bypass via Flawed Signature Verification	CWE-347	HIGH
Lack of Rate Limiting	CWE-770	MEDIUM
JWT Expiration Time	CWE-613	HIGH
JWT Sensitive Data Disclosure	CWE-311	LOW
Failing Response Time	CWE-400	MEDIUM
Sending JWT in URL Parameters	CWE-384	MEDIUM
Null Value Acceptance	CWE-704	MEDIUM
JWT Authentication Bypass via JWK Header Injection	CWE-347	HIGH
Massive Data on Response	CWE-400	MEDIUM
Sequential IDs Attack	CWE-22	HIGH
Server-Side Request Forgery (SSRF)	CWE-918	HIGH
URL Contains Sensitive Data - IP address	CWE-200	MEDIUM
Mass Assignment - Response Body	CWE-915	MEDIUM
Sensitive Information Disclosure - PII - TCKN	CWE-200	MEDIUM
URL Contains Sensitive Data - TCKN	CWE-200	MEDIUM
URL Contains Sensitive Data - SSN	CWE-200	MEDIUM
URL Contains Sensitive Data - Email	CWE-200	MEDIUM
URL Contains Sensitive Data - Google API Key	CWE-200	MEDIUM
URL Contains Sensitive Data - Credit Card Number	CWE-200	MEDIUM
Improper Input Validation	CWE-20	MEDIUM
Sensitive Information Disclosure - PII - SSN	CWE-200	MEDIUM
Sensitive Information Disclosure - PII - Credit Card Number	CWE-200	MEDIUM
Sensitive Information Disclosure - Google API Key	CWE-200	MEDIUM
Sensitive Information Disclosure - Email	CWE-200	MEDIUM
Sensitive Information Disclosure - Full Path Disclosure	CWE-200	MEDIUM
Improper Assets Management - Version in Endpoint	CWE-937	MEDIUM
Improper Assets Management - Version in Query String	CWE-937	MEDIUM
401&403 Bypass With X-F-F Header	CWE-290	HIGH
Improper Assets Management - Version in HTTP Header	CWE-937	HIGH
CORS (Cross-Origin Resource Sharing)	CWE-942	MEDIUM
Graphql Introspection	CWE-200	LOW
Sensitive Information Disclosure - Internal IP Address	CWE-200	MEDIUM
Information Leakage - Swagger Documentation	CWE-200	LOW
Prototype Pollution via __proto__	CWE-1321	HIGH
Sensitive Information Disclosure - Bitcoin Wallet Address	CWE-200	MEDIUM
Sensitive Information Disclosure - IPv6 Address	CWE-200	MEDIUM
Sensitive Information Disclosure - MAC Address	CWE-200	MEDIUM
Improper Error Handling	CWE-703	HIGH
NoSQL Injection - MongoDB	CWE-943	HIGH
Insecure Direct Object Reference (IDOR)	CWE-639	HIGH
Open Redirect	CWE-601	MEDIUM
HTTP Parameter Pollution	CWE-20	MEDIUM
Missing Referrer-Policy	CWE-200	MEDIUM
Missing Cache-Control	CWE-525	MEDIUM
Missing Clear-Site-Data	CWE-359	MEDIUM
Missing Cross-Origin-Embedder-Policy	CWE-829	HIGH
Missing Cross-Origin-Opener-Policy	CWE-829	HIGH
Missing Cross-Origin-Resource-Policy	CWE-829	HIGH
Missing Permissions-Policy	CWE-284	MEDIUM
Missing X-Permitted-Cross-Domain-Policies	CWE-829	HIGH
Missing X-XSS-Protection	CWE-79	MEDIUM
Information Disclosure via K-Proxy-Request Header	CWE-200	MEDIUM
Information Disclosure via Liferay-Portal Header	CWE-200	MEDIUM
Information Disclosure via OracleCommerceCloud-Version Header	CWE-200	MEDIUM
Information Disclosure via Pega-Host Header	CWE-200	MEDIUM
Information Disclosure via Powered-By Header	CWE-200	LOW
Information Disclosure via Product Header	CWE-200	MEDIUM
Information Disclosure via Server Header	CWE-200	MEDIUM
Information Disclosure via SourceMap Header	CWE-200	HIGH
Information Disclosure via X-AspNetMvc-Version Header	CWE-200	MEDIUM
Information Disclosure via X-Atmosphere-error Header	CWE-209	MEDIUM
Information Disclosure via X-Atmosphere-first-request Header	CWE-200	MEDIUM
Information Disclosure via X-Atmosphere-tracking-id Header	CWE-200	MEDIUM
Information Disclosure via X-B3-ParentSpanId Header	CWE-200	MEDIUM
Information Disclosure via X-B3-Sampled Header	CWE-200	MEDIUM
Information Disclosure via X-B3-SpanId Header	CWE-200	MEDIUM
Information Disclosure via X-B3-TraceId Header	CWE-200	MEDIUM
Information Disclosure via X-BEServer Header	CWE-200	MEDIUM
Information Disclosure via X-Backside-Transport Header	CWE-200	MEDIUM
Information Disclosure via X-CF-Powered-By Header	CWE-200	MEDIUM
Information Disclosure via X-CMS Header	CWE-200	MEDIUM
Information Disclosure via X-CalculatedBETarget Header	CWE-200	MEDIUM
Information Disclosure via X-Cocoon-Version Header	CWE-200	MEDIUM
Information Disclosure via X-Content-Encoded-By Header	CWE-200	MEDIUM
Information Disclosure via X-DiagInfo Header	CWE-209	MEDIUM
Information Disclosure via X-Envoy-Attempt-Count Header	CWE-200	MEDIUM
Information Disclosure via X-Envoy-External-Address Header	CWE-200	MEDIUM
Information Disclosure via X-Envoy-Internal Header	CWE-200	MEDIUM
Information Disclosure via X-Envoy-Original-Dst-Host Header	CWE-200	MEDIUM
X-Envoy-Upstream-Service-Time	CWE-200	MEDIUM
Information Disclosure via X-FEServer Header	CWE-200	MEDIUM
Information Disclosure via X-Framework Header	CWE-200	MEDIUM
Information Disclosure via X-Generated-By Header	CWE-200	MEDIUM
Information Disclosure via X-Generator Header	CWE-200	MEDIUM
Information Disclosure via X-Jitsi-Release Header	CWE-200	MEDIUM
Information Disclosure via X-Joomla-Version Header	CWE-200	MEDIUM
Information Disclosure via X-Kubernetes-PF-FlowSchema-UI Header	CWE-200	MEDIUM
Information Disclosure via X-Kubernetes-PF-PriorityLevel-UID Header	CWE-200	MEDIUM
Information Disclosure via X-LiteSpeed-Cache Header	CWE-200	MEDIUM
Information Disclosure via X-LiteSpeed-Purge Header	CWE-200	MEDIUM
Information Disclosure via X-LiteSpeed-Tag Header	CWE-200	MEDIUM
Information Disclosure via X-LiteSpeed-Vary Header	CWE-200	MEDIUM
Information Disclosure via X-Litespeed-Cache-Control Header	CWE-200	MEDIUM
Information Disclosure via X-Mod-Pagespeed Header	CWE-200	MEDIUM
Information Disclosure via X-Nextjs-Cache Header	CWE-200	MEDIUM
Information Disclosure via X-Nextjs-Matched-Path Header	CWE-200	MEDIUM
Information Disclosure via X-Nextjs-Page Header	CWE-200	MEDIUM
Information Disclosure via X-Nextjs-Redirect Header	CWE-200	MEDIUM
Information Disclosure via X-OWA-Version Header	CWE-200	MEDIUM
Information Disclosure via X-Old-Content-Length Header	CWE-200	MEDIUM
Information Disclosure via X-OneAgent-JS-Injection Header	CWE-200	MEDIUM
Information Disclosure via X-Page-Speed Header	CWE-200	MEDIUM
Information Disclosure via X-Php-Version Header	CWE-200	MEDIUM
Information Disclosure via X-Powered-By-Plesk Header	CWE-200	MEDIUM
Information Disclosure via X-Powered-CMS Header	CWE-200	MEDIUM
Information Disclosure via X-Redirect-By Header	CWE-200	MEDIUM
Information Disclosure via X-Server-Powered-By Header	CWE-200	MEDIUM
Information Disclosure via X-SourceFiles Header	CWE-200	MEDIUM
Information Disclosure via X-SourceMap Header	CWE-200	HIGH
Information Disclosure via X-Turbo-Charged-By Header	CWE-200	MEDIUM
Information Disclosure via X-Umbraco-Version Header	CWE-200	MEDIUM
Information Disclosure via X-Varnish-Backend Header	CWE-200	MEDIUM
Information Disclosure via X-Varnish-Server Header	CWE-200	MEDIUM
Information Disclosure via X-dtAgentId Header	CWE-200	MEDIUM
Information Disclosure via X-dtHealthCheck Header	CWE-200	MEDIUM
Information Disclosure via X-dtInjectedServlet Header	CWE-200	MEDIUM
Information Disclosure via X-ruxit-JS-Agent Header	CWE-200	MEDIUM